Issues Resolved in 7.4.3
Released October 2020
New Features
ECA-5333 - Ability to search for approval requests by part of Subject DN / or e-mail
ECA-7994 - Not possible to request CVC certificates in RA web
ECA-8845 - Planning of grab new installations issue
ECA-9237 - Authentication path for OAuth in CA UI
ECA-9239 - Authentication path for OAuth in RA web
ECA-9240 - Ability to manage OAuth keys via AdminWeb
ECA-9241 - Ability to manage OAuth keys via CLI
ECA-9333 - REST API commands for End Entity Management
ECA-9337 - Landing page for "grab new installation"
ECA-9346 - CLI support to create new CA with AWS/Azure KMS crypto token (ejbca.sh ca init)
ECA-9350 - Authentication path for OAuth in WebService and REST API
ECA-9351 - Ability to configure default OAuth key
ECA-9376 - Add language strings for OAuth in RA Web
ECA-9421 - Add entry for Trident HSM to web.properties defaults
ECA-9431 - System test of URL access with JWT Bearer token
ECA-9450 - Add OAuth support to AuthenticationFilter
ECA-9451 - Add OAuth support to JSP pages
ECA-9453 - Make it possible to ask the healthcheck servlet which VAs are up to date
ECA-9471 - Unit test of OAuth Keys in Configdump
ECA-9481 - Updating preferences in RA Web and CA UI with OAuth authentication
ECA-9509 - Trigger landing page for new installations
Tasks
ECA-8905 - Update JWT libraries for EJBCA
ECA-9315 - Document CA rekey recommendations
ECA-9380 - Upgrade jackson-databind to 2.9.10.6
ECA-9381 - Remove jdom jar
ECA-9383 - Upgrade hibernate jars
ECA-9515 - New Swagger version requires json-patch JAR and newer jackson-databind JAR
ECA-9539 - Skip REST related test in CE
Improvements
ECA-8750 - KeyGenParams is handled inconsistently for RSA
ECA-8800 - Improve usability when selecting crypto tokens/algorithms on CA
ECA-9023 - Use prepared statements in ApprovalSessionBean and org.ejbca.util.query.Query
ECA-9215 - Configure full Azure Key Vault Name which would include the DNS FQDN
ECA-9238 - Ability to access CA UI via OAuth without allowing unauthenticated usage
ECA-9243 - Change or remove svn.revision property
ECA-9283 - SSH Implementation improvements
ECA-9293 - SSH Implementation remaining TODOs
ECA-9309 - CleanUp the code, discovered in SSH implementation/review
ECA-9328 - Improve JackNJI11ProviderTest
ECA-9355 - Prevent admin lock-out when using OAuth
ECA-9368 - Fail over to another node if CRL updater cannot complete work due to crypto token being inaccessible
ECA-9379 - Document how to view number of CRLs for each issuer in housekeeping guide
ECA-9412 - Export\import OAuth keys with configdump
ECA-9415 - Add ACME support for cert-manager
ECA-9428 - Some WS methods swallow AuthorizationDeniedException
ECA-9430 - Avoid using SHA1 for HSM public key dummy certificates
ECA-9457 - Lower logging level in from ERROR to INFO when request key is not allowed
ECA-9458 - Trim external lib
ECA-9462 - Remove unused jar file
ECA-9464 - Upgrade internal library
ECA-9465 - Upgrade internal library
ECA-9467 - Upgrade internal library
ECA-9469 - Upgrade internal library
ECA-9514 - Temporarily remove OAuth configuration from CA Web
ECA-9522 - UI Improvements to installation page
ECA-9523 - EJBCA's validity definition does not align with the one from RFC5280 and baseline requirements
Bug Fixes
ECA-8681 - CRLData query wrongly assumes unique result
ECA-9031 - Regression: certificate validity option for key validators are not shown
ECA-9170 - SecureXmlDecoder cannot deserialize enums created in Java 6
ECA-9185 - Security Issue
ECA-9213 - Regression: 'Close' button not functioning under Role Members 'View Certificate' page
ECA-9280 - SecureXmlDecoder lacks support for UserDataVO, causing deserialization error
ECA-9291 - Incorrect encoding of critical options for SSH certificates
ECA-9296 - SSH values still show up in end entity profiles even if SSH module is not present
ECA-9301 - EJBCA freezes at startup if cyclic cross-signed root certificates are used in OCSP chain
ECA-9302 - Regression: Unable to Generate Certs from WebService When the Username is Set To Autogenerated in the EEP
ECA-9304 - Missing CA causes NPE when viewing KeyBindings
ECA-9318 - Wrong defaultKey selected from crypto token
ECA-9325 - Add quotation marks to the properties argument in the sample command in the CLI for services
ECA-9335 - Regression: SerialNr Octet size not retained after upgrade
ECA-9343 - Duplicated close on stream in EndEntityProfileSessionBean and CertificateProfileSessionBean
ECA-9349 - CLI does not include plugins-ee on first build
ECA-9364 - EjbcaWS.findCerts(username, isValid=true) should also return certificates with status = 21
ECA-9365 - Not possible to delete publisher, if exists ssh CA
ECA-9370 - CMP's EndEntityCertificateAuthenticationModule does not use BC to verify certificates
ECA-9392 - ACME system test includes invalid altName extension in CSR
ECA-9413 - Fix ACME test failures in main
ECA-9426 - OCSP responses without extensions are sent with an empty "singleExtensions" list
ECA-9432 - Removal of unidfnr/src-test causes Unit tests failure and partial execution of unit tests
ECA-9434 - Multiple CRLs with different CRL partition indexes after upgrade causes NonUniqueResultException
ECA-9436 - ProtocolOcspHttpStandaloneTest failure (false positive)
ECA-9437 - Avoid random StringToolsTest failure
ECA-9440 - Regression: CA UI links do not work with a HTTP proxy running on a different port/hostname/scheme
ECA-9448 - Regression: Changes in EndEntityProfileSessionBean and CertificateProfileSessionBean in try-with-resources produce incomplete xml
ECA-9452 - Test for pkcs10enroll endpoint returns error when user is set to autogenerated in EEP
ECA-9455 - Possible NPE in REST search certificate call
ECA-9456 - Approvals created without cert authenticated admins fail in RA Web
ECA-9482 - Missing icon and name of access rule with misconfigured peer connector
ECA-9485 - Regression: XmlSerializer does not B64 encode non-ASCII strings, causing audit record to fail in some cases
ECA-9498 - Regression: OCSP keybinding certificate import fails when CA fingerprint is missing in database
ECA-9501 - Test Failure: KeyValidatorSession
ECA-9503 - Test Failure: REST System tests
ECA-9506 - Update method invocations to getPendingEntriesCountForPublisherInIntervals
ECA-9517 - ant ziprelease doesn't set git revision properly
ECA-9518 - AdminWeb header/logo URL is sometimes not shown due to incorrect URL
ECA-9520 - Jenkins RA/VA builds using invalid revsion property
ECA-9524 - EJBCA CE doesn't build from main
ECA-9528 - ACME NPE while running same certbot request twice or more
ECA-9529 - Regression: Custom logo does not load
ECA-9535 - Too many CT keys would fill up screen during CA creation
ECA-9538 - AcmeConfiguration is missing configdump setting for getRetryAfter
ECA-9541 - Test failures after inclusive validity range fix
ECA-9547 - "ant ziprelease" produces Community Edition zip release that does not build
ECA-9548 - Regression: PKI Disclosure Statements are not encoded correctly in audit log