Released on the 29th of April 2019

New Features

ECA-961 - Partitioning of large CRLs by number of issued certificates

ECA-7384 - Protocol (WS/CMP/REST/CLI) support for issuing with multi-value RDNs

ECA-7474 - GUI support to enable/disable multi-value RDNs in End Entity Profiles

ECA-7785 - New validator phase that will run before using the CA private key to sign the tbsCertificate

ECA-7815 - Selenium tests for Domain Blacklist Validator

ECA-7906 - Remove CA related UI parts from RA/UI builds.

ECA-7907 - Rendering conditions for "Certificate Authority" page on different builds

ECA-7909 - Hide unusable commands from EJBCA CLI (ejbca.sh)

ECA-7910 - Create separate module for X509CA

ECA-7911 - Split X509 CA into common and build specific parts

ECA-7912 - Create new ant target for RA/VA ziprelease

ECA-7921 - Configdump support for Domain Blacklist Validator

ECA-7934 - Add CRL partition index column in certificate tables

ECA-7935 - Add crlPartitionIndex column in CRLData

ECA-7936 - Add partition configuration in X509CAInfo

ECA-7937 - User interface for configuration of CA CRL partitioning

ECA-7938 - Add documentation for partitioned CRL configuration

ECA-7939 - Update X509CA.generateCRL function to handle partitioned CRLs

ECA-7940 - Assign certificates to CRL partitions upon issuance or import

ECA-7941 - Show available CRL URLs if partitioning is used, in Edit CA page

ECA-7942 - Method generating partitioned CRL CDP URLs

ECA-7945 - Perform regression testing for certificate issuance with and without CRL partitioning

ECA-7946 - Add extensive system test of CRL partitioning

ECA-7953 - Allow for the export of single CP/EEPs

ECA-7962 - Make "ca republish" CLI command work with partitioned CRL

ECA-7963 - Update CRL Download Service to handle Partitioned CRLs

ECA-7964 - Create a separate module for CVC CA

ECA-7966 - RA-API, WS and REST support for Partitioned CRLs

ECA-8030 - Add YubiHSM2 P11 library to known P11 libraries

ECA-8048 - Add support for Partitioned CRLs in CertDistServlet, GetCRLServlet and CRLStoreServlet

ECA-8052 - Partitioned CRLs should not be allowed without "Issuing Distribution Point" CRL extension

Tasks

ECA-7385 - Document multi value RDN behavior for 'Subset of Subject DN' (not working with multi-value)

ECA-7389 - Document Administrator matching of multi-valued RDNs

ECA-7435 - Java 11: ClassNotFoundException: org.apache.geronimo.osgi.locator.ProviderLocator from WS Tests

ECA-7766 - Create a Jenkins job for testing Oracle DB

ECA-7825 - Java 11: ejbca-db-cli uses endorsed.dirs which is not supported in java 11

ECA-7857 - Create a Jenkins job for testing openJdk11

ECA-7892 - Make validationtool tests runnable

ECA-7904 - Investigate what to remove from Admin Web in RA/VA builds

ECA-7913 - Document changes RA / VA / CA builds.

ECA-7944 - Exploratory testing

ECA-7956 - Refactoring ExternalProcessTools.writeTemporaryFileToDisk for readability

ECA-7970 - Update changelog summary

ECA-7987 - Clarify documentation of fixed octet random serial number generator

ECA-7990 - Remove usage of SecureRandom from test cases to avoid copy-paste

ECA-8026 - Create Jenkins jobs for limited RA / VA builds

ECA-8027 - Fix remaining failures for Selenium tests in Jenkins

ECA-8034 - Upgrade testing of Partitioned CRL

ECA-8045 - Exemplify of the Required flag for custom certificate extensions

ECA-8050 - Add to CRL documentation - expired certs not included in new CRL

ECA-8058 - Fix EcaQa198 selenium test fail in Jenkins.

Improvements

ECA-7272 - Security verification

ECA-7391 - Only show CA-related approvals in CA Web (and vice versa)

ECA-7418 - Java 11: Xerces throws ClassNotFoundException: org.w3c.dom.ls.DocumentLS

ECA-7521 - User must fix malformed file when making cert request.

ECA-7554 - POC of Jenkins warnings job to analyze the code style/quality/shape

ECA-7593 - Add ClientToolBoxTest in new Jenkins

ECA-7596 - Unification and consolidation of dockers' shell scripts

ECA-7622 - Ability to edit token type in the RA Web

ECA-7722 - Minor usability improvements on Edit CA page

ECA-7797 - Upgrade JAX-RS 2.0 related libraries, correct swagger ACME generation and rely more on app server's JAX-RS implementation

ECA-7798 - Unit tests for the Configuration Checker

ECA-7853 - Change default digest alg of CMP request and response messages to SHA256

ECA-7884 - System test for copying DNSName from CN over WS

ECA-7902 - Add ExtentReport Plugin

ECA-7954 - Replace "Export profiles..."-links from profiles pages with buttons.

ECA-7957 - Improve error message when pinging an unknown peer system

ECA-7965 - Document CertTools.verify behavior for bad params with JUnit test

ECA-7975 - Avoid using two executors for Jenkins jobs

ECA-7986 - Better validation message when CAA validator is running on a certificate without dNSNames

ECA-7997 - Translate the RA web to Swedish

ECA-8000 - External Command Validator output not forwarded to EJBCAWS

ECA-8011 - Make crlPartitionIndex nullable instead of DEFAULT 0

ECA-8013 - Upgrade BC to 1.61

ECA-8016 - Database publishing of partitioned CRLs

ECA-8029 - Remove Hard Tokens, Hard Token Profiles and Hard Token Issuers from EJBCA

ECA-8097 - Selenium test for CA with incorrect Partitioned CRL settings

ECA-8101 - Upgrade notes for partitioned CRLs

ECA-8103 - CRL Update Worker should handle partitioned CRLs

ECA-8107 - Change terminology for "retired CRL partitions"

ECA-8109 - CRL partition fields in new CA page appear after changing Crypto Token

ECA-8110 - Document that CRL partition 0 gets URL without partition number

Bug Fixes

ECA-7626 - Fix out of memory issues on new Jenkins

ECA-7731 - Subject AltName does not appear in the RA Web when Subject DN is not used

ECA-7733 - Security Fix

ECA-7753 - Selenium Docker Jenkins followup ticket - NoInitialContextException: Need to specify class name in environment or system property

ECA-7841 - Regression: Missing JAXB in JDK11 and lack of bundled API JAR causes complication error for Acme classes

ECA-7868 - Regression: CA names in Edit End Entity Profile page should be sorted

ECA-7915 - Unexpected error while using Create Authenticated Certificate Signing Request in CA page

ECA-7929 - Fingerprints downloaded from the RA Web are scrambled

ECA-7952 - Some rules not applied when creating a role from the RA Web

ECA-7958 - New fields in X509CAInfo should be added to configdump

ECA-7973 - Clicking Test Command twice in External Command Certificate Validator gives exception

ECA-7974 - Community Edition build broken in trunk

ECA-7977 - CRL Downloader can't handle entries with extensions, but no reason code

ECA-7984 - Jenkins not cleaning up temporary fles

ECA-7985 - Unit tests do not respect tests.jvmargs

ECA-7989 - Possible race condition in SerialNumberGenerator with different CAs use different octet sizes

ECA-7991 - Make ApprovalSessionTest reliable

ECA-8002 - CRL Partition: CA does not retain CRL Partition settings

ECA-8004 - List of validators in certificate profiles is not sorted

ECA-8005 - NPE when trying to change ca token of a non existing CA

ECA-8010 - JBoss CLI on Jenkins uses too much memory on Jenkins

ECA-8012 - Regression: Delegated key pair generation doesn't work with RA-Gui enrollment

ECA-8014 - Trivial typo in revoke end entity reason codes

ECA-8015 - Exception in Admin UI trying to view a crypto token configured with a non-existing P11 library file

ECA-8018 - For Signed CMP messages, signed error message may not be signed with the expected signature for some errors

ECA-8023 - Update the default key aliases when importing keystores

ECA-8040 - Regression: End Entity Profiles ZIP file with directory cannot be imported

ECA-8042 - Cannot create CA with 'Use CRL partitions' option checked

ECA-8046 - Jenkins jobs use the same name for docker resources

ECA-8047 - Regression: Some End Entity Profiles ZIP files cannot be imported

ECA-8054 - Some classes still try to instantiate EjbcaWebBean

ECA-8055 - Log errors at initialization failure of EjbcaWebBeanImpl

ECA-8061 - Creating a CA using CRL Partition gives EntityExistsException

ECA-8062 - EST reenrollment fails if the DN includes more components than CN

ECA-8063 - ExtRAMessagesTest does not compile

ECA-8072 - CaRenewCACommandTest stops working after 2019-04-15

ECA-8075 - The "Generate" buttons do not include the "&partition=*" if using Partitioned CRLs in a new CA

ECA-8083 - Certification Authorities: Creating new CA with CRL Partitions fails

ECA-8085 - Fix potential race condition in REST initialization found by PMD

ECA-8087 - Unable to create CA with CRL Partitions

ECA-8090 - Certificate created with "use partitions" CA has 0 as crlPartitionindex

ECA-8095- Null pointer exception when a certificate profile uses CA defined AIA values, but the CA has defined none

ECA-8105- Regression: Cannot edit approval requests in RA-web

ECA-8111- SoftHSM directory has wrong owner on Jenkins