Issues Resolved in 7.8.1
Released December 2021
New Features
ECA-9561 - ACME IP Identifier Validation http-01 Challenge
ECA-9760 - REST searchCertificates call with pagination
ECA-10108 - Merge additional support for the NONEwithRSAandMGF1 (raw RSASSA-PSS) signature algorithm in P11NG
ECA-10184 - KeyVault Machine Identity Authentication
ECA-10334 - HTTP Basic Authentication in EST client mode
ECA-10344 - REST API support for configdump export
ECA-10347 - REST API support for configdump import
ECA-10349 - Add configdump support to Azure BLOB publisher
ECA-10356 - Add Primus HSM PKCS#11 library path
ECA-10380 - Domain Allow List Validator
ECA-10395 - Add support for URI Name Constraints
Improvements
ECA-5472 - Foldable view when there are many optional fields in the RA
ECA-8562 - Improve tests coverage of Configdump's import of Certificate Profiles
ECA-8745 - Increase the number of SANs configurable in end entity profiles (to >100)
ECA-9681 - Fix AcmeOrderData end entity stored including binary data as map
ECA-9763 - Change the message for CA Activation with approvals
ECA-10092 - Add cert auth to Azure Trusted OAuth Provider
ECA-10266 - Upgrade Nimbus JOSE+JWT to nimbus-jose-jwt-9.12.1.jar
ECA-10284 - Check if all invocations of AcmeAccountSessionBean.updateAccount are required
ECA-10293 - Bad signature performance using P11-NG with network HSMs
ECA-10302 - Revoking certificates from adminweb with reason 'Privileges withdrawn'
ECA-10318 - Add roles claim to Azure OAuth for Authentication
ECA-10322 - Create tables SQL script for NDB cluster has flaws
ECA-10324 - Combine ACME and general EAB
ECA-10327 - Reduce CRL and OCSP Validities by 1 second
ECA-10330 - Change default settings SCT in EJBCA 7.x
ECA-10333 - REST Search - Return eep and cp values
ECA-10339 - Viewing CRL's for CA with MS Compat Enabled
ECA-10345 - Put PIN last in the GUI when creating crypto token
ECA-10352 - MS CA compat with Sub CA in EJBCA and External Root
ECA-10353 - Allow name constraints to block all DNS Names
ECA-10354 - Fix ACME pre-authorization returns order object without authorization
ECA-10355 - Update EJBCA to work with Wildfly 25
ECA-10358 - ACME performance - refactor AcmeOrderSessionBean.processPendingOrders
ECA-10360 - Add aliases cache for P11-NG crypto tokens
ECA-10361 - PKCS#10 REST endpoint using end entity information (not CSR)
ECA-10367 - Optimize PKCS#11 sign to avoid redundant PKCS#11 calls
ECA-10377 - EE REST API support search by modified date
ECA-10382 - Allow to configure ignored CAA properties when their processing is done outside EJBCA
ECA-10384 - Differentiate rows in CA Structures & CRLs
ECA-10398 - Align buttons in Certificate Profile and Publishers sections
ECA-10400 - X509CACrlUnitTest test fix
ECA-10406 - Merge smaller P11-NG changes from SignServer
ECA-10428 - Remove extra dot from cert
ECA-10430 - Upgrade BC to 1.70
Bug Fixes
ECA-6166 - CA key export does not warn if no RSA keys are present for encryption.
ECA-7235 - Settings are reset when Match with setting is changed
ECA-8227 - It is possible to revoke an already revoked end entity
ECA-9203 - Exception occurrs even if 'Gender' value is given
ECA-10126 - Error when syncing to VA via peer connector
ECA-10157 - Security Issue
ECA-10172 - EST Vendor Mode ChangeSubjectName should not compare with the CSR DN
ECA-10224 - CREATE CA: NullPointerException
ECA-10229 - CMP Authentication Radio Buttons are not disabled in view page
ECA-10237 - Trusted OAuth Providers are removed without any warning or confirmation
ECA-10254 - SCEP alias for Intune not allowing certain characters for client secret.
ECA-10264 - Configdump import failed if the /cryptotoken/keys/remove/ rule is set
ECA-10295 - Configdump does not import Approval Profiles
ECA-10301 - Revoking certificates from adminweb with reason 'AA compromise'
ECA-10303 - Throwaway CA Revocation Broken in 7.6.0
ECA-10311 - View CMP Alias page says: Edit CMP Alias
ECA-10319 - Broken RA End Entity edit page
ECA-10320 - OCSP not working when CA uses Ed25519
ECA-10323 - Enrollment code can not be empty when setting EE status from Generated to New with autogenerated enrollment codes
ECA-10343 - NumberFormatException when creating a crypto token using token label when cryptotoken.p11.lib.X.slotlist is used
ECA-10357 - Ignore keys which cannot be read by the P11NgCryptoToken
ECA-10363 - Make audience check optional
ECA-10365 - Fix links in ACME HTTP response headers
ECA-10383 - In RAWeb custom values "Set validity" doesn't work
ECA-10390 - "Republish" publisher queue view action uses wrong PublishQueueProcessWorker
ECA-10391 - 'Required' restriction on name constraints in end entity profiles are not validated.
ECA-10394 - Clean up of cesecore-p11 is not optional
ECA-10399 - ExpiredCertsOnCRL encodes with fractional seconds
ECA-10404 - Make EEP upgrade for 7.8.1 cluster compatible
ECA-10407 - Audience cannot be empty when "disable audience check" is selected
ECA-10410 - Reintroduce ECA-9475
ECA-10422 - Fix failing tests