Considerations

This topic describes considerations to take into account when upgrading your PAM - Self-Hosted environment.

Overview

Before upgrading, map your existing Vault implementation and environment. This ensures that you include all the relevant components in the upgrade and are aware of each component’s upgrade status and any backward compatibility issues. For more information about component compatibility, see Vault, PVWA, and component version compatibility .

 

Before installing or upgrading, ensure that your system still complies with security requirements. To learn more, see Security Fundamentals.

To view a list of the components that the PAM - Self-Hosted solution supports, and their various combinations, see System Requirements.

Upgrade version compatibility

The following table lists the versions that you can upgrade to based on your current installed version.

  • To upgrade to a newer version that is not included in the list of supported upgradable versions, you need to upgrade twice. First, to the latest upgradable supported version of your existing version, and then to the target version that you want. For example, if version 10.7 is currently deployed and you want to upgrade to version 12.2, you can first upgrade to version 12.0 (the last supported upgradable version for version 10.7), and then to version 12.2.

  • As a best practice, when applicable, first upgrade to the latest LTS version that is the closest major version to your installed version, and then upgrade to the latest LTS version. For example, if your installed version is 10.7, upgrade to 10.10 first, and then upgrade to version 12.2.

Version

Last supported upgradable version

Comments

13.2

 

 

13.0

 

 

12.6 (*LTS)

 

  • Any 12.6.x version can be upgraded to a later 12.6.x patch version

  • When upgrading to a later LTS version, version 12.6.10 and later must be upgraded to at least version 13.2 or later

12.2 (*LTS)

 

Any 12.2.x version can be upgraded to a later 12.2.x patch version.

When upgrading to a later LTS version:

  • Version 12.2.15 and later must be upgraded to at least version 12.6.10 or 13.2 or later

  • Version 12.2.11 and later must be upgraded to at least version 12.6.6 or 13.2 or later

  • Version 12.2.8 and later must be upgraded to at least version 12.6.3 or 13.2 or later

12.0

12.6.0

 

11.7

12.6.0

 

11.6

12.6.0

 

11.5 (*LTS)

13.2.0 (All other components)

13.0.0 (Vault only)

  • Version 11.5.3 - version 11.5.6 must be upgraded to at least version 12.1.0

  • Version 11.5.7 and higher must be upgraded to at least version 12.2.2

10.10 (*LTS)

12.6.0

Version 10.10.6 and higher must be upgraded to at least the latest version 11.5 patch or version 12.1.0

10.5 (*LTS)

12.2.0

Version 10.5.4 and higher must be upgraded to at least version 12.1.0

*For more information about version support levels, see the CyberArk End-of-Life Policy.

Upgrade from a CyberArk End-of-life PAM - Self-Hosted version

The following table lists the last version you can upgrade to from CyberArk End-of-life PAM - Self-Hosted versions that are no longer supported.

Version

Last supported upgradable version

12.1

12.2.0

11.4

12.2.0

11.3

12.2.0

11.2

12.2.0

11.1

12.2.0

10.9

12.1.0

10.8

12.1.0

10.7

12.0.0

10.6

11.7.0

10.4

11.5.0

10.3

11.4.0

10.2

11.2.0

10.1

11.2.0

9.9.5

10.10.0

9.9

10.8.0

9.10

11.7.0