Issues Resolved in 7.9.0
Released April 2022
New Features
ECA-7321 - RA Web should accept CSR in DER format
ECA-9834 - ACME configuration alias max. length of 250 characters
ECA-10261 - Add support for RFU bits in cert-cvc
ECA-10263 - Add support for RFU bits in EJBCA
ECA-10467 - Define new CA type for ITS CA's
ECA-10468 - ITS CA Type in the UI
ECA-10470 - REST Resource for ITS Certificate Request
ECA-10529 - ITS end entity request and response creation and verification
ECA-10554 - Allow CMPv2 enrollment in RA mode using vendor certificate
ECA-10592 - Authorization validation for ETSI certificates and integration to REST
ECA-10593 - End Entity management over REST for C-ITS ETSI
ECA-10612 - Import CITS CA and other UI changes for CITS
ECA-10613 - Subject attributes validation during registration, EC enroll and authorization validation
ECA-10614 - Download or rest endpoint for CITS certificates
ECA-10625 - Future Dated CRLs from the CLI.
ECA-10627 - Allow WS requests using Request Processors send through editUser as well
Improvements
ECA-7381 - Sunset Public Web
ECA-7588 - Remove CADataHandler
ECA-7765 - Allow public user to finalize enrollment in RA Web
ECA-8476 - Only show logout button in CA web when "Session timeout" is enabled
ECA-9256 - Allow an OCSP Responder to sign for other CAs
ECA-9566 - The Option "Send notification" is Not Available in RA Web
ECA-9799 - Search for Certificates at RA Web doesn't reflect Expired status in the main table list
ECA-10296 - Update EJBCA libs for Swagger to work on Wildfly > 22.0.0
ECA-10345 - Put PIN last in the GUI when creating crypto token
ECA-10413 - Allow EEP Subject DN values to be enforced
ECA-10414 - Add E-mail checkbox "Use email from address field" to RA-web
ECA-10416 - Increase CSR Size Limit
ECA-10418 - Name constraint support for make new request in RA web
ECA-10421 - Add checkbox to RA Web when creating end entity to activate key recovery
ECA-10452 - Trim external log lib
ECA-10454 - Improve dn merge procedure for end entities
ECA-10456 - Add end entity with clear text password in the RA web
ECA-10459 - Code cleanup: modules/oldlogexport
ECA-10460 - Code cleanup: modules/externalra-gui
ECA-10469 - Define MVP TBSCertificate fields for ITS CA's
ECA-10473 - Complete the rest endpoint implementation for CITS
ECA-10474 - Increase length of ACME EAB with symmetric keys generated key.
ECA-10476 - Introduce ITS Certificate Profile
ECA-10488 - Upgrade ITS epic branch with BC 1.7.1 b03
ECA-10489 - Create enrollment endpoint for the ITS REST API
ECA-10494 - Not able to reconnect to P11NG Crypto Token after HSM network disconnect
ECA-10501 - Remove support for CMP over TCP
ECA-10504 - Get rid of appender code in UpgradeBean to Log4J2
ECA-10512 - Upgrade EJBCA Intune Integration to Use Microsoft Graph API
ECA-10530 - Update standalone scripts with log4j compatability flag
ECA-10538 - SHAxWithRSAAndMGF1 / SHAxWithRSASSA-PSS not working with Azure Key Vault or AWS KMS Crypto tokens
ECA-10539 - Update slf4j
ECA-10543 - Update PublicAccessToken to not require delete end entities access rule
ECA-10548 - Add CrmfRequestTest into Jenkins
ECA-10555 - OEREncoding for InnerECRequest/Response
ECA-10558 - REST endpoint for ITS-S Registration
ECA-10576 - System test for ITS REST endpoint
ECA-10584 - Update ejbca.cmd with log4j changes
ECA-10585 - Deprecate and remove legacy batch enrollment GUI
ECA-10610 - Hardening
ECA-10615 - Upgrade BC to 1.71, pull in main branch changes
ECA-10619 - Upgrade commons-cli to 1.5
ECA-10628 - Allow the encryptpwd CLI command to run without appserver active
ECA-10633 - Upgrade jack11nji
ECA-10642 - Refactor ITS enrollment operation to be performed by CA implementation
ECA-10647 - Improve EJBCA's behavior when looking up invalid DNS records for CAA
Bug Fixes
ECA-9950 - Batchenrollment gives BCFKS error
ECA-10219 - New role members cannot manage existing approval requests
ECA-10228 - Invalid ocsp certificate prevents wildfly startup
ECA-10279 - CVC is not working in RA web
ECA-10388 - Peer connections using RSA Authentication Key binding with P11NG, Azure and AWS crypto tokens stopped working after JDK update
ECA-10424 - Logging Location of API Requests
ECA-10426 - Configurable DN order in LDAP Publisher
ECA-10436 - Regression: Error editing Key Vault crypto Token
ECA-10437 - CA Functions CRL download link fails to download CRL when CA SubjectDN contains ampersand
ECA-10457 - REST configdump export can fail even if ignore errors is enabled
ECA-10463 - ConfigDump Export/Import EEPs with multiple DNs/SANs
ECA-10471 - Regression - ejbca-db-cli not working after upgrading to 7.8.0.1
ECA-10484 - Regression: P11NG and CloudHSM using Healthcheck sometimes causes HSM to go offline with CKR_OPERATION_ACTIVE
ECA-10485 - CMP Certificate Confirmation - Default CA
ECA-10490 - Cannot re-activating suspended cert with "Safe Direct Publishing"
ECA-10491 - X.509 CA sequence is compared with keysequence from cert request in a wrong way
ECA-10497 - Regression: OCSP signing cache is always reloaded for requests with unknown CAs
ECA-10507 - Regression: P11NG signing misses NULL parameter in PKCS#1 algorithms parameters for RSA SHA algorthms
ECA-10532 - Fix ACME issuance of certificates with non-validated domains
ECA-10533 - EJBCA RA - Navigation dead-ends
ECA-10534 - Enrollment fails with GetCACert enabled in SCEP CA mode
ECA-10535 - AWSS3Publisher causes OCSP Peer Publishing to fail
ECA-10549 - Disable "Use queue ..." options when "Safe Direct Publishing" enabled
ECA-10550 - Regression: Potential NPE causes test failures when Trace logging is enabled
ECA-10557 - Jenkins CMP test failure
ECA-10569 - Create tests for cmp update command in cli
ECA-10571 - Make "Unspecified" revocation reason in OCSP responses configurable
ECA-10572 - URI Name Constraints should not allow/require protocol to be specified.
ECA-10577 - Key algorithm of uploaded CSR field shows wrong value
ECA-10579 - Clean up access rules requirements for using a CSR on the Make New Request page
ECA-10583 - Name constraint error produces stacktrace and unintuitive error message in RA UI
ECA-10591 - Startup database error due to deprecated property UserData.hardTokenIssuerId
ECA-10601 - Failures in PostgreSQL running create-index sql script, comment out drop index statements
ECA-10603 - ejbca-db-cli Broken
ECA-10620 - Request and EE CA mismatch still cause EE status change
ECA-10621 - Minor security issue
ECA-10622 - Changing an EE status over RA web leads to unwanted disabling of Batch generation (clear text pwd storage) checkbox
ECA-10626 - Support 'Any' cryptoProivder in MSAE templates
ECA-10634 - Fix IOException in db-cli
ECA-10635 - Update AzureBlobPublisher to use new Azure auth
ECA-10637 - Azure Key Vault only lists the first 25 key aliases
ECA-10638 - EJBCA restricts OCSP nonce to 30 octets instead of 32 as stated in RFC8954
ECA-10644 - The publisher queue inspection window should display the time with a 24-hour clock
ECA-10662 - Intune Resource URL not honored in new SCEP code