Released October 2020

New Features

ECA-5333 - Ability to search for approval requests by part of Subject DN / or e-mail

ECA-7994 - Not possible to request CVC certificates in RA web

ECA-8845 - Planning of grab new installations issue

ECA-9237 - Authentication path for OAuth in CA UI

ECA-9239 - Authentication path for OAuth in RA web

ECA-9240 - Ability to manage OAuth keys via AdminWeb

ECA-9241 - Ability to manage OAuth keys via CLI

ECA-9333 - REST API commands for End Entity Management

ECA-9337 - Landing page for "grab new installation"

ECA-9346 - CLI support to create new CA with AWS/Azure KMS crypto token (ejbca.sh ca init)

ECA-9350 - Authentication path for OAuth in WebService and REST API

ECA-9351 - Ability to configure default OAuth key

ECA-9376 - Add language strings for OAuth in RA Web

ECA-9421 - Add entry for Trident HSM to web.properties defaults

ECA-9431 - System test of URL access with JWT Bearer token

ECA-9450 - Add OAuth support to AuthenticationFilter

ECA-9451 - Add OAuth support to JSP pages

ECA-9453 - Make it possible to ask the healthcheck servlet which VAs are up to date

ECA-9471 - Unit test of OAuth Keys in Configdump

ECA-9481 - Updating preferences in RA Web and CA UI with OAuth authentication

ECA-9509 - Trigger landing page for new installations

Tasks

ECA-8905 - Update JWT libraries for EJBCA

ECA-9315 - Document CA rekey recommendations

ECA-9380 - Upgrade jackson-databind to 2.9.10.6

ECA-9381 - Remove jdom jar

ECA-9383 - Upgrade hibernate jars

ECA-9515 - New Swagger version requires json-patch JAR and newer jackson-databind JAR

ECA-9539 - Skip REST related test in CE

Improvements

ECA-8750 - KeyGenParams is handled inconsistently for RSA

ECA-8800 - Improve usability when selecting crypto tokens/algorithms on CA

ECA-9023 - Use prepared statements in ApprovalSessionBean and org.ejbca.util.query.Query

ECA-9215 - Configure full Azure Key Vault Name which would include the DNS FQDN

ECA-9238 - Ability to access CA UI via OAuth without allowing unauthenticated usage

ECA-9243 - Change or remove svn.revision property

ECA-9283 - SSH Implementation improvements

ECA-9293 - SSH Implementation remaining TODOs

ECA-9309 - CleanUp the code, discovered in SSH implementation/review

ECA-9328 - Improve JackNJI11ProviderTest

ECA-9355 - Prevent admin lock-out when using OAuth

ECA-9368 - Fail over to another node if CRL updater cannot complete work due to crypto token being inaccessible

ECA-9379 - Document how to view number of CRLs for each issuer in housekeeping guide

ECA-9412 - Export\import OAuth keys with configdump

ECA-9415 - Add ACME support for cert-manager

ECA-9428 - Some WS methods swallow AuthorizationDeniedException

ECA-9430 - Avoid using SHA1 for HSM public key dummy certificates

ECA-9457 - Lower logging level in from ERROR to INFO when request key is not allowed

ECA-9458 - Trim external lib

ECA-9462 - Remove unused jar file

ECA-9464 - Upgrade internal library

ECA-9465 - Upgrade internal library

ECA-9467 - Upgrade internal library

ECA-9469 - Upgrade internal library

ECA-9514 - Temporarily remove OAuth configuration from CA Web

ECA-9522 - UI Improvements to installation page

ECA-9523 - EJBCA's validity definition does not align with the one from RFC5280 and baseline requirements

Bug Fixes

ECA-8681 - CRLData query wrongly assumes unique result

ECA-9031 - Regression: certificate validity option for key validators are not shown

ECA-9170 - SecureXmlDecoder cannot deserialize enums created in Java 6

ECA-9185 - Security Issue

ECA-9213 - Regression: 'Close' button not functioning under Role Members 'View Certificate' page

ECA-9280 - SecureXmlDecoder lacks support for UserDataVO, causing deserialization error

ECA-9291 - Incorrect encoding of critical options for SSH certificates

ECA-9296 - SSH values still show up in end entity profiles even if SSH module is not present

ECA-9301 - EJBCA freezes at startup if cyclic cross-signed root certificates are used in OCSP chain

ECA-9302 - Regression: Unable to Generate Certs from WebService When the Username is Set To Autogenerated in the EEP

ECA-9304 - Missing CA causes NPE when viewing KeyBindings

ECA-9318 - Wrong defaultKey selected from crypto token

ECA-9325 - Add quotation marks to the properties argument in the sample command in the CLI for services

ECA-9335 - Regression: SerialNr Octet size not retained after upgrade

ECA-9343 - Duplicated close on stream in EndEntityProfileSessionBean and CertificateProfileSessionBean

ECA-9349 - CLI does not include plugins-ee on first build

ECA-9364 - EjbcaWS.findCerts(username, isValid=true) should also return certificates with status = 21

ECA-9365 - Not possible to delete publisher, if exists ssh CA

ECA-9370 - CMP's EndEntityCertificateAuthenticationModule does not use BC to verify certificates

ECA-9392 - ACME system test includes invalid altName extension in CSR

ECA-9413 - Fix ACME test failures in main

ECA-9426 - OCSP responses without extensions are sent with an empty "singleExtensions" list

ECA-9432 - Removal of unidfnr/src-test causes Unit tests failure and partial execution of unit tests

ECA-9434 - Multiple CRLs with different CRL partition indexes after upgrade causes NonUniqueResultException

ECA-9436 - ProtocolOcspHttpStandaloneTest failure (false positive)

ECA-9437 - Avoid random StringToolsTest failure

ECA-9440 - Regression: CA UI links do not work with a HTTP proxy running on a different port/hostname/scheme

ECA-9448 - Regression: Changes in EndEntityProfileSessionBean and CertificateProfileSessionBean in try-with-resources produce incomplete xml

ECA-9452 - Test for pkcs10enroll endpoint returns error when user is set to autogenerated in EEP

ECA-9455 - Possible NPE in REST search certificate call

ECA-9456 - Approvals created without cert authenticated admins fail in RA Web

ECA-9482 - Missing icon and name of access rule with misconfigured peer connector

ECA-9485 - Regression: XmlSerializer does not B64 encode non-ASCII strings, causing audit record to fail in some cases

ECA-9498 - Regression: OCSP keybinding certificate import fails when CA fingerprint is missing in database

ECA-9501 - Test Failure: KeyValidatorSession

ECA-9503 - Test Failure: REST System tests

ECA-9506 - Update method invocations to getPendingEntriesCountForPublisherInIntervals

ECA-9517 - ant ziprelease doesn't set git revision properly

ECA-9518 - AdminWeb header/logo URL is sometimes not shown due to incorrect URL

ECA-9520 - Jenkins RA/VA builds using invalid revsion property

ECA-9524 - EJBCA CE doesn't build from main

ECA-9528 - ACME NPE while running same certbot request twice or more

ECA-9529 - Regression: Custom logo does not load

ECA-9535 - Too many CT keys would fill up screen during CA creation

ECA-9538 - AcmeConfiguration is missing configdump setting for getRetryAfter

ECA-9541 - Test failures after inclusive validity range fix

ECA-9547 - "ant ziprelease" produces Community Edition zip release that does not build

ECA-9548 - Regression: PKI Disclosure Statements are not encoded correctly in audit log