New Features

ECA-8220 - CMP: possibility to configure Issuing CA certificate included or not in the caPubs field

ECA-9476 - Make it possible to restore end entity and certificate data from the WildFly log file

ECA-10043 - Update Intune dependencies

ECA-10078 - Add validation and display useful error messages

ECA-10090 - Validation of uploaded EAB config

ECA-10114 - Update documentation with RA web changes

ECA-10123 - Secret Input For Custom Worker UI

Improvements

ECA-7640 - End entity editor in the RA Web

ECA-8473 - Support other authentication than password for Azure Key Vault Crypto Token

ECA-9276 - Support client certificate authentication for Azure Intune for SCEP enrollment

ECA-9553 - ACME EAB Documentation

ECA-9685 - Improve German translation for AdminWeb and RA

ECA-9832 - Security hardening

ECA-9836 - Add option to SCEP Alias to disable SHA-1 digest algorithm in responses

ECA-9936 - Add handling of unsupported role member types

ECA-9942 - Compile statedump-ejb without access to appserver

ECA-9996 - Migrate the OCSP transaction log and the OCSP audit log to the GUI

ECA-10001 - Give ACME aliases with EAB the option to generate the symmetric key

ECA-10021 - Add EAB support to REST for /v1/certificate/pkcs10enroll

ECA-10028 - Update REST Search functionality with the EAB ID

ECA-10029 - Add the EAB ID field to the RA Enroll page

ECA-10034 - Decide in a format that has namespace support

ECA-10061 - Security hardening

ECA-10064 - Language improvement and typo updates

ECA-10065 - Support Azure MHSM as a Key Vault crypto token

ECA-10079 - Help text on EAB upload page

ECA-10098 - Preview of uploaded EAB namespaces under System Configuration

ECA-10101 - Security hardening

ECA-10102 - Multi-select for EAB Namespaces in Certificate Profile

ECA-10165 - IntuneRevocationWorker is missing setting for AUTH_AUTHORITY

Bug Fixes

ECA-7972 - CN is not copied to dNSName when "Use entity CN field" is enabled in the end entity profile

ECA-9330 - Security Issue

ECA-9558 - Multiple choices of the same curves in certificate profile - unable to enroll ECDSA prime256v1 certificate via RA Web

ECA-9660 - Cannot enroll over ACME using an EC keypair

ECA-9975 - Pre-produced OCSP responses are only published to the first VA

ECA-9985 - DeltaCRL creation time

ECA-9999 - Incorrect response to ACME challenge URL when using POST-as-GET

ECA-10020 - Regression: CSR Upload in the RA Web causes spontaneous redirect to blank page

ECA-10022 - Fix ACME pre-authorization NPE and empty list of authorizations

ECA-10044 - Fix ACME EAB shared key encryption from RA

ECA-10048 - Security issue

ECA-10073 - Saving CA resets Subject Alternative Name field

ECA-10082 - Security issue

ECA-10083 - Autoenrollment: Clear header from outgoing SOAP message when one already exists

ECA-10088 - Autoenrollment: Enrollment permission check is too strict

ECA-10089 - Security issue

ECA-10093 - SSH settings must not be displayed in CE edition End-Entity Profile edit form

ECA-10097 - Regression: Security exception and missing classes on classpath when importing using EJBCA DB CLI

ECA-10104 - Regression: Exception occurs when viewing certificate

ECA-10106 - Signing of data larger than 20 KiB with ECDSA and PKCS#11 NG (e.g. eIDAS HSM) fails

ECA-10109 - Signing of data larger than 20 KiB with AWS KMS and Azure Key Vault fails

ECA-10113 - Maximum number of failed login attempts not working via RA Web

ECA-10116 - Run CRL partition index db update in post-upgrade instead of upgrade at a startup

ECA-10122 - Unable to set Intune key binding in SCEP configuration

ECA-10125 - Intune Scep Serialization Error

ECA-10129 - Intune revocation missing SCEP fields

ECA-10132 - Azure Crypto Token using cert auth with auto activation shows inactive when restarting wildfly

ECA-10133 - Fix selenium

ECA-10134 - EAB namespaces broken for configdump