This document outlines the detailed procedure for upgrading your system to Cequence Unified API protection (UAP) platform version 8.4.0 and rolling back if necessary.
Pre-upgrade checklist
Verify the following conditions before proceeding with the upgrade.
- Current system is on Cequence Unified API Protection (UAP) platform 8.2.0 or later.
- Defender is on version 5.8.0.
Upgrade procedure
Export configuration
Export all current configurations before starting the upgrade.
Upgrade UAP to 8.4.0
Run the Helm upgrade command to deploy version 8.4.0. Monitor the upgrade process as pods are recreated and verify that all components complete successfully.
The airflow-webserver pod sometimes enters CrashLoopBackOff status. If this occurs, delete the pod to allow it to restart automatically.
Post-upgrade verification
After the upgrade completes, verify the following.
- All pods are running properly.
- The Cequence UAP platform version has updated correctly.
- System logs contain no errors or warnings.
Monitoring period
Monitor system performance for several hours after the upgrade completes. Check for error logs or unusual behavior and verify that all components function correctly.
Rollback procedure
Follow these steps to roll back to version 8.2.x if issues are detected during or after the upgrade.
Downgrade to 8.2.x
Run the Helm upgrade command with the version specification set to 8.2.x. Monitor the downgrade process and verify that all components complete successfully.
The airflow-webserver pod sometimes enters CrashLoopBackOff status. If this occurs, delete the pod to allow it to restart automatically.
Post-rollback verification
After the downgrade completes, verify the following.
- All pods are running properly.
- The Cequence UAP platform version has downgraded correctly to 8.2.0 or later.
- System logs contain no errors or warnings.
Import exported configuration
Import the configuration exported before starting the upgrade.
Expected behavior after rollback (before configuration import)
After downgrading to version 8.2.0, aggregate pivots created for dynamic fingerprint algorithms remain present. Any configurations created in version 8.4.0 that reference dynamic fingerprint may cause errors.
The following cases may occur.
- Data exports configured with dynamic fingerprint as the export field display a blank field.
- Custom aggregate pivots created with dynamic fingerprint algorithm pivot variables display errors on the aggregate pivots screen.
- User preferences saved with dynamic fingerprint options throw errors when retrieving user-preferences (for example, grouping by dynamic fingerprint on the detection dashboard).
- Mitigation policies created with dynamic fingerprint as the action field default to fingerprint.
- Mitigation policies created with challenge as the action field display an empty action value.
- Data exports configured with challenge as the event criteria display a blank field when edited.
- HTML template parameters do not pass to defender and display blank on the user interface.
After importing the exported configuration, most issues resolve. However, aggregate pivots do not revert to their default state, and multiple dynamic fingerprint configurations persist. This results in recurring errors on the aggregate pivots screen.