Released on February 7th 2019

New Features

ECA-3076 - Detect and audit log when an administrator logs out of the CA Web UI

ECA-6777 - Create new DB column for storing CSR in CertificateData

ECA-7225 - Note in approvals that values have been changed from the default

ECA-7256 - Allow the creation of unenrolled EEs from the RA Web

ECA-7339 - PSD2 ASN.1 module and API code

ECA-7383 - Core API support for multi-value RDN and End Entity Profile validation of multi-value RDNs

ECA-7401 - Implement ConfigDump export for MultiGroupPublisher

ECA-7413 - Add SHA348withRSAandMGF1 and SHA512withRSAandMGF1 to the list of selectable signature algorithms

ECA-7414 - Make EJBCA build with Java 11

ECA-7419 - Can't paste ACME root anchor with tabs

ECA-7440 - Configdump exports parts of ACME configuration even if excluded

ECA-7444 - User Data Source access control does not let superadmins select "Any CA"

ECA-7470 - Possibility to add array values in edit CA CLI

ECA-7539 - Add subcommand to clientToolBox to interact with database over pure JDBC

ECA-7556 - ClientToolBox command for running a health check

ECA-7562 - Add WS CLI method to get remaining number of approvals

ECA-7586 - Implement a session timeout from the CA Web UI

Improvements

ECA-3724 - Convert Certificate Profiles pages to JSF

ECA-4348 - Remove remaining NetID integration code

ECA-4377 - CertTools.isCertificateValid logging refers to OCSP.

ECA-4630 - Convert Edit End Entity Profile page to JSF

ECA-5804 - Make ApprovalSessionTest less timing sensetive

ECA-5851 - Convert Certificate Authority pages to JSF

ECA-5932 - Upgrade bundled Hibernate jars

ECA-6210 - Stop using Ejb3Configuration in DatabaseSchemaScriptCommand

ECA-6801 - Convert EJBCA Home page to JSF

ECA-6802 - Convert CA Activation Page to JSF

ECA-6803 - Convert CA Structure & CRLs page to JSF

ECA-6804 - Convert Edit Crypto Tokens page to XHTML

ECA-6805 - Convert Manage Crypto Tokens page to XHTML

ECA-6806 - Convert Manage Publishers page to JSF

ECA-6807 - Convert Edit Publishers page to JSF

ECA-6808 - Convert Manage End Entity Profiles page to JSF

ECA-6810 - Convert Manage User Data Sources page to JSF

ECA-6811 - Convert Edit User Data Source page to JSF

ECA-6812 - Convert Manage Hard Token Issuers page to JSF

ECA-6813 - Convert Edit Hard Token Issuers page to JSF

ECA-6816 - Convert Manage Approval Profiles page to XHTML

ECA-6817 - Convert Edit Approval Profile page to XHTML

ECA-6818 - Convert Audit Log page to XHTML

ECA-6819 - Convert Manage Keybindings page to XHTML

ECA-6820 - Convert Edit Keybindings page to XHTML

ECA-6821 - Convert Manage Peer Connectors page to XHTML

ECA-6822 - Convert Edit Peer Connectors page to XHTML

ECA-6824 - Convert Manage Services page to XHTML

ECA-6825 - Convert Edit Services page to XHTML

ECA-6826 - Convert Manage CMP Aliases page to JSF

ECA-6827 - Convert Edit CMP Alias page to JSF

ECA-6828 - Convert Manage EST Aliases page to JSF

ECA-6829 - Convert Edit EST Alias page to JSF

ECA-6830 - Convert Manage SCEP aliases page to XHTML

ECA-6831 - Convert Manage SCEP alias page to XHTML

ECA-6832 - Convert System Configuration page to XHTML

ECA-6833 - Convert Preferences page to JSF

ECA-7263 - Remove "Administration" title from CA UI

ECA-7276 - Database CLI import from XML format

ECA-7284 - Fix broken web tests for JSF conversion

ECA-7289 - Improvements to Certificate Transparency section in certificate profiles

ECA-7292 - Add proper error handling for JSF

ECA-7298 - EJBCA CLI's "Merge CA Tokens" leaves unused crypto tokens behind

ECA-7312 - Increase initial size of ProtectionStringBuilder for Certificate Profiles to avoid unessecary warnings in debug log

ECA-7313 - Change mime type for CRLs from application/x-x509-crl to application/pkix-crl as defined in RFC5280

ECA-7314 - Implement "Custom Certificate Extension Data" field for RA enrollment

ECA-7315 - findCertificatesByExpireTime API calls, CLI and RA UI, should not return already expired certificates

ECA-7317 - SCEP error messages when CA can not be found are not complete

ECA-7325 - Extend tests for Custom Certificate Extensions

ECA-7327 - Convert viewcainfo.jsp and viewcertificate.jsp popUps to jsf

ECA-7334 - Review End Entity Profiles UI Tests

ECA-7343 - Refactor org.ejbca.webtest.helper.CaHelper

ECA-7344 - Refactor org.ejbca.webtest.helper.AdminRolesHelper

ECA-7348 - Introduce a CaStructureHelper for UI tests

ECA-7355 - Review Convert CA Structure & CRLs UI tests

ECA-7356 - Introduce an ApprovalProfilesHelper for UI tests

ECA-7357 - Review Approval Profiles UI tests

ECA-7362 - Review Administrator Roles UI Tests

ECA-7365 - Add a Jenkins job for EJBCA UI Tests

ECA-7367 - Acme must be in status unavailable under System Configuration (community edition)

ECA-7371 - Usage of sun.security.pkcs11 is not allowed when compiling in Java 11

ECA-7375 - Crypto Tokens page messages are displayed twice.

ECA-7380 - Missing space between 'Title' and '?' in Manage Crypto Tokens page

ECA-7421 - configdump module's unit tests are not collected by Jenkins unit tests job 'EJBCA_TRUNK_UNIT_PUPPET'

ECA-7423 - Failing tests of org.ejbca.configdump.core.ConfigdumpCoreUnitTest

ECA-7437 - Clean up unused imports, parameterize, remove unused variables ect.

ECA-7456 - VendorAuthenticationTest.test01_3GPPMode depends on server time zone

ECA-7471 - Allow system tests to run with EJBCA not on localhost

ECA-7491 - Use relative URLs in AdminGUI

ECA-7492 - Fun refactoring task - WebLanguages class uses property arrays, but should be remade in more OOP way

ECA-7508 - EJBCA-CLI: Do not add duplicate role members

ECA-7514 - Fix failing tests in EjbcaRestHelperUnitTest

ECA-7518 - Allow tests to run with TLS certificates not issued by ManagementCA

ECA-7522 - Add proper configuration to jenkins-files/*/conf/

ECA-7527 - Investigate and fix ACME failing tests in trunk

ECA-7530 - Convert ACME Configuration page to xhtml

ECA-7531 - Convert ACME Alias Configuration page to xhtml

ECA-7532 - Add Deviation List Signer Extended Key Usage

ECA-7537 - Simplify and improve configuration of CMP tests

ECA-7541 - Change CT log policy labels to not use mathematical symbols

ECA-7546 - Make API and log use of requestID and approvalID consistent and easier to understand

ECA-7547 - Allow OCSP KeyBinding certificate without Key Usage

ECA-7555 - Acme SystemTest(s) failure for 6.15X EJBCA_TRUNK_DB2V105_UBUNTU1204_JBOSSEAP61_PUPPET jenkins job

ECA-7557 - Fix failing CMP TCP system tests

ECA-7563 - Separate out EjbcaWSTest.test02FindUser into its own test class

ECA-7566 - EjbcaWS.findUser() does not work for subjectEmail

ECA-7567 - Allow browser binary to be configured for Web Tests

ECA-7573 - Improve error handling and remove dead code in AdminWeb

ECA-7574 - Convert Approval Actions page to XHTML

ECA-7575 - Convert Approval Action page to XHTML

ECA-7576 - Clarifications in the Multi Group Publisher documentation

ECA-7579 - Editing EE functionality in RA Web is hidden behind the View-button

ECA-7594 - fun refactoring task: ViewCertificateManagedBean parseRequest method needs the button control logic refactored out into their own methods

ECA-7604 - Get rid of PublisherDataHandler class

ECA-7605 - Fix admin-gui build.xml

ECA-7609 - Clear hibernate cache in ejbca-db-cli to avoid high memory usage

ECA-7612 - VendorAuthenticationTest test case fail in Jenkins

ECA-7614 - Implement ECAQA-196 test scenario.

ECA-7616 - Code refactoring in MultiGroup Publisher Data class.

ECA-7625 - Stop using System.lineSeparator, except for writing to files or pipes

ECA-7634 - ACME test improvements

ECA-7636 - Update system requirements in documentation

ECA-7642 - WebEjbcaClearCacheTest should be skipped if not running on localhost

ECA-7643 - EjbcaWSTest should not use hardcoded "superadmin" user

ECA-7644 - EJBCA ziprelease should not include scripts from jenkins-files

ECA-7645 - CrmfRAPbeRequestTest fails on community edition

ECA-7648 - EE_COS7_OpenJDK8_WF10_NOHSM_DB2 job failure

ECA-7649 - POC Automate profiles installation for Firefox

ECA-7650 - Ability to upload CT log key in raw B64 format

ECA-7658 - Use white-list instead of black-list of allowed HTTP methods in web.xml

ECA-7679 - PeerConnectionsTest uses TLSv1, but should use TLSv1.2

ECA-7680 - PatternLoggers should check if log level is enabled before doing work

ECA-7682 - PeerConnectionsTest.testPublishCertificate should inform about prerequisite in failure message

ECA-7684 - Typo in error message on 'View Certificate' page

ECA-7689 - Update web.xml to Servlet 3.1 use correct JSF 2.2 schema in faces-config.xml

ECA-7692 - Add CSRs for unit testing the RSA Key Validator

ECA-7694 - Modify application.xml to reflect new JEE7 version

ECA-7696 - Add method to get filename from uploaded file

ECA-7701 - Upgrade persistence.xml to JEE7

ECA-7705 - AutoEnrollment Documentation Improvement

ECA-7707 - HttpMethodsTest.testDocs should not fail if internal docs are not used

ECA-7738 - JDK11 Compliance: Patch CESeCore with provider fix from DSSINTER-289

ECA-7740 - Simplify ant build scripts to cut build time

ECA-7755 - The copyright year should be updated to include 2019

ECA-7761 - Minor security improvement

Bug Fixes

ECA-6865 - Failure to publish to a Peer Publisher gives no error message in log in some cases

ECA-7013 - RA Style is deselected while modifying access rules

ECA-7269 - Regression: JSF errors on JBoss AS 7.1.1

ECA-7273 - Certificate profiles appear to be (but aren't) editable for an Auditor

ECA-7282 - Poor error message for incorrectly formatted CT public keys: "Extra Data Detected in Stream"

ECA-7285 - Add HEAD request for the endpoint revokeCert

ECA-7286 - Fix NPE which happens when de-registering account with certbot

ECA-7326 - Bound Certificate under Internal Key Binding is displayed wrongly

ECA-7329 - NPE when you click on 'Republish' button on View Certificate page under Authentication Key Binding

ECA-7332 - OCSP Extensions configurations is applied to the newly created ones

ECA-7338 - Regression: clearPwd flag on WS editUser does not work

ECA-7342 - Check for legal characters is not working for some pages

ECA-7366 - dncomponents.properties.sample order of orgaizationIdentifier differs from default in DnCompoonents.java

ECA-7370 - ServiceManifestBuilder does not run with Java 11

ECA-7378 - PublicWeb check certificate status inly works with 8 octet cert serialNumber

ECA-7379 - Regression: throwing checked Exceptions from postConstruct is not allowed in JEE spec

ECA-7404 - CA Activation backlink broken

ECA-7433 - Dry-run parameter not respected when importing validators using Statedump

ECA-7434 - Add modular protocol configuration to Statedump

ECA-7438 - NullPointerException in some Adminweb pages if External Script Access is disabled and you have Custom Publishers

ECA-7443 - CAs and Fields in User Data Sources are stored as strings, causing ClassCastException

ECA-7445 - Missing exclude option for Validators in Statedump

ECA-7460 - NPE when importing a CA where a previous certificate exists without expireDate

ECA-7480 - When creating an EndEntity in RA Web and delete_end_entity accessrule is disabled, the process ends incorrectly with success but end entity is not created

ECA-7499 - java.lang.IllegalStateException when using browser back/forward button

ECA-7500 - Certificate Request Generated despite choosing the wrong format

ECA-7511 - EjbcaWSHelperSessionBean.caRenewCertRequest lacks an null check

ECA-7516 - Investigate and fix duplicate ID exception in editservice.xhtml

ECA-7523 - Test failures in ProtocolOcspHttpTest due do missing cleanup

ECA-7524 - Regression: HttpMethodsTest fail because of unexpected HTTP header value

ECA-7525 - Domestic / Non-external CVCA/DVCA do not have the expiration field set

ECA-7529 - OcspExtensionsTest fails on community edition

ECA-7533 - Fix WS documentation for isApproved and getRemainingNumberOfApprovals

ECA-7534 - DnFieldDumpHandler missing DnFieldExtractor.URI in Map.

ECA-7535 - Regression: Upgrade of customcertextensions.properties fails

ECA-7536 - CertificateCrlReaderSystemTest fails on Windows

ECA-7540 - Importing a CVCA certificate with error triggers CSRF error

ECA-7543 - CertSafePublisherTest fails on Windows due to line endings

ECA-7544 - Fix UpgradePublisherTest

ECA-7550 - Missing label and fields cleared erroneously in Edit Services page

ECA-7552 - StatedumpTest should use systemtests.properties

ECA-7558 - Admin Web returns redundant security headers

ECA-7568 - OCSP unathorized (6) error adds blank line to OCSP transaction log

ECA-7572 - Publisher queue status on home page looks weird since JSF conversion

ECA-7583 - Regression: Errors when creating a CA are not handled

ECA-7584 - USERAUTH fail when publishing with the SCP Publisher

ECA-7587 - Fix NPE when exception lacks an error message

ECA-7591 - Configdump CA is missing support for getLatestSubjectDN

ECA-7595 - UpgradeSessionBeanTest.testUpgradeOcspExtensions6120 fails intermittently

ECA-7599 - AcmeConfigurationAndValidationSystemTest.leaveRevocationReasonUnchanged fails intermittently

ECA-7611 - Fix validity field in Edit CA page

ECA-7613 - CertificateCrlReaderSystemTest fails intermittently

ECA-7615 - Multigroup publisher errors handled incorrectly after conversion

ECA-7624 - Fix ConfigdumpValidatorUnitTest and YamlWriterUnitTest

ECA-7628 - configdump change causes test build failure in CE

ECA-7631 - Typo in Error message

ECA-7632 - RA Web enrollment, End entity removed if finishUser is unchecked in the CA

ECA-7647 - 'Receive Certificate Response' does not work for Externally signed CA

ECA-7662 - SecurityEvents*SessionBeanTest fails on H2 dues to use of ORDER in DELETE

ECA-7663 - CertificateRetrievalTest.test09FindWithMissingCertData assumes database.useSeparateCertificateTable=false

ECA-7665 - OutgoingPeerConnectionTest fails intermittently

ECA-7667 - Invalid single quotes in language file

ECA-7669 - The certificate link of an 'EJBCA Node Start' row in the Audit Log does not work

ECA-7676 - Nullcheck would have been NPE in BlacklistEntry

ECA-7677 - PeerConnectionsTest is missing slf4j runtime dependency

ECA-7697 - Regression: Default 'RA-Administrator' and 'Supervisor' roles gets 'Authorization Denied Cause: You are not authorized to view this page.'

ECA-7698 - Update example URL for external documentation

ECA-7699 - Can't access Admin web index page without /ca_functionality/view_ca access

ECA-7712 - Cannot save end entity profile where End Entity E-mail is disabled

ECA-7715 - Regression: Peer connectors cached in browser session not updated when cloning

ECA-7716 - Replace invalid double quotes in language files

ECA-7721 - Regression: CMP RA Name Generation Scheme don't use language strings anymore

ECA-7723 - Can't check "Critical" checkboxes on Edit CA page

ECA-7726 - Non-informative error message on Edit EST Aliases page

ECA-7730 - Clicking Logout in Adminweb gives NumberFormatException

ECA-7735 - Cloning a peer connector does not clone the flag for process incoming requests

ECA-7737 - Certificate of type "Sub CA" can't be published

ECA-7741 - Update tag library schemas for JEE7 in AdminWeb

ECA-7742 - CAA Validator fails DNSSEC validation for CH domains

ECA-7760 - ScpPublisher: Destination URL for certificates saved as crl.scp.destination and vice versa

ECA-7767 - Configdump validator export can fail with NPE

ECA-7769 - Fix warnings from DB CLI

Tasks

ECA-6864 - Set up a Jenkins instance to test JDK8/Wildfly10 using Docker

ECA-7261 - Map which ECAQA automatic tests which need to be remapped

ECA-7275 - Test ACME wildcard cert issuance and pre-authorization with certbot.

ECA-7331 - Verify if Swagger UI for works for ACME API. If it does, add documentation to confluence. If not, hide the ACME part from swaggerUI

ECA-7545 - New Docker job on Jenkins - EE_COS7_OpenJDK8_WF10_NOHSM_DB2

ECA-7551 - Exploratory testing on CMP configuration page

ECA-7695 - Update persistence.xml and orm-dbtype.xml to reflect JEE7 version

ECA-7763 - Test upgrade from 6.15.0 to 7.0.0

ECA-7768 - Update readme with license information for Hibernate jars