Grouper Announcements and News

[Chris Hyzer <>]

If you are running Grouper v5.5 and previous using LDAP Authentication you MAY be affected.  Grouper v5.6+ is not affected.

There is a serious security vulnerability if you are using Grouper with LDAP authentication and the LDAP is deployed or configured in a certain manner.  Generally, this vulnerability is with Grouper Web Services though it is possible to affect the User Interface.  If you are affected, you can remediate in one of three ways: configure your LDAP to address the issue, upgrade Grouper, or apply a patch to your container.Read this wiki article about public details of the vulnerability. Check the same wiki for future updates.If you have questions or would like to review the specifics and testing information, send a direct slack message to Chris Hyzer, the project lead (request to join InCommon SLACK).  If you are not a member of the InCommon SLACK Workspace, or do not wish to join that workspace, then email .

Thank you,

Chris Hyzer on behalf of the Grouper project