Skip to Content.
Sympa Menu

grouper-users - [grouper-users] IMPORTANT: Grouper security vulnerability

Subject: Grouper Users - Open Discussion List

List archive

[grouper-users] IMPORTANT: Grouper security vulnerability


Chronological Thread 
  • From: Chris Hyzer <>
  • To: "" <>
  • Subject: [grouper-users] IMPORTANT: Grouper security vulnerability
  • Date: Tue, 25 Jun 2024 17:34:31 +0000 (UTC)

If you are running Grouper v5.5 and previous using LDAP Authentication you MAY be affected.  Grouper v5.6+ is not affected.There is a serious security vulnerability if you are using Grouper with LDAP authentication and the LDAP is deployed or configured in a certain manner.  Generally, this vulnerability is with Grouper Web Services though it is possible to affect the User Interface.  If you are affected, you can remediate in one of three ways: configure your LDAP to address the issue, upgrade Grouper, or apply a patch to your container.Read this wiki article about public details of the vulnerability. Check the same wiki for future updates.If you have questions or would like to review the specifics and testing information, send a direct slack message to Chris Hyzer, the project lead (request to join InCommon SLACK).  If you are not a member of the InCommon SLACK Workspace, or do not wish to join that workspace, then email .

Thank you,

Chris Hyzer on behalf of the Grouper project



  • [grouper-users] IMPORTANT: Grouper security vulnerability, Chris Hyzer, 06/25/2024

Archive powered by MHonArc 2.6.24.

Top of Page