New Features

ECA-10693 - Periodically update public keys on Azure OAuth Alias

Improvements

ECA-10561 - ACME EAB with multiple keys

ECA-10519 - Add proper Git readme and license files in root directory

ECA-10746 - Improve ACME DNS challenge error handling and logging

ECA-10562 - Add support for EE email in REST /v1/certificate/pkcs10enroll POST

Bug Fixes

ECA-10519 - MSAE alias "Test connection" clears user input

ECA-10545 - RA Web Make New Request does not correctly parse CSR

ECA-10692 - Intune revocation poller fails if CA uses ldap order

ECA-10734 - ADConnectionSingletonBean - could not obtain lock within 5000MILLISECONDS

ECA-10745 - MSAE "RelatesTo" Id can ger overwritten during parallel requests

ECA-10758 - Sun PKCS11 not working on RedHat OpenJDK 11.0.15

ECA-10763 - Name constraints throwing NPE after 7.6.0

New Features

ECA-7321 - RA Web should accept CSR in DER format

ECA-9834 - ACME configuration alias max. length of 250 characters

ECA-10261 - Add support for RFU bits in cert-cvc

ECA-10263 - Add support for RFU bits in EJBCA

ECA-10467 - Define new CA type for ITS CA's

ECA-10468 - ITS CA Type in the UI

ECA-10470 - REST Resource for ITS Certificate Request

ECA-10529 - ITS end entity request and response creation and verification

ECA-10554 - Allow CMPv2 enrollment in RA mode using vendor certificate

ECA-10592 - Authorization validation for ETSI certificates and integration to REST

ECA-10593 - End Entity management over REST for C-ITS ETSI

ECA-10612 - Import CITS CA and other UI changes for CITS

ECA-10613 - Subject attributes validation during registration, EC enroll and authorization validation

ECA-10614 - Download or rest endpoint for CITS certificates

ECA-10625 - Future Dated CRLs from the CLI.

ECA-10627 - Allow WS requests using Request Processors send through editUser as well

Improvements

ECA-7381 - Sunset Public Web

ECA-7588 - Remove CADataHandler

ECA-7765 - Allow public user to finalize enrollment in RA Web

ECA-8476 - Only show logout button in CA web when "Session timeout" is enabled

ECA-9256 - Allow an OCSP Responder to sign for other CAs

ECA-9566 - The Option "Send notification" is Not Available in RA Web

ECA-9799 - Search for Certificates at RA Web doesn't reflect Expired status in the main table list

ECA-10296 - Update EJBCA libs for Swagger to work on Wildfly > 22.0.0

ECA-10345 - Put PIN last in the GUI when creating crypto token

ECA-10413 - Allow EEP Subject DN values to be enforced

ECA-10414 - Add E-mail checkbox "Use email from address field" to RA-web

ECA-10416 - Increase CSR Size Limit

ECA-10418 - Name constraint support for make new request in RA web

ECA-10421 - Add checkbox to RA Web when creating end entity to activate key recovery

ECA-10452 - Trim external log lib

ECA-10454 - Improve dn merge procedure for end entities

ECA-10456 - Add end entity with clear text password in the RA web

ECA-10459 - Code cleanup: modules/oldlogexport

ECA-10460 - Code cleanup: modules/externalra-gui

ECA-10469 - Define MVP TBSCertificate fields for ITS CA's

ECA-10473 - Complete the rest endpoint implementation for CITS

ECA-10474 - Increase length of ACME EAB with symmetric keys generated key.

ECA-10476 - Introduce ITS Certificate Profile

ECA-10488 - Upgrade ITS epic branch with BC 1.7.1 b03

ECA-10489 - Create enrollment endpoint for the ITS REST API

ECA-10494 - Not able to reconnect to P11NG Crypto Token after HSM network disconnect

ECA-10501 - Remove support for CMP over TCP

ECA-10504 - Get rid of appender code in UpgradeBean to Log4J2

ECA-10512 - Upgrade EJBCA Intune Integration to Use Microsoft Graph API

ECA-10530 - Update standalone scripts with log4j compatability flag

ECA-10538 - SHAxWithRSAAndMGF1 / SHAxWithRSASSA-PSS not working with Azure Key Vault or AWS KMS Crypto tokens

ECA-10539 - Update slf4j

ECA-10543 - Update PublicAccessToken to not require delete end entities access rule

ECA-10548 - Add CrmfRequestTest into Jenkins

ECA-10555 - OEREncoding for InnerECRequest/Response

ECA-10558 - REST endpoint for ITS-S Registration

ECA-10576 - System test for ITS REST endpoint

ECA-10584 - Update ejbca.cmd with log4j changes

ECA-10585 - Deprecate and remove legacy batch enrollment GUI

ECA-10610 - Hardening

ECA-10615 - Upgrade BC to 1.71, pull in main branch changes

ECA-10619 - Upgrade commons-cli to 1.5

ECA-10628 - Allow the encryptpwd CLI command to run without appserver active

ECA-10633 - Upgrade jack11nji

ECA-10642 - Refactor ITS enrollment operation to be performed by CA implementation

ECA-10647 - Improve EJBCA's behavior when looking up invalid DNS records for CAA

Bug Fixes

ECA-9950 - Batchenrollment gives BCFKS error

ECA-10219 - New role members cannot manage existing approval requests

ECA-10228 - Invalid ocsp certificate prevents wildfly startup

ECA-10279 - CVC is not working in RA web

ECA-10388 - Peer connections using RSA Authentication Key binding with P11NG, Azure and AWS crypto tokens stopped working after JDK update

ECA-10424 - Logging Location of API Requests

ECA-10426 - Configurable DN order in LDAP Publisher

ECA-10436 - Regression: Error editing Key Vault crypto Token

ECA-10437 - CA Functions CRL download link fails to download CRL when CA SubjectDN contains ampersand

ECA-10457 - REST configdump export can fail even if ignore errors is enabled

ECA-10463 - ConfigDump Export/Import EEPs with multiple DNs/SANs

ECA-10471 - Regression - ejbca-db-cli not working after upgrading to 7.8.0.1

ECA-10484 - Regression: P11NG and CloudHSM using Healthcheck sometimes causes HSM to go offline with CKR_OPERATION_ACTIVE

ECA-10485 - CMP Certificate Confirmation - Default CA

ECA-10490 - Cannot re-activating suspended cert with "Safe Direct Publishing"

ECA-10491 - X.509 CA sequence is compared with keysequence from cert request in a wrong way

ECA-10497 - Regression: OCSP signing cache is always reloaded for requests with unknown CAs

ECA-10507 - Regression: P11NG signing misses NULL parameter in PKCS#1 algorithms parameters for RSA SHA algorthms

ECA-10532 - Fix ACME issuance of certificates with non-validated domains

ECA-10533 - EJBCA RA - Navigation dead-ends

ECA-10534 - Enrollment fails with GetCACert enabled in SCEP CA mode

ECA-10535 - AWSS3Publisher causes OCSP Peer Publishing to fail

ECA-10549 - Disable "Use queue ..." options when "Safe Direct Publishing" enabled

ECA-10550 - Regression: Potential NPE causes test failures when Trace logging is enabled

ECA-10557 - Jenkins CMP test failure

ECA-10569 - Create tests for cmp update command in cli

ECA-10571 - Make "Unspecified" revocation reason in OCSP responses configurable

ECA-10572 - URI Name Constraints should not allow/require protocol to be specified.

ECA-10577 - Key algorithm of uploaded CSR field shows wrong value

ECA-10579 - Clean up access rules requirements for using a CSR on the Make New Request page

ECA-10583 - Name constraint error produces stacktrace and unintuitive error message in RA UI

ECA-10591 - Startup database error due to deprecated property UserData.hardTokenIssuerId

ECA-10601 - Failures in PostgreSQL running create-index sql script, comment out drop index statements

ECA-10603 - ejbca-db-cli Broken

ECA-10620 - Request and EE CA mismatch still cause EE status change

ECA-10621 - Minor security issue

ECA-10622 - Changing an EE status over RA web leads to unwanted disabling of Batch generation (clear text pwd storage) checkbox

ECA-10626 - Support 'Any' cryptoProivder in MSAE templates

ECA-10634 - Fix IOException in db-cli

ECA-10635 - Update AzureBlobPublisher to use new Azure auth

ECA-10637 - Azure Key Vault only lists the first 25 key aliases

ECA-10638 - EJBCA restricts OCSP nonce to 30 octets instead of 32 as stated in RFC8954

ECA-10644 - The publisher queue inspection window should display the time with a 24-hour clock

ECA-10662 - Intune Resource URL not honored in new SCEP code

EJBCA 7.8.2.1

EJBCA 7.8.2.1 was an internal release, not generally available for customers.

EJBCA 7.8.2

EJBCA 7.8.2 was an internal release, not generally available for customers.

Released February 2022

EJBCA 7.8.1

Released December 2021

EJBCA 7.8.0.3

Released November 2021

EJBCA 7.8.0.2

EJBCA 7.8.0.2 was an internal EJBCA SaaS specific release

EJBCA 7.8.0.1

Included in the EJBCA 7.8.0.1 release are also changes made in EJBCA 7.8.0, which was an internal release, not generally available for customers.

Released October 2021

EJBCA 7.8.0

EJBCA 7.8.0 was an internal release, not generally available for customers.

Released September 2021

New Features

ECA-3085 - Option to start audit log verification from a specified sequence number

ECA-10074 - Azure CRL Publisher

ECA-10180 - ACME Name Generation Scheme

Improvements

ECA-9797 - Documentation is missing for "extension_data" field in REST calls

ECA-9863 - SCEP: add option to include CA chain in the GetCACert call (update for RFC8894)

ECA-10050 - GUI option for Microsoft conformant CA creation

ECA-10051 - OCSP Responder support for multiple signer keys

ECA-10080 - Make ms conformant setting irreversible in other end points

ECA-10081 - Improve DynamicUiProperty field validation user mesages

ECA-10084 - UI: Hide "Partition CRL Settings" when "MS Key Updates" is enabled.

ECA-10085 - CA signKey must correspond to partition.

ECA-10086 - Suspend previous CRL partition with CA key re-keying.

ECA-10087 - Enforce Partition CRLs with MS CA Key Updates

ECA-10091 - Add approvals for ACME account management

ECA-10140 - Enforce CRL Distribution Point in Edit CA page if MS CA Compatibilty mode is selected

ECA-10152 - Enforce Use of Authority Key ID

ECA-10153 - Generating Default CRL Dist. Point should use partition suffix

Bug Fixes

ECA-9805 - Enrollment code not shown in RA web when using key recovery

ECA-10138 - Single Active Certificate Constraint sets revocation date to 1970

ECA-10166 - IntuneRevocationWorker is missing setting for AUTH_AUTHORITY in 7.7

ECA-10167 - CA certificate CDP not updated on MS CA re-keying

ECA-10174 - SCEP Issuance has incorrect log message

ECA-10194 - Azure CRL Publisher Not Publishing CRLs via peer

ECA-10197 - CRL Publisher label wrong

ECA-10198 - Azure CRL Publisher fails unless password entered

New Features

ECA-8220 - CMP: possibility to configure Issuing CA certificate included or not in the caPubs field

ECA-9476 - Make it possible to restore end entity and certificate data from the WildFly log file

ECA-10043 - Update Intune dependencies

ECA-10078 - Add validation and display useful error messages

ECA-10090 - Validation of uploaded EAB config

ECA-10114 - Update documentation with RA web changes

ECA-10123 - Secret Input For Custom Worker UI

Improvements

ECA-7640 - End entity editor in the RA Web

ECA-8473 - Support other authentication than password for Azure Key Vault Crypto Token

ECA-9276 - Support client certificate authentication for Azure Intune for SCEP enrollment

ECA-9553 - ACME EAB Documentation

ECA-9685 - Improve German translation for AdminWeb and RA

ECA-9832 - Security hardening

ECA-9836 - Add option to SCEP Alias to disable SHA-1 digest algorithm in responses

ECA-9936 - Add handling of unsupported role member types

ECA-9942 - Compile statedump-ejb without access to appserver

ECA-9996 - Migrate the OCSP transaction log and the OCSP audit log to the GUI

ECA-10001 - Give ACME aliases with EAB the option to generate the symmetric key

ECA-10021 - Add EAB support to REST for /v1/certificate/pkcs10enroll

ECA-10028 - Update REST Search functionality with the EAB ID

ECA-10029 - Add the EAB ID field to the RA Enroll page

ECA-10034 - Decide in a format that has namespace support

ECA-10061 - Security hardening

ECA-10064 - Language improvement and typo updates

ECA-10065 - Support Azure MHSM as a Key Vault crypto token

ECA-10079 - Help text on EAB upload page

ECA-10098 - Preview of uploaded EAB namespaces under System Configuration

ECA-10101 - Security hardening

ECA-10102 - Multi-select for EAB Namespaces in Certificate Profile

ECA-10165 - IntuneRevocationWorker is missing setting for AUTH_AUTHORITY

Bug Fixes

ECA-7972 - CN is not copied to dNSName when "Use entity CN field" is enabled in the end entity profile

ECA-9330 - Security Issue

ECA-9558 - Multiple choices of the same curves in certificate profile - unable to enroll ECDSA prime256v1 certificate via RA Web

ECA-9660 - Cannot enroll over ACME using an EC keypair

ECA-9975 - Pre-produced OCSP responses are only published to the first VA

ECA-9985 - DeltaCRL creation time

ECA-9999 - Incorrect response to ACME challenge URL when using POST-as-GET

ECA-10020 - Regression: CSR Upload in the RA Web causes spontaneous redirect to blank page

ECA-10022 - Fix ACME pre-authorization NPE and empty list of authorizations

ECA-10044 - Fix ACME EAB shared key encryption from RA

ECA-10048 - Security issue

ECA-10073 - Saving CA resets Subject Alternative Name field

ECA-10082 - Security issue

ECA-10083 - Autoenrollment: Clear header from outgoing SOAP message when one already exists

ECA-10088 - Autoenrollment: Enrollment permission check is too strict

ECA-10089 - Security issue

ECA-10093 - SSH settings must not be displayed in CE edition End-Entity Profile edit form

ECA-10097 - Regression: Security exception and missing classes on classpath when importing using EJBCA DB CLI

ECA-10104 - Regression: Exception occurs when viewing certificate

ECA-10106 - Signing of data larger than 20 KiB with ECDSA and PKCS#11 NG (e.g. eIDAS HSM) fails

ECA-10109 - Signing of data larger than 20 KiB with AWS KMS and Azure Key Vault fails

ECA-10113 - Maximum number of failed login attempts not working via RA Web

ECA-10116 - Run CRL partition index db update in post-upgrade instead of upgrade at a startup

ECA-10122 - Unable to set Intune key binding in SCEP configuration

ECA-10125 - Intune Scep Serialization Error

ECA-10129 - Intune revocation missing SCEP fields

ECA-10132 - Azure Crypto Token using cert auth with auto activation shows inactive when restarting wildfly

ECA-10133 - Fix selenium

ECA-10134 - EAB namespaces broken for configdump

EJBCA 7.5.1

EJBCA 7.5.1 was an internal release, not generally available for customers.

Internally Released May 2021

EJBCA 7.5.0.1

Released May 2021

EJBCA 7.4.3.3

Released February 2021

EJBCA 7.4.3.2

Released December 2020

• Tasks

• Improvements

• Bug Fixes

EJBCA 7.4.3

Released October 2020

• New Features

• Tasks

• Improvements

• Bug Fixes

EJBCA 7.4.2

Released September 2020

• New Feature

• Improvement

• Bug Fixes

EJBCA 7.4.1

Released July 2020

• New Features

• Improvements

• Bug Fixes

New Features

ECA-4491 - Support Ed25519 and Ed448 (EdDSA) certificate issuance using soft crypto tokens

ECA-5333 - Ability to search for approval requests by part of Subject DN / or e-mail

ECA-6787 - Ability to specify Superadmin Validity during installation

ECA-6790 - Add "Enforce Key Renewal" Option

ECA-7162 - Add regex validation to usernames for EEP

ECA-8699 - Support encryption for SCEP in Azure Key Vault crypto token

ECA-8718 - Add test of "Enforce Key Renewal"

ECA-8781 - CLI command to import key recovery data for end entities

ECA-8848 - Database table for pre-produced OCSP responses

ECA-8849 - Service worker pre-produced OCSP responses

ECA-8850 - CA setting enabling pre-produced responses.

ECA-8852 - Publisher for OCSP Response Data

ECA-8866 - Create OCSP Cache for CA canned response setting

ECA-8878 - Session bean (interface etc) for OcspResponseData

ECA-8892 - Handling conflict between CA setting to pre-produce OCSP responses and OCSP Key binding nonce setting

ECA-8895 - Create indexes for the OCSPResponseData table

ECA-8899 - Approvals for SCEP RA mode

ECA-8913 - Support AWS KMS (Key Management Service, different from AWS CloudHSM)

ECA-8944 - Service worker UI for OCSP pre-production

ECA-8962 - Implement SCEP enrollment with approvals for already existing end entities

ECA-8990 - Update plugin sample to deploy cleanly

ECA-9051 - Shift the configuration of ExtendedUserDataHandlers (such as the UnidFnrHandler) from CMP configuration to CA configuration

ECA-9053 - Implement configuration of Request Processors in the CA

ECA-9057 - Implement a validator for the Google Safe Browsing API

ECA-9065 - Upgrade procedure after moving Request Processors from CMP to CA

ECA-9066 - Shift execution of Request Processors from CrmfRequestHandler into CertificateRequestSession

ECA-9072 - Service worker logic for final OCSP response

ECA-9074 - Support for CLI batch generation with EdDSA keys

ECA-9142 - Create a webservice call for creating an externally signed CA.

ECA-9163 - Add support for WS createExternallySignedCa command in clientToolBox

Tasks

ECA-7435 - Java 11: SOAP WS Client and Tests do not work

ECA-8212 - Batch enrollment GUI does not build under JDK11

ECA-8651 - Update resteasy jars used for junit testing

ECA-8695 - Security: Upgrade external dependency

ECA-8696 - Update db2jcc4.jar used for jenkins tests

ECA-8700 - Use reflection in CESeCoreUtils to support older version of Java

ECA-8717 - Java 11: ejbca-ws-cli uses endorsed.dirs which is not supported in java 11

ECA-8724 - Upgrade cert-cvc to 1.4.10

ECA-8727 - Documentation: Oracle JDK 8 not listed any longer in prerequisites

ECA-8730 - Fix JUnit, UserFulfillEndEntityProfileTest and CommandLibraryTest tests that fail on Java 11 (due to issues in tests)

ECA-8731 - Remove old commons-httpclient 3.1 and upgrade commons httcomponents to latest stable version

ECA-8733 - Update ConfigImport "known limitations"

ECA-8744 - FindBugs: fix warning about NP_NULL_PARAM_DEREF

ECA-8804 - Security: Upgrade external dependency

ECA-8807 - Change the copyright footer to 2020

ECA-8855 - Automate test ECAQA-128: End Entity Profile - Custom Validity

ECA-8898 - Document known issue related to approval requests after an upgrade to EJBCA 6

ECA-8918 - Documentation: Document support for Cloud HSMs

ECA-8980 - EJBCA Testing: ACME (Continued) Testing

ECA-9011 - Upgrade apache cfx

ECA-9049 - Investigate CRL-related test failures in Jenkins

ECA-9050 - Code cleanup: Remove dead encrypt/decrypt methods in CA

ECA-9079 - Add selecatable head banner with advisory notice and consent warning

ECA-9088 - Grab ClientToolBox test from Git

ECA-9089 - Learn how the current EJBCAClientToolBox test works.

ECA-9090 - Create/Extend JenkinsFile and DockerFile for EJBCAClientToolBox

ECA-9091 - Setup Jenkins Job to run EJBCA ClientToolBox

ECA-9100 - Documentation: update JBoss security about Diffie-Hellman keysize and datasource passords

ECA-9114 - Upgrade jackson databind

ECA-9168 - Regression Test & Automation EcaQa75

ECA-9187 - Add configuration steps for WildFly 18

ECA-9197 - Document how to limit length of DN fields using regexp validation

Improvements

ECA-1758 - Add system tests for caRenewCertRequest (WS)

ECA-4130 - Publishers: Show the publisher type next to the name in the Publishers page

ECA-5912 - Trim spaces and check syntax of CT URLs when they are added

ECA-6284 - Use something faster than java.beans.XMLEncoder/Decoder

ECA-6296 - Limit length of subject DN in RA GUI search results

ECA-6505 - Documentation: Add diagram how CA, CPs and EEPs are related

ECA-7064 - Disallow creation of Peer Connectors with the same name

ECA-7633 - New flag in 'ejbca.sh ca republish' command to list certificates instead of end entities

ECA-7722 - Minor usability improvements on Edit CA page

ECA-7819 - Remove old installation properties and ant targets

ECA-7959 - A user should be able to click a link to be returned to the previous page after error occurs

ECA-8157 - Add back the username field to EEP

ECA-8636 - CT systemtest - Publish precert

ECA-8670 - Allow selenium setup to run with different ManagementCA name

ECA-8672 - Fix trivial warnings in cesecore-common

ECA-8675 - Fix CryptoToken import in configdump

ECA-8694 - Automate ECAQA-155

ECA-8698 - Unclear UI messages for RA CA name in EST alias

ECA-8703 - Trim space for ACME Aliases Add function

ECA-8706 - Refactor CAInterfaceBean and related classes

ECA-8713 - Automate ECAQA-152

ECA-8715 - Optimize Azure Key Vault Crypto Token to not make unessecary REST calls when checking for status

ECA-8716 - Optimize PKCS11 Crypto Token to not make unessecary PKCS#11 calls on deactivated crypto tokens

ECA-8720 - Jenkins: upgrade powermock dependencies for JDK11+

ECA-8721 - Jenkins: EJBCA_JDK_DOCKERS

ECA-8722 - Update cert-cvc library to build with Java 11

ECA-8725 - Optimize render of created/edit CA page to not list all crypto token keys

ECA-8729 - ConfigImport Admin Roles import order

ECA-8738 - Make it possible to run tests within eclipse

ECA-8746 - Add small help text for subject DN field when creating a CA

ECA-8747 - Give error message when trying to import an IS certificate to a DVCA

ECA-8749 - ApprovalProfileSession.removeApprovalProfile throws exception when profile does not exist, does not follow javadoc contract

ECA-8754 - Optimize CaSessionBean.getCAIdToNameMap to use cache

ECA-8755 - Optmize CryptoTokenManagementSessionBean.getKeyPairInfo to not list all aliases

ECA-8758 - Sort "Extended Key Services Specification" dropdown

ECA-8765 - Document in Client Toolbox how to include CESeCoreUtils

ECA-8774 - Fix some NPEs in the log when accessing without proper session

ECA-8775 - Improve output format in CertDistServlet listcerts command

ECA-8783 - Add test case for va publisher data source (Selenium)

ECA-8788 - Inconsistent behaviour between CLI and AdminWeb created CA using CA defined AIA

ECA-8789 - Allow UNUSED data value in databaseprotection.properties

ECA-8793 - Add new HTTP security headers

ECA-8794 - Add HTTP security headers to CertDistServlet

ECA-8795 - Improve error handling in PublicWeb when entering invalid DN

ECA-8797 - The wrong path of a language configuration file in the document

ECA-8801 - Change text uses->allows in configuration checker message about ECC keys

ECA-8809 - Fix formating in CertStoreServletTest and CertFetchAndVerify

ECA-8813 - Show a warning when basic constraints are violated

ECA-8821 - Better error message when trying to sign with an inactive crypto token

ECA-8839 - Allow serial numbers to be entered with colon or spaces also

ECA-8863 - Jenkins jobs improvement

ECA-8865 - Selenium test constantly failing on RA-web

ECA-8872 - Documentation Clarify what multiple issuers in the CAA validator means

ECA-8879 - Create end entity based on UPN in certificate when running "importcertsms" CLI command

ECA-8882 - Improve Swedish translation of the RA web

ECA-8907 - Add validator for SAN field in Create CA page and improve error handling.

ECA-8908 - Update documentation for pre-produced OCSP responses

ECA-8911 - Ability to get version of clientToolBox

ECA-8921 - Automate ECAQA-113

ECA-8924 - Automate ECAQA-116

ECA-8926 - Add delete method in OcspDataSession bean.

ECA-8930 - The Save button in the RA web edit end entity page should be located at the bottom

ECA-8932 - Document improvement in CRL Behaviour after CA Revocation

ECA-8936 - Revise the OcspResponseData table and primary key.

ECA-8943 - Public key blacklist should handle Debian blacklist format

ECA-8958 - Modify CmpRAUnidTest to run without the Unid datasource

ECA-8961 - Improve debug logging for approvals to easily see type

ECA-8975 - Code cleanup: Encode EC keys generated by a Pkcs11NgCryptoToken without explicit params first

ECA-8977 - Add sample token properties to changecatoken CLI command to make it easier to use

ECA-8996 - Code cleanup: Azure crypto token

ECA-8997 - Code cleanup: AWS KMS crypto token

ECA-8999 - Add cabforganizationidentifier as argument to WS cli

ECA-9003 - Code cleanup: OidsObjectLinkedHashSetConverter and write unit test

ECA-9027 - Check that all certificate/end entity profile pairs have at least one usable CA

ECA-9032 - Configurable time before expire for Ocsp Response Presigner

ECA-9033 - Improve JPQL query for getting expired responses

ECA-9034 - Support SHA1 and SHA256 hashes for Pre-produced OCSP responses

ECA-9035 - Upgrade to BC 1.65

ECA-9036 - Increase column size of subject DN and subject email for MySQL/MariaDB

ECA-9041 - SCEP: Debug log message encryption algorithms

ECA-9045 - Enable legacy browser enrollment in IE11 on Windows 10

ECA-9058 - On-demand setting for OCSP pre-production

ECA-9067 - Improve CryptoToken Config: Verify Auto-Activation Codes

ECA-9070 - Add support for CAs using SHA256WithDSA

ECA-9096 - Peer publisher for OCSP response data

ECA-9097 - Show only relevant curves/key sizes on certificate profile page

ECA-9098 - Retrieving curves and algorithms on RA web needs to be optimized

ECA-9107 - Add peering configuration capability to CLI to support scripting external VA/RA

ECA-9113 - CLI ca importcertdir command should use random password

ECA-9123 - Don't check key length is we have allowed Ed25519 or Ed448

ECA-9124 - Add "Cache-control" header to HTTP POST OCSP responses.

ECA-9131 - Clean-up job for expired OCSP Responses

ECA-9132 - Support Archive Cutoff for pre-produced OCSP responses

ECA-9135 - Improve documentation about allow.external-dynamic.configuration in ejbca.properties and cesecore.properties

ECA-9139 - Trigger OCSP Response Publisher on generation

ECA-9160 - Allow CLI upgrade command to run post-upgrade automatically

ECA-9162 - Allow to store pre-produced OCSP responses in response to requests with Nonce, if response does not have Nonce

ECA-9186 - Make new XmlSerializer code locale insensitive and deterministic

ECA-9189 - Allow OCSP Response Pre-Signer to only do Final Responses

ECA-9208 - Don't render OCSP Pre Production in EJBCA CE

Bug Fixes

ECA-1691 - Reject issuance if both notBefore and notAfter are in the past

ECA-2052 - Country code in Subject DN of CVC CA is case sensitive

ECA-2068 - Export CA key Store with incorrect password shows an exception on the screen

ECA-4155 - Check if RoleMember matched by X.509 certificate has a plausible CA and certificate serial number combination

ECA-4363 - Use different return codes for importprofiles CLI command

ECA-4735 - Unify appearance in "Edit CA" page between "CA life cycle" and "Externally signed CA creation/renewal"

ECA-5704 - Extended Key Usages / Prevent user from adding same Label for different OIDs

ECA-5705 - Extended Key Usages / Adding new Label with an existing OID replaces the old one without any error

ECA-6113 - SAN with escaped commas (e.g. in directoryName) is not displayed correctly

ECA-6189 - Subject DN e-mail field and EE e-mail field conflated in the RA

ECA-6770 - Extra slashes introduced on links from some admin web pages

ECA-7060 - Handle invalid input on 'Approval Profiles' page

ECA-7072 - Long text input in field validation of Manage Data Source page causes crash

ECA-7299 - Unit tests require PKCS#11 "slot 1" to exist and do not work with SoftHSM

ECA-7333 - It is possible to add Internal Key Bindings without a name

ECA-7678 - 'Close' button not functioning under 'Roles and Access Rules' page

ECA-7733 - Security hardening

ECA-7739 - Using a certificate profile template does not select the correct fields

ECA-8049 - Treat Subject Directory Attributes the same way as Subject DN.

ECA-8146 - OCSP signer renewal via peers not working for throw-away CA

ECA-8233 - "invalid use of tag" warnings from Javadoc for WS exceptions on JDK 11

ECA-8237 - Getting "XML Parsing Error: no root element found" when clicking "View Older" in View Certificate popup

ECA-8376 - RA Web doesn't build in CE.

ECA-8496 - Document how to prevent BouncyCastle not being loaded by an EJBCA classloader

ECA-8659 - Error message is not displayed in Audit Log UI page when database protection fails to verify

ECA-8679 - Security issue

ECA-8680 - Index recommendation will not allow use of partitioned CRLs

ECA-8687 - Fix selenium test failures due to wrong Certificate Profile save message

ECA-8689 - Enable /administrator when granting access to the WS protocol over peers

ECA-8690 - Import of IKB doesn't set bound cert Id

ECA-8691 - Add upgrade notes for ECA-8679

ECA-8697 - Audit log menu item visible on some pages even if the audit log is disabled

ECA-8707 - Key sequence ignored when renewing CA

ECA-8711 - Regression: Cannot change "Signed by" option for CAs in Uninitialized state

ECA-8712 - No alias for key purpose 0 error when editing external CA

ECA-8714 - Use CRL partitions should not be rendered for External CAs

ECA-8719 - 'Make New Request' on 'RA Web' on 'Clean Installation' results in StackOverflowError

ECA-8723 - cert-cvc should use Bouncy Castle provider for verification of CVCAuthenticatedRequest

ECA-8728 - TestDatafields in cert-cvc fails if clock is 00:00-00:59

ECA-8734 - Incorrect warning of ConfigExport/Import SCP Publisher

ECA-8735 - Some system tests fail if ManagementCA is called something else

ECA-8736 - HealthCheckTest.testAuditLogHealthCheck does not restore databaseprotection.keyid.AuditRecordData

ECA-8737 - change/addUser should throw a proper error message instead of NPE when changing a user to a non-existing EE profile

ECA-8739 - NPE when importing brainpoolP256r1 DVCA certificate

ECA-8742 - Delete tests leave crypto tokens left behind by system tests

ECA-8743 - KeyGenParams is not serializeable

ECA-8752 - CA message handlers may throw NPE instead of CADoesntExistsException when CA does not exist

ECA-8756 - ClassCastException on Wildfly 14 when saving a certificate profile with "Subject DN Subset" enabled

ECA-8757 - CaImportCACommand doesn't activate KeyRecoveryCAServiceInfo

ECA-8759 - Unclear error message CA/B Forum Organization Identifier is blank or missing

ECA-8761 - Certificate Extensions not enabled in the Certificate Profile give no error

ECA-8766 - Certificate pinning for Authentication Key Bindings is not working if the pinned certificate is not in the database

ECA-8772 - Minor security issue

ECA-8773 - Security issue

ECA-8777 - Security issue

ECA-8778 - WS request with missing required extension field can still be issued

ECA-8779 - WS request with extension field that is in CP but not EEP can be issued

ECA-8780 - KeyRecoverySessionBean.addKeyRecoveryData does not return false is data already exists

ECA-8782 - ServiceSession logs incorrect administrator when editing a service

ECA-8785 - Statedump import fails when there is an unconfigured EST alias

ECA-8786 - Making a CVC WS request can fail if there is an unitialized CVCA

ECA-8791 - Cannot search by year 2020 in Admin Web

ECA-8796 - Sometimes wrong default setting for "Send notification" in the RA, when notifications are enabled

ECA-8799 - Regression: Wrong JKS is downloaded in the "CA Certificates & CRLs" page

ECA-8803 - NPE in Admin UI if script publisher configured and after that external scripts are disabled

ECA-8811 - CVCA link certificate has wrong validity

ECA-8816 - 'Remove from CRL' should be removed from 'Revocation Reason' list

ECA-8819 - Cannot use 7.x RA with 6.15 CA

ECA-8823 - Bad default CRL parameters when importing CA

ECA-8832 - Create button enabled while viewing CA non privileged.

ECA-8858 - Test failure in ConfigdumpCertificationAuthorityUnitTest

ECA-8859 - CA does not get selected on Add End Entity page load, test failure in EcaQa59_EEPHidden

ECA-8861 - Strip key alias when creating new keys

ECA-8864 - I cannot download generated certificate request as PEM or DER. An exception has occurred.Server returned: 500

ECA-8869 - Fix duplicate/ambiguous network name on old Jenkins jobs

ECA-8870 - Fix selenium tests jobs of Domain Blacklists on Jenkins

ECA-8871 - Test EcaQa5_AddEndUserEndEntity fails due to changing element IDs and incorrect profile

ECA-8873 - No certificate profile specified in EcaQa202_NegativeBlacklistExactMatch test

ECA-8874 - EcaQa77_EndEntitySearch is sensitive to the environment

ECA-8880 - UpdatePublicKeyBlacklistCommandTest contains empty folder in resources, which fails with GIT

ECA-8881 - Empty POST to /.well-known/est/simpleenroll results in NullPointerException

ECA-8884 - PKCS#11 CP5 Cryptotoken type displayed even if no libraries are configured

ECA-8885 - HealthCheckTest fails on Community Edition

ECA-8888 - Test failures in Selenium jobs due to port conflict

ECA-8890 - Certificate Validator ignores profile settings

ECA-8893 - ServiceLocatorException on approval/notification when mail is not configured

ECA-8900 - The wrong certificate profile is edited when opening two certificate profiles in different tabs/windows

ECA-8910 - Jenkins Oracle DB is missing indexes, which causes failures

ECA-8912 - No remote key bindings listed on CA when any keybinding references a non-existent key

ECA-8915 - Usability: Verify allowed characters in key aliases when generating keys in using Azure Key Vault REST API.

ECA-8916 - Fix Jenkins test failure in EcaQa76_AuditLogSearch

ECA-8917 - Pre-sign Certificate Validator gives error when using ECDSA and a CA using HSM

ECA-8925 - Fix timing sensitivity in CTLogTest

ECA-8942 - Web Services - DN Merge Issue with Multiple OU Fields

ECA-8948 - Avoid NPE when no CA configured in EST alias

ECA-8955 - SCEP renewal should give nice error message when renewal cert does not exist

ECA-8956 - SCEP RA mode should not log on error level for normal handled error cases

ECA-8957 - Fingerprints not normalized on public key blacklist import

ECA-8959 - Public EC keys generated by a Pkcs11NgCryptoToken are always using explicit EC parameters

ECA-8960 - Regression: throwing checked Exceptions from postConstruct is not allowed in JEE spec

ECA-8985 - Certutil dump file created in Windows cannot be read by 'ejbca.sh ca importcertsms'

ECA-8989 - Unable to upload a zip with custom CSS files

ECA-8993 - CMP response message with PBE protection does not include configured extra certs

ECA-9012 - 'General Settings' Help/Documentation link 'Edit Validator' page is broken

ECA-9015 - Import Help/Documentation is broken under System Configuration/Custom RA Styles

ECA-9024 - AJAX for associating an RA style with a role is broken

ECA-9025 - Weird error message when certificate profile cannot be removed

ECA-9028 - Validators Help/Documentation link is broken under Edit CA page

ECA-9029 - Approval request not done by cert authenticated admins shows blank in Requested By

ECA-9030 - Improve audit logging for custom RA styles

ECA-9038 - NPE clicking Receive Certificate Response in Edit CA screen, if nothing is uploaded

ECA-9048 - Some languages not working for subject DN when viewing certificates in CA GUI

ECA-9060 - Adding a new label with a existing OID does not give you any error/message.

ECA-9064 - Prevent inactive CmsCAService to try to load keystore

ECA-9069 - Some CA lists in services are not sorted

ECA-9071 - Regression - 2 Edit buttons displayed in RA Web End Entity Details page

ECA-9073 - Approvals can't be edited by admin

ECA-9078 - Documentation link for Enable End Entity Profile Limitations? is broken

ECA-9080 - Documentation link for 'Create Authenticated Certificate Signing Request' is broken

ECA-9082 - 'ETSI PSD2 QC Statement' Documentation link refers to the wrong page

ECA-9086 - Missing documentation for CA/Browser Forum Organization Identifier

ECA-9103 - Ed448 and Ed25519 not supported in RA UI and Public Web

ECA-9104 - Edit end entity can log the wrong changed DN if DN merge is used

ECA-9106 - Regression: Unable to submit to CT logs

ECA-9109 - Regression: RA GUI: Regardless of the format chosen the downloaded certificate is always a PKCS12 certificate.

ECA-9110 - EJBCA adminweb is not accessible after configuring "Custom Publisher"--An exception has occurred. For input string: "60000"

ECA-9111 - Regression: EJBCA CA key renewal service does not work on subCAs

ECA-9112 - Selenium Tests in Jenkins

ECA-9125 - Avoid that upgrade adds duplicate OCSP extension that already exists

ECA-9126 - Methods to delete Ocsp Responses fail

ECA-9128 - Regression: Peers cannot deserialize TreeMap

ECA-9129 - Custom extensions cannot be deserialized by EJBCA

ECA-9130 - Regression: can not change CVC terminal type in CA UI

ECA-9136 - RaMasterApi reports wrong API_VERSION

ECA-9137 - Regression: Not possible to activate rollover renewal, CA rollover cert activation is not rendered in Admin UI

ECA-9138 - Documentation link broken in Edit Publisher 'Publisher Queue' section

ECA-9143 - NPE editing SCEP alias after rename of end entity profile and SCEP alias list items are not sorted

ECA-9150 - Audit Log page error

ECA-9152 - Some certificates are missing when downloading a JKS chain

ECA-9153 - Always close SSH connections created by the SCP publisher

ECA-9154 - Regression: can't edit ICAO document type list in adminweb

ECA-9157 - OCSP audit and account logging does not work when serving pre-produced responses

ECA-9159 - NJI11ReleasebleSessionPrivateKey always assumes RSA

ECA-9166 - Class was not found on classpath

ECA-9167 - Typo error in ORM mapping for ApprovalData

ECA-9170 - SecureXmlDecoder cannot deserialize enums created in Java 6

ECA-9172 - Rollover of expired CA will not make it active due to CRL generation failure

ECA-9174 - NPE in configuration checker if certificate profile linked from end entity profile does not exist

ECA-9178 - HealthCheckServlet is trying to create a "filename.properties" with no path

ECA-9181 - Deleting token used for 'Force Local Key Generation' breaks Basic Configurations page

ECA-9188 - Don't persist responses with status 'Unknown'

ECA-9190 - NullPointerException in Statedump when a non-existent publisher is still in use

ECA-9192 - Not possible to add additional CA certificates to CMP response

ECA-9200 - Regression: Several ajax calls on certificate profile page broken

ECA-9202 - Statedump support for the Google Safe Browsing Validator

ECA-9204 - It is possible to rename a CA with no name

ECA-9205 - NPE when testing the connection of a VA Peer Publisher referencing non-existing peer system

ECA-9207 - Regression: Created CVC Authenticated requests can not be downloaded in Admin UI

EJBCA 7.3.1.4

Released May 2020

ECA-9128 - Regression: Peers cannot deserialize TreeMap
ECA-9129 - Custom extensions cannot be deserialized by EJBCA
ECA-9136 - RaMasterApi reports wrong API_VERSION

EJBCA 7.3.1.3

Released March 2020

ECA-8959 - Public EC keys generated by a Pkcs11NgCryptoToken are always using explicit EC parameters

EJBCA 7.3.1.2

Released March 2020

EJBCA 7.3.1.1

Released November 2019

New Features

ECA-6784 - Improved peer publisher reporting - Create and download report after manual synchronization

ECA-8461 - Add the ability to view queued publisher items in the CA web

Tasks

ECA-7272 - Update readme documentation for dependency libs

ECA-8450 - Add OWASP Dependency checker to Jenkins

ECA-8638 - Update commons-beanutils to version 1.9.4

ECA-8639 - Add CT changes to documentation

ECA-8640 - Upgrade nimbus-jose to version 8.2

ECA-8643 - Update db2jcc4.jar used for jenkins tests

ECA-8644 - Update clover.jar, only used for tests, to version 4.4.1

Improvements

ECA-6205 - Remove unused method testImportFromZip

ECA-6979 - If a CT-configured certificate does not accumulate enough SCTs, it should be written to update OCSP, but not distributed to subscriber

ECA-8524 - Check for expired key binding certificates in the Configuration Checker

ECA-8635 - CT systemtest - Precert store

ECA-8648 - Notify if a search result is a pre-certificate in RA web

ECA-8660 - Add GCM mode ciphers for outgoing peer connections

Bug Fixes

ECA-8377 - Regression: Fast-fail is triggered when a CT submission is interrupted

ECA-8404 - CT publisher with direct publishing enabled, publishes old certificate on renewal

ECA-8630 - Incorrect handling of empty subjectAltName in a CSR in the RA UI

ECA-8658 - Error downloading CV certificate via Admin GUI search end entities screen

ECA-8667 - Update CESeCoreUtils and back-port build.cesecore.p11.jar option

ECA-8678 - Inspect publisher queue page shows wrong hour

ECA-8685 - "CMP" mentioned in EST CLI commands

EJBCA 7.3.0.1

Released 30 October 2019

New Features

ECA-7278 - Initial support for Azure Key Vault as EJBCA Crypto Token

ECA-8039 - Make OCSP Archive cutoff configurable in the CA UI, for all OCSP responses, and with (optional) static date (CA notBefore)

ECA-8236 - CA/Browser Forum Organization Identifier Field certificate extension (OID: 2.23.140.3.1) for PSD2 certificates

ECA-8371 - Add RA proxying to get global configurations

ECA-8372 - Get GlobalAcmeConfiguration over peer

ECA-8379 - EST support in Statedump

ECA-8390 - Convert caaIdentities URLs to IDN (ASCII) for ACME processing

ECA-8402 - Update SCEP GetCACaps return message to scep draft23

ECA-8403 - SCEP: set default hash algorithm to SHA-256 and support 3DES as response message encryption

ECA-8438 - Create Configdump EJB interface

ECA-8439 - Create configdump import CLI command

ECA-8440 - Add EJBCA version field to Configdump exports

ECA-8449 - Overwrite option for Configdump CLI: Replace/Update/Leave

ECA-8461 - Add the ability to view queued items in the CA web

ECA-8517 - Configdump import of Custom Certificate Extensions

ECA-8518 - Configdump import of Extended Key Usages

ECA-8519 - Configdump import of Internal Key Bindings

ECA-8520 - Configdump import of Publishers

ECA-8521 - Configdump import of Services

ECA-8522 - Configdump import of Certification Authorities

Tasks

ECA-7435 - Java 11: ClassNotFoundException: org.apache.geronimo.osgi.locator.ProviderLocator from WS Tests

ECA-8277 - clientToolBox uses the ext dir, which no longer exists in Java 11

ECA-8380 - ACME: QA Testing of ACME Changes

ECA-8405 - Documentation: Clarify CMP concurrent request to same user fails

ECA-8453 - Update some external dependencies

ECA-8454 - Update the last MySQL5Dialect to MySQL5InnoDBDialect in (old) external RA

ECA-8459 - Webtests: Add platform verification feature

ECA-8474 - Documentation: Add database driver and DataSource for PostgreSQL

ECA-8500 - QA Testing 7.3

ECA-8526 - System Test Investigation: EE_COS7_OpenJDK8_WF10_NOHSM_MSSQL2017

Improvements

ECA-7596 - Unification and consolidation of dockers' shell scripts

ECA-8073 - Include key information in ConfigDump

ECA-8247 - Allow CT logs to pick sharding by period

ECA-8273 - acme: Reduce code duplication

ECA-8329 - Clean up language files (Hard Token)

ECA-8330 - GUI: Rename all "Administrator Role" to "Role"

ECA-8335 - Update ACME authorization resources to RFC 8555 compliance

ECA-8336 - Update ACME 'revokeCert' resource to RFC 8555 compliance

ECA-8337 - Update ACME 'directory' resource to RFC 8555 compliance

ECA-8338 - Update ACME certificate resources to RFC 8555 compliance

ECA-8339 - Update ACME 'newAccount' resource to RFC 8555 compliance

ECA-8340 - Update ACME account resources to RFC 8555 compliance

ECA-8341 - Update ACME order resources to RFC 8555 compliance

ECA-8342 - Update ACME 'keyChange' resource to RFC 8555 compliance

ECA-8346 - Include references to the sql scripts available in the documentation.

ECA-8347 - Update ACME 'newNonce' resource to RFC 8555 compliance

ECA-8350 - Implement 'revokeCert' resource authorization for an ACME account holding all of the identifiers in the certificate

ECA-8356 - Exceptions caught by the EST servlet are not logged properly

ECA-8370 - Update ACME challenge response resource to RFC 8555 compliance

ECA-8397 - Update ACME documentation to RFC 8555 compliance

ECA-8399 - Remove ACME 'challenge' GET resource

ECA-8401 - Display a fingerprint of the imported Statedump after it has been imported in the CA web

ECA-8406 - Give a proper error message when using an attributes file for Client Toolbox in EJBCA

ECA-8409 - Select the correct attribútes file when editing a crypto token

ECA-8413 - Include the configured OCSP archive cutoff extension in all OCSP responses, not only for expired certs

ECA-8422 - Add CLI functionality for listing and editing OCSP extensions

ECA-8441 - Add import to ConfigdumpCore

ECA-8442 - Add YamlReader class

ECA-8443 - Add PoC for import of one object type in ConfigdumpSessionBean

ECA-8444 - Add import of important objects types in ConfigdumpSessionBean

ECA-8445 - Add import in configdump dump handlers

ECA-8446 - Create functional test (system test) for configdump import

ECA-8447 - CLI test for Configdump

ECA-8466 - ACME test suite re-factorings

ECA-8468 - Only report when available upstream RA peers changes

ECA-8475 - ACME end point test coverage

ECA-8477 - Add import of End Entity Profiles in Configdump

ECA-8478 - Configdump import of roles

ECA-8481 - Add implementation version in jar files to CAA cli tool, and other tools

ECA-8482 - Fix call of ACME operations with explicit ACME alias

ECA-8490 - Configdump import of Certificate Profiles

ECA-8502 - Create test for CaImportMsCaCertificates (import dump file created by certutil)

ECA-8513 - Sort items in list boxes on the role_edit.xhtml page in alphabetic order

ECA-8523 - Print CRL and public key when CRL fails to verify

ECA-8525 - Test of configdump import of Publishers

ECA-8527 - Option to export defaults in Configdump

ECA-8528 - Configdump documentation

ECA-8529 - AzureCryptoToken: Fix missing html ID and log if password is empty

ECA-8537 - Test of Configdump import of Internal Key Bindings

ECA-8543 - Exclude configdump import from ziprelease

Bug Fixes

ECA-7320 - CN from CSR not loaded correctly when "Changing a CSR"

ECA-7486 - EEP default Token type selection doesn't work on RaWeb enrollmakenewrequest page

ECA-7739 - Using a certificate profile template does not select the correct fields

ECA-7849 - Regression: foot_banner not used

ECA-7947 - Unused access rules are saved in basic mode

ECA-8033 - For configdump, allow it to skip past CAs waiting for a response and complete.

ECA-8099 - CA created with "Signed By External CA" has Serial Number Octet Size -1

ECA-8232 - IPv6 RFC compliant HREF links in EJBCA

ECA-8307 - CryptoTokenData: P11CryptoToken row entry touched/updated without need

ECA-8319 - "clientToolBox PKCS11HSMKeyTool linkcert" command should work according to ICAO 9303

ECA-8320 - SCP Publisher uses managing admin to sign payload

ECA-8322 - CertificateCrlReader does not handle revocation publications correctly

ECA-8323 - Fix findbugs warnings

ECA-8325 - CMP Configuration UI issues

ECA-8326 - CryptoToken.getPublicKey return javadoc differs from implementation

ECA-8344 - Jenkins job EE_COS7_OpenJDK8_WF10_NOHSM_DB2 cannot find DB2 Express-C docker image

ECA-8345 - Jenkins failing test 'org.ejbca.core.model.services.worker.CertificateCrlReaderSystemTest.testReadCertificateFromDisk'

ECA-8354 - First column not displayed when running the script language-tool.sh -s

ECA-8360 - Generated CRL Distribution Point and Issuer do not show correct DN

ECA-8375 - Regression: Failing Selenium test EcaQa206_CRLPartitionsIncorrectSettings

ECA-8383 - Reference lib.jpa.classpath not found when building cmpProxy for Tomcat.

ECA-8391 - New EST alias fields missing from ConfigDump export

ECA-8407 - User is asked to confirm slot re-use when editing an existing PKCS#11 crypto token

ECA-8410 - Set EJBCA_HOME in ejbca.sh if not set already

ECA-8411 - CRL is stored in publisher queue even if direct publishing is successful

ECA-8412 - PublishQueueProcessWorker always reports a NO_ACTION ServiceExecutionResult

ECA-8419 - Jenkins failing test 'org.ejbca.core.ejb.ProfilingTest.retrieveStats'

ECA-8420 - Jenkins failing test 'org.ejbca.core.ejb.upgrade.UpgradeSessionBeanTest.testUpgradeOcspExtensions6120'

ECA-8423 - Update Muehlbauer WS for removed Hardtoken

ECA-8426 - Trim CT log URLs

ECA-8428 - EST Name Generation USERNAME option gives error message when client username not set

ECA-8433 - Add placeholder to ejbca resourses CMP error message

ECA-8434 - OCSP Extensions are temporarily saved, even when the Save button is not clicked

ECA-8435 - Some CA lists in RA Web is sorted case sensitive

ECA-8436 - Caching issue with PSD2 fields in RA-web

ECA-8457 - Database protection broken on existing installations

ECA-8464 - EST configuration in Admin UI is not cleared when navigating away from the page

ECA-8465 - MSSQL Jenkins job (DB collation has to support case sensitivity)

ECA-8470 - Regression: GUI doesn't render "</br>" correctly for view certificate screen

ECA-8479 - Crypto token manage page checks for wrong permission

ECA-8484 - RA enrollment returns older certificate when validation fails

ECA-8485 - Legacy External RA not working with Wildfly 14 because of problem with the hibernate provider.

ECA-8486 - NPE when you click on 'Export selected' without selecting anything on Manage End Entity Profile page

ECA-8488 - L10n: Typo in English language

ECA-8492 - Importing Microsoft CA fails using ejbca.sh

ECA-8504 - Inconsistency when creating roles in CA web and RA web

ECA-8506 - Add missing textfield id for textfieldsharedcmprasecret

ECA-8509 - Regression: EJBCA Ignores CryptoToken Selection While Creating CA When Using the Default Key Option for the CertSignKey

ECA-8514 - RA Web incorrectly claims that role has members

ECA-8515 - Peer connector missing permissions when Approval management is set

ECA-8532 - Allow subject DN override and allow extension override is not honoured in the REST API

ECA-8538 - Regression: exception clicking on "Clear caches" button

ECA-8540 - Configdump error when exporting new unmodified ACME alias

ECA-8541 - Missing setters and unhandled nulls cause errors in Configdump

ECA-8542 - Fix configdump warning when importing certain End Entity Profiles

EJBCA 7.2.1.1

Released on 22 August 2019

EJBCA 7.2.1

Released on 30 July 2019

• New Features

• Improvements

• Bug Fixes

New Features

ECA-7943 - Add selenium test for creating a CA with partitioned CRLs

ECA-8092 - Remove Hard Tokens - a followup ticket

ECA-8113 - Add REST endpoint for cryptotoken management

ECA-8114 - Write systemtests for crypto token REST resource

ECA-8115 - Update static swagger file for documentation

ECA-8116 - Create REST endpoint for cryptotoken activation

ECA-8117 - Create REST endpoint for cryptotoken deactivation

ECA-8118 - Create REST endpoint for cryptotoken key creation

ECA-8127 - Create REST endpoint for CA Activation

ECA-8151 - Update CLI to allow viewing/generating partitioned CRLs

ECA-8249 - Import CVC CA CLI command should be able to import DVCA

Tasks

ECA-8125 - As a tester, I would like to call Rest endpoints for both testing and utilities that will work internally and externally of a docker image.

ECA-8137 - POC: Remote access for REST using GIT

ECA-8141 - Testing: Integration / Verification Testing

ECA-8176 - Exploratory testing using Swagger-UI

ECA-8182 - Document new REST resources

ECA-8194 - Add example script for ejbca-rest-api/v1/certificate/pkcs10enroll to the REST documentation

ECA-8209 - -Ddoc.update=true does not work anymore

Improvements

ECA-7059 - Remove properties files for CRLstore and CertStore

ECA-7272 - Security verification

ECA-7418 - Java 11: Xerces throws ClassNotFoundException: org.w3c.dom.ls.DocumentLS

ECA-8053 - Return correct version from REST status endpoint

ECA-8129 - Enable CT fastfail caching / backoff by default

ECA-8130 - Set up CT log test server and document it

ECA-8131 - Create DB update scripts and ORM files for new SCT table

ECA-8132 - Entity Bean for SCT disk cache

ECA-8134 - Saving SCT data to persistent table

ECA-8135 - Save and Read SCTs from persistent SCT table

ECA-8136 - Upgrade notes for persistent SCTs

ECA-8138 - Unit test of OcspCtSctListExtension

ECA-8149 - Code cleanup April 2019

ECA-8152 - Prevent broken certificate chain from being imported in the CLI using the 'ca importca' command

ECA-8156 - Generate URLs for URL rewrite with Client Toolbox

ECA-8158 - Documentation: Update CertSafePublisher description

ECA-8159 - Improve HealthCheck to also perform test signatures on the audit log

ECA-8165 - Create REST endpoint for CA Deactivation

ECA-8167 - Possibility to issue a final CRL with unlimited end date 99991231235959Z

ECA-8170 - Improve reliability of service workers in a cluster

ECA-8173 - Service workers always log success if the service ran, no matter the result

ECA-8181 - Warn when slot does not contain a key with the alias 'testKey' and relax the naming convention for these keys

ECA-8192 - Move REST resources into separate modules

ECA-8203 - CA token sign test should not sign with the same key twice

ECA-8206 - Use SHA256 with creating signed PKCS7 messages from X509 CAs

ECA-8208 - Refactor SCT caching to cache partial results also

ECA-8211 - Create a return type for publishers in order to track numbers of successes and failures

ECA-8229 - Debug log all steps in StartupSingletonBean

ECA-8230 - Base archiveCutoff on actual producedAt time instead of currentTimeMillis

ECA-8231 - Use the default CA of the SCEP alias, if no CA is specified in the message

ECA-8239 - Remove jsessionid from URLs on first session visit

ECA-8250 - Protocol Configuration for new REST resources

ECA-8264 - Update version in CT user agent to 1.1

ECA-8280 - Seconds in certificate's "valid from" and "valid to" fields (EJBCA API)

Bug Fixes

ECA-7739 - Using a certificate profile template does not select the correct fields

ECA-7828 - Drop down menu for 'Select Worker' under 'Services' is not responsive

ECA-7841 - Regression: Missing JAXB in JDK11 and lack of bundled API JAR causes complication error for Acme classes

ECA-8025 - Regression: Wrong CA-certificate is downloaded in the CA web

ECA-8079 - Edit CA page problems when creating CA from statedump

ECA-8099 - CA created with "Signed By External CA" has Serial Number Octet Size -1

ECA-8144 - Unable to change publisher type during edit

ECA-8147 - Regression: Cannot enter LDAP protocol CDP URL

ECA-8148 - Unable to edit and save access rules in basic mode

ECA-8153 - CertSafe Publisher throws NPE

ECA-8155 - Return not found on unhandled EST operations

ECA-8160 - ejbca.sh does not detect current working directory correctly

ECA-8161 - Ticket #215 VIECA?

ECA-8168 - NPE in RA web when rendering view enrollwithusername.xhtml

ECA-8191 - Change the ocsp.nonexistingisbad.uri pattern

ECA-8215 - Converter missing in selectManyListbox

ECA-8216 - Installation: Ejbca.ear does not deploy on Wildfly 10

ECA-8234 - OCSP requests with missing issuerKeyHash causes exception

ECA-8240 - Typos in create database postgresql script

ECA-8243 - Regression: NPE when a service is not scheduled to run

ECA-8253 - Integer converter missing in selectManyListbox on LDAP Publisher page

ECA-8254 - Check and possibly fix public key AlgorithmIdentifier parameters when issuing certificates

ECA-8308 - OcspKeyBinding CSR is not compatible with Microsoft CA

EJBCA 7.1.0.1

13 Jun 2019

New Features

ECA-961 - Partitioning of large CRLs by number of issued certificates

ECA-7384 - Protocol (WS/CMP/REST/CLI) support for issuing with multi-value RDNs

ECA-7474 - GUI support to enable/disable multi-value RDNs in End Entity Profiles

ECA-7785 - New validator phase that will run before using the CA private key to sign the tbsCertificate

ECA-7815 - Selenium tests for Domain Blacklist Validator

ECA-7906 - Remove CA related UI parts from RA/UI builds.

ECA-7907 - Rendering conditions for "Certificate Authority" page on different builds

ECA-7909 - Hide unusable commands from EJBCA CLI (ejbca.sh)

ECA-7910 - Create separate module for X509CA

ECA-7911 - Split X509 CA into common and build specific parts

ECA-7912 - Create new ant target for RA/VA ziprelease

ECA-7921 - Configdump support for Domain Blacklist Validator

ECA-7934 - Add CRL partition index column in certificate tables

ECA-7935 - Add crlPartitionIndex column in CRLData

ECA-7936 - Add partition configuration in X509CAInfo

ECA-7937 - User interface for configuration of CA CRL partitioning

ECA-7938 - Add documentation for partitioned CRL configuration

ECA-7939 - Update X509CA.generateCRL function to handle partitioned CRLs

ECA-7940 - Assign certificates to CRL partitions upon issuance or import

ECA-7941 - Show available CRL URLs if partitioning is used, in Edit CA page

ECA-7942 - Method generating partitioned CRL CDP URLs

ECA-7945 - Perform regression testing for certificate issuance with and without CRL partitioning

ECA-7946 - Add extensive system test of CRL partitioning

ECA-7953 - Allow for the export of single CP/EEPs

ECA-7962 - Make "ca republish" CLI command work with partitioned CRL

ECA-7963 - Update CRL Download Service to handle Partitioned CRLs

ECA-7964 - Create a separate module for CVC CA

ECA-7966 - RA-API, WS and REST support for Partitioned CRLs

ECA-8030 - Add YubiHSM2 P11 library to known P11 libraries

ECA-8048 - Add support for Partitioned CRLs in CertDistServlet, GetCRLServlet and CRLStoreServlet

ECA-8052 - Partitioned CRLs should not be allowed without "Issuing Distribution Point" CRL extension

Tasks

ECA-7385 - Document multi value RDN behavior for 'Subset of Subject DN' (not working with multi-value)

ECA-7389 - Document Administrator matching of multi-valued RDNs

ECA-7435 - Java 11: ClassNotFoundException: org.apache.geronimo.osgi.locator.ProviderLocator from WS Tests

ECA-7766 - Create a Jenkins job for testing Oracle DB

ECA-7825 - Java 11: ejbca-db-cli uses endorsed.dirs which is not supported in java 11

ECA-7857 - Create a Jenkins job for testing openJdk11

ECA-7892 - Make validationtool tests runnable

ECA-7904 - Investigate what to remove from Admin Web in RA/VA builds

ECA-7913 - Document changes RA / VA / CA builds.

ECA-7944 - Exploratory testing

ECA-7956 - Refactoring ExternalProcessTools.writeTemporaryFileToDisk for readability

ECA-7970 - Update changelog summary

ECA-7987 - Clarify documentation of fixed octet random serial number generator

ECA-7990 - Remove usage of SecureRandom from test cases to avoid copy-paste

ECA-8026 - Create Jenkins jobs for limited RA / VA builds

ECA-8027 - Fix remaining failures for Selenium tests in Jenkins

ECA-8034 - Upgrade testing of Partitioned CRL

ECA-8045 - Exemplify of the Required flag for custom certificate extensions

ECA-8050 - Add to CRL documentation - expired certs not included in new CRL

ECA-8058 - Fix EcaQa198 selenium test fail in Jenkins.

Improvements

ECA-7272 - Security verification

ECA-7391 - Only show CA-related approvals in CA Web (and vice versa)

ECA-7418 - Java 11: Xerces throws ClassNotFoundException: org.w3c.dom.ls.DocumentLS

ECA-7521 - User must fix malformed file when making cert request.

ECA-7554 - POC of Jenkins warnings job to analyze the code style/quality/shape

ECA-7593 - Add ClientToolBoxTest in new Jenkins

ECA-7596 - Unification and consolidation of dockers' shell scripts

ECA-7622 - Ability to edit token type in the RA Web

ECA-7722 - Minor usability improvements on Edit CA page

ECA-7797 - Upgrade JAX-RS 2.0 related libraries, correct swagger ACME generation and rely more on app server's JAX-RS implementation

ECA-7798 - Unit tests for the Configuration Checker

ECA-7853 - Change default digest alg of CMP request and response messages to SHA256

ECA-7884 - System test for copying DNSName from CN over WS

ECA-7902 - Add ExtentReport Plugin

ECA-7954 - Replace "Export profiles..."-links from profiles pages with buttons.

ECA-7957 - Improve error message when pinging an unknown peer system

ECA-7965 - Document CertTools.verify behavior for bad params with JUnit test

ECA-7975 - Avoid using two executors for Jenkins jobs

ECA-7986 - Better validation message when CAA validator is running on a certificate without dNSNames

ECA-7997 - Translate the RA web to Swedish

ECA-8000 - External Command Validator output not forwarded to EJBCAWS

ECA-8011 - Make crlPartitionIndex nullable instead of DEFAULT 0

ECA-8013 - Upgrade BC to 1.61

ECA-8016 - Database publishing of partitioned CRLs

ECA-8029 - Remove Hard Tokens, Hard Token Profiles and Hard Token Issuers from EJBCA

ECA-8097 - Selenium test for CA with incorrect Partitioned CRL settings

ECA-8101 - Upgrade notes for partitioned CRLs

ECA-8103 - CRL Update Worker should handle partitioned CRLs

ECA-8107 - Change terminology for "retired CRL partitions"

ECA-8109 - CRL partition fields in new CA page appear after changing Crypto Token

ECA-8110 - Document that CRL partition 0 gets URL without partition number

Bug Fixes

ECA-7626 - Fix out of memory issues on new Jenkins

ECA-7731 - Subject AltName does not appear in the RA Web when Subject DN is not used

ECA-7733 - Security Fix

ECA-7753 - Selenium Docker Jenkins followup ticket - NoInitialContextException: Need to specify class name in environment or system property

ECA-7841 - Regression: Missing JAXB in JDK11 and lack of bundled API JAR causes complication error for Acme classes

ECA-7868 - Regression: CA names in Edit End Entity Profile page should be sorted

ECA-7915 - Unexpected error while using Create Authenticated Certificate Signing Request in CA page

ECA-7929 - Fingerprints downloaded from the RA Web are scrambled

ECA-7952 - Some rules not applied when creating a role from the RA Web

ECA-7958 - New fields in X509CAInfo should be added to configdump

ECA-7973 - Clicking Test Command twice in External Command Certificate Validator gives exception

ECA-7974 - Community Edition build broken in trunk

ECA-7977 - CRL Downloader can't handle entries with extensions, but no reason code

ECA-7984 - Jenkins not cleaning up temporary fles

ECA-7985 - Unit tests do not respect tests.jvmargs

ECA-7989 - Possible race condition in SerialNumberGenerator with different CAs use different octet sizes

ECA-7991 - Make ApprovalSessionTest reliable

ECA-8002 - CRL Partition: CA does not retain CRL Partition settings

ECA-8004 - List of validators in certificate profiles is not sorted

ECA-8005 - NPE when trying to change ca token of a non existing CA

ECA-8010 - JBoss CLI on Jenkins uses too much memory on Jenkins

ECA-8012 - Regression: Delegated key pair generation doesn't work with RA-Gui enrollment

ECA-8014 - Trivial typo in revoke end entity reason codes

ECA-8015 - Exception in Admin UI trying to view a crypto token configured with a non-existing P11 library file

ECA-8018 - For Signed CMP messages, signed error message may not be signed with the expected signature for some errors

ECA-8023 - Update the default key aliases when importing keystores

ECA-8040 - Regression: End Entity Profiles ZIP file with directory cannot be imported

ECA-8042 - Cannot create CA with 'Use CRL partitions' option checked

ECA-8046 - Jenkins jobs use the same name for docker resources

ECA-8047 - Regression: Some End Entity Profiles ZIP files cannot be imported

ECA-8054 - Some classes still try to instantiate EjbcaWebBean

ECA-8055 - Log errors at initialization failure of EjbcaWebBeanImpl

ECA-8061 - Creating a CA using CRL Partition gives EntityExistsException

ECA-8062 - EST reenrollment fails if the DN includes more components than CN

ECA-8063 - ExtRAMessagesTest does not compile

ECA-8072 - CaRenewCACommandTest stops working after 2019-04-15

ECA-8075 - The "Generate" buttons do not include the "&partition=*" if using Partitioned CRLs in a new CA

ECA-8083 - Certification Authorities: Creating new CA with CRL Partitions fails

ECA-8085 - Fix potential race condition in REST initialization found by PMD

ECA-8087 - Unable to create CA with CRL Partitions

ECA-8090 - Certificate created with "use partitions" CA has 0 as crlPartitionindex

ECA-8095- Null pointer exception when a certificate profile uses CA defined AIA values, but the CA has defined none

ECA-8105- Regression: Cannot edit approval requests in RA-web

ECA-8111- SoftHSM directory has wrong owner on Jenkins

EJBCA 7.0.1.5

28 May 2019

EJBCA 7.0.1.4

02 May 2019

EJBCA 7.0.1.3

21 Mar 2019

EJBCA 7.0.1.2

18 Mar 2019

EJBCA 7.0.1.1

13 Mar 2019

EJBCA 7.0.1

Released on 4 March 2019

• New Features

• Improvements

• Bug Fixes

• Tasks

New Features

ECA-3076 - Detect and audit log when an administrator logs out of the CA Web UI

ECA-6777 - Create new DB column for storing CSR in CertificateData

ECA-7225 - Note in approvals that values have been changed from the default

ECA-7256 - Allow the creation of unenrolled EEs from the RA Web

ECA-7339 - PSD2 ASN.1 module and API code

ECA-7383 - Core API support for multi-value RDN and End Entity Profile validation of multi-value RDNs

ECA-7401 - Implement ConfigDump export for MultiGroupPublisher

ECA-7413 - Add SHA348withRSAandMGF1 and SHA512withRSAandMGF1 to the list of selectable signature algorithms

ECA-7414 - Make EJBCA build with Java 11

ECA-7419 - Can't paste ACME root anchor with tabs

ECA-7440 - Configdump exports parts of ACME configuration even if excluded

ECA-7444 - User Data Source access control does not let superadmins select "Any CA"

ECA-7470 - Possibility to add array values in edit CA CLI

ECA-7539 - Add subcommand to clientToolBox to interact with database over pure JDBC

ECA-7556 - ClientToolBox command for running a health check

ECA-7562 - Add WS CLI method to get remaining number of approvals

ECA-7586 - Implement a session timeout from the CA Web UI

Improvements

ECA-3724 - Convert Certificate Profiles pages to JSF

ECA-4348 - Remove remaining NetID integration code

ECA-4377 - CertTools.isCertificateValid logging refers to OCSP.

ECA-4630 - Convert Edit End Entity Profile page to JSF

ECA-5804 - Make ApprovalSessionTest less timing sensetive

ECA-5851 - Convert Certificate Authority pages to JSF

ECA-5932 - Upgrade bundled Hibernate jars

ECA-6210 - Stop using Ejb3Configuration in DatabaseSchemaScriptCommand

ECA-6801 - Convert EJBCA Home page to JSF

ECA-6802 - Convert CA Activation Page to JSF

ECA-6803 - Convert CA Structure & CRLs page to JSF

ECA-6804 - Convert Edit Crypto Tokens page to XHTML

ECA-6805 - Convert Manage Crypto Tokens page to XHTML

ECA-6806 - Convert Manage Publishers page to JSF

ECA-6807 - Convert Edit Publishers page to JSF

ECA-6808 - Convert Manage End Entity Profiles page to JSF

ECA-6810 - Convert Manage User Data Sources page to JSF

ECA-6811 - Convert Edit User Data Source page to JSF

ECA-6812 - Convert Manage Hard Token Issuers page to JSF

ECA-6813 - Convert Edit Hard Token Issuers page to JSF

ECA-6816 - Convert Manage Approval Profiles page to XHTML

ECA-6817 - Convert Edit Approval Profile page to XHTML

ECA-6818 - Convert Audit Log page to XHTML

ECA-6819 - Convert Manage Keybindings page to XHTML

ECA-6820 - Convert Edit Keybindings page to XHTML

ECA-6821 - Convert Manage Peer Connectors page to XHTML

ECA-6822 - Convert Edit Peer Connectors page to XHTML

ECA-6824 - Convert Manage Services page to XHTML

ECA-6825 - Convert Edit Services page to XHTML

ECA-6826 - Convert Manage CMP Aliases page to JSF

ECA-6827 - Convert Edit CMP Alias page to JSF

ECA-6828 - Convert Manage EST Aliases page to JSF

ECA-6829 - Convert Edit EST Alias page to JSF

ECA-6830 - Convert Manage SCEP aliases page to XHTML

ECA-6831 - Convert Manage SCEP alias page to XHTML

ECA-6832 - Convert System Configuration page to XHTML

ECA-6833 - Convert Preferences page to JSF

ECA-7263 - Remove "Administration" title from CA UI

ECA-7276 - Database CLI import from XML format

ECA-7284 - Fix broken web tests for JSF conversion

ECA-7289 - Improvements to Certificate Transparency section in certificate profiles

ECA-7292 - Add proper error handling for JSF

ECA-7298 - EJBCA CLI's "Merge CA Tokens" leaves unused crypto tokens behind

ECA-7312 - Increase initial size of ProtectionStringBuilder for Certificate Profiles to avoid unessecary warnings in debug log

ECA-7313 - Change mime type for CRLs from application/x-x509-crl to application/pkix-crl as defined in RFC5280

ECA-7314 - Implement "Custom Certificate Extension Data" field for RA enrollment

ECA-7315 - findCertificatesByExpireTime API calls, CLI and RA UI, should not return already expired certificates

ECA-7317 - SCEP error messages when CA can not be found are not complete

ECA-7325 - Extend tests for Custom Certificate Extensions

ECA-7327 - Convert viewcainfo.jsp and viewcertificate.jsp popUps to jsf

ECA-7334 - Review End Entity Profiles UI Tests

ECA-7343 - Refactor org.ejbca.webtest.helper.CaHelper

ECA-7344 - Refactor org.ejbca.webtest.helper.AdminRolesHelper

ECA-7348 - Introduce a CaStructureHelper for UI tests

ECA-7355 - Review Convert CA Structure & CRLs UI tests

ECA-7356 - Introduce an ApprovalProfilesHelper for UI tests

ECA-7357 - Review Approval Profiles UI tests

ECA-7362 - Review Administrator Roles UI Tests

ECA-7365 - Add a Jenkins job for EJBCA UI Tests

ECA-7367 - Acme must be in status unavailable under System Configuration (community edition)

ECA-7371 - Usage of sun.security.pkcs11 is not allowed when compiling in Java 11

ECA-7375 - Crypto Tokens page messages are displayed twice.

ECA-7380 - Missing space between 'Title' and '?' in Manage Crypto Tokens page

ECA-7421 - configdump module's unit tests are not collected by Jenkins unit tests job 'EJBCA_TRUNK_UNIT_PUPPET'

ECA-7423 - Failing tests of org.ejbca.configdump.core.ConfigdumpCoreUnitTest

ECA-7437 - Clean up unused imports, parameterize, remove unused variables ect.

ECA-7456 - VendorAuthenticationTest.test01_3GPPMode depends on server time zone

ECA-7471 - Allow system tests to run with EJBCA not on localhost

ECA-7491 - Use relative URLs in AdminGUI

ECA-7492 - Fun refactoring task - WebLanguages class uses property arrays, but should be remade in more OOP way

ECA-7508 - EJBCA-CLI: Do not add duplicate role members

ECA-7514 - Fix failing tests in EjbcaRestHelperUnitTest

ECA-7518 - Allow tests to run with TLS certificates not issued by ManagementCA

ECA-7522 - Add proper configuration to jenkins-files/*/conf/

ECA-7527 - Investigate and fix ACME failing tests in trunk

ECA-7530 - Convert ACME Configuration page to xhtml

ECA-7531 - Convert ACME Alias Configuration page to xhtml

ECA-7532 - Add Deviation List Signer Extended Key Usage

ECA-7537 - Simplify and improve configuration of CMP tests

ECA-7541 - Change CT log policy labels to not use mathematical symbols

ECA-7546 - Make API and log use of requestID and approvalID consistent and easier to understand

ECA-7547 - Allow OCSP KeyBinding certificate without Key Usage

ECA-7555 - Acme SystemTest(s) failure for 6.15X EJBCA_TRUNK_DB2V105_UBUNTU1204_JBOSSEAP61_PUPPET jenkins job

ECA-7557 - Fix failing CMP TCP system tests

ECA-7563 - Separate out EjbcaWSTest.test02FindUser into its own test class

ECA-7566 - EjbcaWS.findUser() does not work for subjectEmail

ECA-7567 - Allow browser binary to be configured for Web Tests

ECA-7573 - Improve error handling and remove dead code in AdminWeb

ECA-7574 - Convert Approval Actions page to XHTML

ECA-7575 - Convert Approval Action page to XHTML

ECA-7576 - Clarifications in the Multi Group Publisher documentation

ECA-7579 - Editing EE functionality in RA Web is hidden behind the View-button

ECA-7594 - fun refactoring task: ViewCertificateManagedBean parseRequest method needs the button control logic refactored out into their own methods

ECA-7604 - Get rid of PublisherDataHandler class

ECA-7605 - Fix admin-gui build.xml

ECA-7609 - Clear hibernate cache in ejbca-db-cli to avoid high memory usage

ECA-7612 - VendorAuthenticationTest test case fail in Jenkins

ECA-7614 - Implement ECAQA-196 test scenario.

ECA-7616 - Code refactoring in MultiGroup Publisher Data class.

ECA-7625 - Stop using System.lineSeparator, except for writing to files or pipes

ECA-7634 - ACME test improvements

ECA-7636 - Update system requirements in documentation

ECA-7642 - WebEjbcaClearCacheTest should be skipped if not running on localhost

ECA-7643 - EjbcaWSTest should not use hardcoded "superadmin" user

ECA-7644 - EJBCA ziprelease should not include scripts from jenkins-files

ECA-7645 - CrmfRAPbeRequestTest fails on community edition

ECA-7648 - EE_COS7_OpenJDK8_WF10_NOHSM_DB2 job failure

ECA-7649 - POC Automate profiles installation for Firefox

ECA-7650 - Ability to upload CT log key in raw B64 format

ECA-7654 - Update '© 2002–2018 PrimeKey Solutions AB' to 2019

ECA-7658 - Use white-list instead of black-list of allowed HTTP methods in web.xml

ECA-7679 - PeerConnectionsTest uses TLSv1, but should use TLSv1.2

ECA-7680 - PatternLoggers should check if log level is enabled before doing work

ECA-7682 - PeerConnectionsTest.testPublishCertificate should inform about prerequisite in failure message

ECA-7684 - Typo in error message on 'View Certificate' page

ECA-7689 - Update web.xml to Servlet 3.1 use correct JSF 2.2 schema in faces-config.xml

ECA-7692 - Add CSRs for unit testing the RSA Key Validator

ECA-7694 - Modify application.xml to reflect new JEE7 version

ECA-7696 - Add method to get filename from uploaded file

ECA-7701 - Upgrade persistence.xml to JEE7

ECA-7705 - AutoEnrollment Documentation Improvement

ECA-7707 - HttpMethodsTest.testDocs should not fail if internal docs are not used

ECA-7738 - JDK11 Compliance: Patch CESeCore with provider fix from DSSINTER-289

ECA-7740 - Simplify ant build scripts to cut build time

ECA-7755 - The copyright year should be updated to include 2019

ECA-7761 - Minor security improvement

Bug Fixes

ECA-6865 - Failure to publish to a Peer Publisher gives no error message in log in some cases

ECA-7013 - RA Style is deselected while modifying access rules

ECA-7269 - Regression: JSF errors on JBoss AS 7.1.1

ECA-7273 - Certificate profiles appear to be (but aren't) editable for an Auditor

ECA-7282 - Poor error message for incorrectly formatted CT public keys: "Extra Data Detected in Stream"

ECA-7285 - Add HEAD request for the endpoint revokeCert

ECA-7286 - Fix NPE which happens when de-registering account with certbot

ECA-7326 - Bound Certificate under Internal Key Binding is displayed wrongly

ECA-7329 - NPE when you click on 'Republish' button on View Certificate page under Authentication Key Binding

ECA-7332 - OCSP Extensions configurations is applied to the newly created ones

ECA-7338 - Regression: clearPwd flag on WS editUser does not work

ECA-7342 - Check for legal characters is not working for some pages

ECA-7366 - dncomponents.properties.sample order of orgaizationIdentifier differs from default in DnCompoonents.java

ECA-7370 - ServiceManifestBuilder does not run with Java 11

ECA-7378 - PublicWeb check certificate status inly works with 8 octet cert serialNumber

ECA-7379 - Regression: throwing checked Exceptions from postConstruct is not allowed in JEE spec

ECA-7404 - CA Activation backlink broken

ECA-7433 - Dry-run parameter not respected when importing validators using Statedump

ECA-7434 - Add modular protocol configuration to Statedump

ECA-7438 - NullPointerException in some Adminweb pages if External Script Access is disabled and you have Custom Publishers

ECA-7443 - CAs and Fields in User Data Sources are stored as strings, causing ClassCastException

ECA-7445 - Missing exclude option for Validators in Statedump

ECA-7460 - NPE when importing a CA where a previous certificate exists without expireDate

ECA-7480 - When creating an EndEntity in RA Web and delete_end_entity accessrule is disabled, the process ends incorrectly with success but end entity is not created

ECA-7499 - java.lang.IllegalStateException when using browser back/forward button

ECA-7500 - Certificate Request Generated despite choosing the wrong format

ECA-7511 - EjbcaWSHelperSessionBean.caRenewCertRequest lacks an null check

ECA-7516 - Investigate and fix duplicate ID exception in editservice.xhtml

ECA-7523 - Test failures in ProtocolOcspHttpTest due do missing cleanup

ECA-7524 - Regression: HttpMethodsTest fail because of unexpected HTTP header value

ECA-7525 - Domestic / Non-external CVCA/DVCA do not have the expiration field set

ECA-7529 - OcspExtensionsTest fails on community edition

ECA-7533 - Fix WS documentation for isApproved and getRemainingNumberOfApprovals

ECA-7534 - DnFieldDumpHandler missing DnFieldExtractor.URI in Map.

ECA-7535 - Regression: Upgrade of customcertextensions.properties fails

ECA-7536 - CertificateCrlReaderSystemTest fails on Windows

ECA-7540 - Importing a CVCA certificate with error triggers CSRF error

ECA-7543 - CertSafePublisherTest fails on Windows due to line endings

ECA-7544 - Fix UpgradePublisherTest

ECA-7550 - Missing label and fields cleared erroneously in Edit Services page

ECA-7552 - StatedumpTest should use systemtests.properties

ECA-7558 - Admin Web returns redundant security headers

ECA-7568 - OCSP unathorized (6) error adds blank line to OCSP transaction log

ECA-7572 - Publisher queue status on home page looks weird since JSF conversion

ECA-7583 - Regression: Errors when creating a CA are not handled

ECA-7584 - USERAUTH fail when publishing with the SCP Publisher

ECA-7587 - Fix NPE when exception lacks an error message

ECA-7591 - Configdump CA is missing support for getLatestSubjectDN

ECA-7595 - UpgradeSessionBeanTest.testUpgradeOcspExtensions6120 fails intermittently

ECA-7599 - AcmeConfigurationAndValidationSystemTest.leaveRevocationReasonUnchanged fails intermittently

ECA-7611 - Fix validity field in Edit CA page

ECA-7613 - CertificateCrlReaderSystemTest fails intermittently

ECA-7615 - Multigroup publisher errors handled incorrectly after conversion

ECA-7624 - Fix ConfigdumpValidatorUnitTest and YamlWriterUnitTest

ECA-7628 - configdump change causes test build failure in CE

ECA-7631 - Typo in Error message

ECA-7632 - RA Web enrollment, End entity removed if finishUser is unchecked in the CA

ECA-7647 - 'Receive Certificate Response' does not work for Externally signed CA

ECA-7662 - SecurityEvents*SessionBeanTest fails on H2 dues to use of ORDER in DELETE

ECA-7663 - CertificateRetrievalTest.test09FindWithMissingCertData assumes database.useSeparateCertificateTable=false

ECA-7665 - OutgoingPeerConnectionTest fails intermittently

ECA-7667 - Invalid single quotes in language file

ECA-7669 - The certificate link of an 'EJBCA Node Start' row in the Audit Log does not work

ECA-7676 - Nullcheck would have been NPE in BlacklistEntry

ECA-7677 - PeerConnectionsTest is missing slf4j runtime dependency

ECA-7697 - Regression: Default 'RA-Administrator' and 'Supervisor' roles gets 'Authorization Denied Cause: You are not authorized to view this page.'

ECA-7698 - Update example URL for external documentation

ECA-7699 - Can't access Admin web index page without /ca_functionality/view_ca access

ECA-7712 - Cannot save end entity profile where End Entity E-mail is disabled

ECA-7715 - Regression: Peer connectors cached in browser session not updated when cloning

ECA-7716 - Replace invalid double quotes in language files

ECA-7721 - Regression: CMP RA Name Generation Scheme don't use language strings anymore

ECA-7723 - Can't check "Critical" checkboxes on Edit CA page

ECA-7726 - Non-informative error message on Edit EST Aliases page

ECA-7730 - Clicking Logout in Adminweb gives NumberFormatException

ECA-7735 - Cloning a peer connector does not clone the flag for process incoming requests

ECA-7737 - Certificate of type "Sub CA" can't be published

ECA-7741 - Update tag library schemas for JEE7 in AdminWeb

ECA-7742 - CAA Validator fails DNSSEC validation for CH domains

ECA-7760 - ScpPublisher: Destination URL for certificates saved as crl.scp.destination and vice versa

ECA-7767 - Configdump validator export can fail with NPE

ECA-7769 - Fix warnings from DB CLI

Tasks

ECA-6864 - Set up a Jenkins instance to test JDK8/Wildfly10 using Docker

ECA-7261 - Map which ECAQA automatic tests which need to be remapped

ECA-7275 - Test ACME wildcard cert issuance and pre-authorization with certbot.

ECA-7331 - Verify if Swagger UI for works for ACME API. If it does, add documentation to confluence. If not, hide the ACME part from swaggerUI

ECA-7545 - New Docker job on Jenkins - EE_COS7_OpenJDK8_WF10_NOHSM_DB2

ECA-7551 - Exploratory testing on CMP configuration page

ECA-7695 - Update persistence.xml and orm-dbtype.xml to reflect JEE7 version

ECA-7763 - Test upgrade from 6.15.0 to 7.0.0

ECA-7768 - Update readme with license information for Hibernate jars

EJBCA 6.15.2.5

21 Nov 2019

EJBCA 6.15.2.4

01 Nov 2019

EJBCA 6.15.2.3

06 Aug 2019

EJBCA 6.15.2.2

27 Jun 2019

EJBCA 6.15.2.1

23 Apr 2019

EJBCA 6.15.2

Released on 7th of March 2019

• New Features

• Improvements

• Bug Fixes

• Tasks

EJBCA 6.15.1.3

07 May 2019

EJBCA 6.15.1.2

28 Nov 2018

EJBCA 6.15.1.1

26 Nov 2018

EJBCA 6.15.1

Released on 20 November 2018

• New Features

• Improvements

• Bug Fixes

New Features

ECA-7019 - Write documentation for ACME

ECA-7185 - ACME persistence: Create ORM scripts AcmeAccountData

ECA-7187 - Add ACME to Statedump

ECA-7188 - Add ACME to Configdump

ECA-7198 - ACME persistence: Create ORM scripts/entities/CRUD for AcmeOrderData

ECA-7199 - ACME persistence: Create ORM scripts/entities/CRUD for AcmeAuthorizationData

ECA-7200 - ACME persistence: Create ORM scripts/entities/CRUD for AcmeChallengeData

ECA-7202 - ACME system tests - analyse, improve and enable skipped system tests

ECA-7237 - Swagger problems with ACME module

ECA-7244 - Add ability to link in compiled JARs as plugins

ECA-7250 - PKCS11 enable using CKA_LABEL also when a sun attributes file is used

ECA-7253 - Add a method to SignSession in order to sign arbitrary payloads

ECA-7257 - Add possibility to disable Crypto Token key generation for specific PKCS#11 drivers in GUI

ECA-7259 - Add Amazon CloudHSM p11 driver to known P11 drivers in web.properties

ECA-7264 - Re-use endentity for ACME cert renewal flow

ECA-7287 - Add Required checkbox to the custom extension configuration screen and logic in backend

ECA-7288 - Add wildcard identifier to the Certificate Extension OIDs

Tasks

ECA-7138 - Ensure quality in ACME

ECA-7203 - Verify that ACME works with aliases

ECA-7207 - Verify & document External Account Binding in ACME

ECA-7252 - test ACME cert renewal and deacticvation flows with acme4j

ECA-7275 - Test ACME wildcard cert issuance and pre-authorization with certbot.

ECA-7323 - Document Peer RA Protocol Rules

ECA-7324 - Document Optional Custom Extensions

ECA-7331 - Verify if Swagger UI for works for ACME API. If it does, add documentation to confluence. If not, hide the ACME part from swaggerUI

Improvements

ECA-6921 - ACME persistence: CRUD for AcmeAccountData

ECA-7114 - Improved test for ACME dns-01 validation.

ECA-7120 - Upgrade EJBCA/CESeCore to BouncyCastle 1.60

ECA-7125 - Precompile Swagger UI WAR and add to ejbca/dist

ECA-7194 - Create certificate only for order from request

ECA-7204 - Re-enable ACME in GUI

ECA-7227 - Remove "CA Service Activation" from Certificate Profiles

ECA-7233 - Remove JavaDoc and source files from lib directory

ECA-7234 - Use a StringBuilder to improve efficiency creating database protection

ECA-7239 - Make DNSSEC optional for dns validation

ECA-7240 - EJBCA_TRUNK_MARIADB_UBUNTU1204_JBOSS711GA_PUPPET tests failing

ECA-7243 - Hide external account binding option from ACME GUI

ECA-7247 - Improve the New Terms of Service Agreement functionality of EJBCA ACME server.

ECA-7248 - Use EJBCA name style for issuerDN in CMP revocation request handler

ECA-7251 - Remove clover jar from ziprelease

ECA-7304 - Update default DNSSEC trust anchors

ECA-7305 - Upgrade handling for new "DNS port" setting for ACME

ECA-7310 - Improve feedback from CAA Validator

ECA-7311 - Possible serialization failure when editing Access Rules in Advanced Mode

ECA-7316 - Missing svn:keywords

Bug Fixes

ECA-6872 - Cannot enroll user with Cyrillic characters using RA web + appliance

ECA-7096 - Don't store certificate meta data option makes expireDate not published, causing archiveCutOff

ECA-7154 - SQL Grammar Exception on MS SQL Server v12

ECA-7193 - Move check of requested certificate validity from finalize to newOrder

ECA-7201 - Documentation link to Renew CA gives 404

ECA-7211 - OCSP signing certificates aren't always published for throwaway CAs with revoke enabled

ECA-7215 - CMP: RA Name Generation Scheme with DN component serialNumber does not work

ECA-7220 - DROP table scripts for AcmeNonceData is missing

ECA-7224 - Broken class-path references in ctlog.jar causes WARN messages in the JBoss log file

ECA-7231 - StringTools B64 failing unit test after upgrade to BC 1.60

ECA-7238 - EjbcaWS doesn't handle timeformats ending with 'Z'

ECA-7242 - EJBCA is trying to parse the string 'KeyId' as an integer when authorising an admin

ECA-7245 - NPE when issuing certificate via certbot

ECA-7246 - EjbcaWSTest fails with clearpassword

ECA-7249 - HSMKeyTool --force flag does not work when using an attributes file

ECA-7258 - Security: information leak in debug log

ECA-7260 - CryptoToken key generate button shown when it should not

ECA-7268 - RA Web search End Entities doesn't render if not authorized to search certificates

ECA-7269 - Regression: JSF errors on JBoss AS 7.1.1

ECA-7274 - Test ACME wildcard certificate issuance and pre-authorization with acme4j

ECA-7277 - DatabaseProtection on CertificateProfileData incompatible between <=6.11 and >= 6.12

ECA-7285 - Add HEAD request for the endpoint revokeCert

ECA-7286 - Fix NPE which happens when de-registering account with certbot

ECA-7302 - Name Constraints error when saving existing CA

ECA-7306 - GUI bug in Edit CA page.

ECA-7307 - 'Close' button not functioning under 'View Certificate'

ECA-7322 - Import renewed CA certificates, for External CA does not import to CertificateData, for Externally Signed CA does not publish

EJBCA 6.14.1

Released on 24 August 2018

Technical Requirement

ECA-6978 - Implement Rest conventions

ECA-7022 - Specify license information for swagger dependencies

Bug

ECA-3298 - One Junit failure on DB2

ECA-4729 - getRequestServerName with ejbca behind a reverse proxy via ajp returns wrong server name

ECA-5416 - SoftCryptoToken used for database protection always debug logs stacktrace about PKCS12 keystore password

ECA-6292 - Common PKI CertHash OCSP extension should be a singleExtension instead of a responseExtension

ECA-6654 - PublicCryptoToken can't be used for database protection verification

ECA-6763 - EJB CLI still logs too much irrelevant info

ECA-6774 - Fix the active status logo in internal key binding.

ECA-6848 - Regression: 'Provide request info' hidden when only 'Select key algorithm' should be

ECA-6862 - CertificateDataSessionBean.findUsernameByIssuerDnAndSerialNumber declared final

ECA-6869 - Upgrade code for 6.11 creates access rules that are not normalized

ECA-6880 - fix unit tests for Commuity MariaDB+ubuntu+JBOSS711GA configuration

ECA-6887 - Return value for rejected approvals in EjbcaWS.getRemainingNumberOfApprovals(int) is incorrect

ECA-6895 - Refine behavior of ApprovalSessionBean.getRemainingNumberOfApprovals(int)

ECA-6901 - Handle non-DNs gracefully in CertTools.isDNReversed

ECA-6923 - Missed slashes in documentation links

ECA-6947 - Validator view not refreshed, editing Validators modifies cache content

ECA-6950 - Documentation: Custom certificate extension data link broken

ECA-6951 - Documentation links on Admin GUI overview page broken

ECA-6959 - Cache CA name lookup in RoleMembers page view scope

ECA-6997 - Database upgrade version comparison does not handle varying number if fields

ECA-7000 - Improve isFullQualifiedDomainName

ECA-7001 - ExternalCommandCertificateValidator handles stdout and stderr incorrectly

ECA-7004 - Public key blacklist validator fails match on RSA keys when not all algorithms are specified in validator

ECA-7014 - External Command Certificate Validator should fail on non-zero exit code

ECA-7015 - The enum constant UNKNOWN needs a corresponding case label in this enum switch

ECA-7016 - Unlikely argument problems in ACME implementation

ECA-7027 - WS API documentation has wrong URL

ECA-7031 - Documentation Link broken for 'Manage Publishers'

ECA-7040 - Regression: External RA (polling) does not work for Keystore Requests

ECA-7043 - Upgrade with long version number can fail

ECA-7057 - Fix documentation link from Public Web

ECA-7063 - Peer connector settings are not saved when creating a new peer connector

ECA-7078 - Jenkins builds failure for test EjbcaWSCVCTest

ECA-7079 - Jenkins builds failure for SystemTests of REST API

ECA-7080 - Jenkins builds failure for AcmeWorkflowTest of ACME

ECA-7083 - CaaValidator always succeeds when the domain ignore list matches

ECA-7084 - Fix Jenkins test error: Non unique method in RA Master API

ECA-7085 - Some JUnit tests don't run

ECA-7086 - Regression: Help labels and at least one option is gone from the CAA Validator

ECA-7088 - some REST-related unit tests are failing in EJBCA_TRUNK_UNIT_PUPPET

ECA-7090 - Swagger inputs in snakecase are not evaluated in REST method input

ECA-7094 - Error "Can't reset to root in the middle of the path" during `ant install` on JBoss ≥6.4.19

ECA-7099 - CRL generation as CRL Issue interval can miss some intervals

ECA-7100 - Revocation CA lookup for nonConflictingCertificateData does not use normalized DN format

ECA-7101 - EjbcaWS.getProfile leaks information about CA's and EEPs

ECA-7108 - X509CA.upgrade could upgrade CA Overlap Time wrong from ancient version

ECA-7111 - Troubleshooting missing from documentation

ECA-7112 - Fix test failure EndEntityProfileSessionBeanTest.testAuthorization

ECA-7115 - WS customLog call calculates CA ID wrong if caName is missing

ECA-7116 - WS customLog call swaps username and admin certificate parameters in log

ECA-7140 - Ignore Top Level Domains field in CAA Validators no longer work

ECA-7141 - orm entry for AcemNonceData incorrect for PostgreSQL

ECA-7142 - Documentation Link broken for under OcspKeyBinding Tab

ECA-7144 - RaMasterApi dispatches non-serializable objects

ECA-7145 - Invalid error handling for EjbcaWS.getProfile (remote)

ECA-7148 - Jenkin's job EJBCA_TRUNK_UNIT_PUPPET compilation failure

ECA-7149 - Jenkins job EJBCA_TRUNK_UNIT_PUPPET has failing unit test of RsaKeyValidatorTest.testRocaWeakKeys

ECA-7150 - Regression ejbca-db-cli crashes with ClassNotFoundException: AcmeNonceData

ECA-7155 - Manage ACME Aliases is linking to SCEP documentation

ECA-7157 - Fields notBefore and notAfter in the order object are optional

ECA-7158 - HEAD endpoint for new-order is missing and required for certbot compliance

ECA-7159 - REST API /expire offset and maxNumberofResults doesn't work on multiple nodes

ECA-7160 - HEAD endpoint for new-account is missing and required for certbot compliance

ECA-7167 - Regression: Cannot generate keystore with autogenerated password from RA

ECA-7173 - ConcurrentModificationException while editing end entity with custom, dynamic, extensions

ECA-7176 - Regression: RA Web upload CSR auto-parsing stopped working

ECA-7179 - Regression: RA Web cleanup deletes existing end entity

ECA-7180 - NPE in ProfileAndTraceInterceptor

ECA-7181 - CertBot fails due to null values in JSON

ECA-7182 - ACME Link headers are not encoded according to the standard

ECA-7183 - Fix ACME notAfter validation failure

ECA-7184 - Check for incorrect approval settings for ACME CA/profile fails

ECA-7192 - ziprelease excludes configdump.sh from release zip

New Feature

ECA-5711 - RA API call base for ACME

ECA-6750 - System tests: VA Publisher with Throwaway certs

ECA-6845 - Fixing unittests EJBCA_TRUNK_MARIADB_RHEL64_JBOSSEAP64_OPENJDK8 Jenkins build

ECA-6851 - Create automated test for ECAQA-3

ECA-6853 - Add Peer RA Protocol Rule for SCEP

ECA-6854 - Create automated test for ECAQA-76

ECA-6858 - Create automated test for ECAQA-67

ECA-6867 - Create automated test for ECAQA-24

ECA-6868 - Create automated test for ECAQA-62

ECA-6874 - Create module for REST API

ECA-6876 - Implement client certificate authentication for REST API

ECA-6878 - REST API call: List of CAs

ECA-6882 - Create JAXRS "certificate" endpoint in ejbca-rest-api module

ECA-6891 - POST service endpoint to certificatecontroller for requesting new server certificate

ECA-6893 - ACME: Implement dns-01 validation method

ECA-6896 - Create automated test for ECAQA-42

ECA-6897 - Create automated test for ECAQA-8

ECA-6898 - User documentation REST API

ECA-6902 - Create REST service for downloading CA certificates

ECA-6903 - REST method for revoking a certificate

ECA-6904 - GET method to get certificates that are about to expire

ECA-6934 - Add RA proxying of EjbcaWS.findUser(UserMatch) and EjbcaWS.editUser(UserDataVOWS)

ECA-6937 - Create a common exception handler for the REST API

ECA-6941 - Add Swagger to the REST API

ECA-6942 - Create automated test for ECAQA-74

ECA-6944 - Create automated test for ECAQA-28

ECA-6948 - Use HEX serial number as identifier in the REST API

ECA-6953 - REST Json provider configuration

ECA-6954 - REST exceptions cleanup

ECA-6955 - REST soft exceptions

ECA-6956 - Create remaining JUnit test for REST

ECA-6957 - REST system tests

ECA-6958 - REST Use profile names as input instead of ID

ECA-6964 - Refactor cert enrollment REST service to do profile and endentity lookups behind RaMasterApi to improve performance

ECA-6970 - Add RA Proxying of EjbcaWS.getAvailableCertificateProfiles

ECA-6971 - Add RA Proxying of EjbcaWS.getAvailableCAsInProfile

ECA-6972 - Add RA proxying to EjbcaWS.processCertReq

ECA-6973 - Add RA proxying to EjbcaWS.cvcRequest

ECA-6974 - Add RA proxying to EjbcaWS.customLog

ECA-6975 - Add RA proxying to EjbcaWS.findCerts

ECA-6982 - Add RA proxying to EjbcaWS.getAuthorizedEndEntityProfiles

ECA-6983 - Add RA proxying to EjbcaWS.getCertificate(String, String)

ECA-6984 - Add RA proxying to EjbcaWS.getCertificatesByExpirationTime

ECA-6985 - Add RA proxying to EjbcaWS.getCertificatesByExpirationTimeAndType

ECA-6986 - Add RA proxying to EjbcaWS.getCertificatesByExpirationTimeAndIssuer

ECA-6987 - Add RA proxying to EjbcaWS.getLastCAChain

ECA-6988 - Add RA proxying to EjbcaWS.getProfile(int, String)

ECA-6989 - Add RA proxying to EjbcaWS. getLatestCRL

ECA-6990 - Add RA proxying to EjbcaWS.getRemainingNumberOfApprovals

ECA-6991 - Add RA proxying to EjbcaWS.isApproved(int)

ECA-6992 - Add RA proxying to EjbcaWS.isAuthorized(int)

ECA-6993 - Add RA proxying to EjbcaWS.pkcs12Req(String, String, String, String, String)

ECA-6994 - Add RA proxying to EjbcaWS.republishCertificate(int)

ECA-6999 - REST endpoint for keystore enrollment

ECA-7007 - REST endpoint to get CRL

ECA-7008 - REST endpoint to search for certificates

ECA-7010 - REST endpoint to check certificate revocation status

ECA-7011 - Start using Converters in REST related response, request and entity classes

ECA-7029 - Link Rest API documentation to the proper place

ECA-7030 - Prevent Swagger exposure in Production

ECA-7032 - Add RA proxying to EjbcaWS.getPublisherQueueLength(String)

ECA-7033 - REST endpoint to finalize enrollment after approval

ECA-7034 - Add RA proxying to EjbcaWS.revokeUser(String, int, boolean)

ECA-7035 - Add CLI command to list publishers

ECA-7038 - Extend EJBCA EJB CLI to allow adding RoleMembers of any supported type

ECA-7039 - Add Cavium Nitrox III as known HSM driver

ECA-7051 - Add protocol configuration for REST

ECA-7052 - Add REST APIs to Peer RA Protocol access rules

ECA-7053 - Add ACME to Peer RA Protocol access rules

ECA-7067 - Add positive audit log messages for all Validation operations

ECA-7076 - REST API - SystemTest - Authorized client requesting a new server certificate

ECA-7077 - REST API - SystemTest - Authorized client revokes a certificate

ECA-7092 - REST API license headers to Enterprise

ECA-7122 - Add RA proxying to EjbcaWS with request local instance first.

ECA-7126 - Add RA Proxying of EjbcaWS.getAvailableCAs

ECA-7127 - Rest APi unit tests are not run in Jenkins

ECA-7156 - Implement CAA identities

ECA-7178 - contacts should not be mandatory for ACME's POST newAccount endpoint

Task

ECA-6861 - Initial prototype of REST API

ECA-6871 - Add Fabiens cmp monitoring script to extras

ECA-6879 - Identification of certificates in REST API

ECA-6890 - Document Wildfly 12 configuration

ECA-6949 - Fix the Jenkins build EJBCA_TRUNK_MARIADB_RHEL64_JBOSSEAP64_OPENJDK8

ECA-7136 - Ensure quality in CAA Validator

ECA-7137 - Ensure quality in REST-API

ECA-7139 - Ensure quality in WS RA-proxying

Improvement

ECA-6090 - Add ability to specify multiple issuers in CAA validator

ECA-6162 - CT log request - optional full hierarchy, full Json request in debug log

ECA-6436 - Ability to set explicit.ecc.publickey.parameters for crypto tokens

ECA-6849 - Simplification of p11 token login (Crypto Token Activation)

ECA-6856 - Use consistent format of library license references

ECA-6863 - Fix easy to fix compiler warnings in Admin GUI classes

ECA-6873 - Improve handling when receiving SCEP getCACaps request for missing CA

ECA-6883 - Refactor X509CAInfo constructors to use build pattern

ECA-6884 - Run Web Tests on windows

ECA-6885 - CMP: add senderKID to responses when they are signed

ECA-6888 - unidfnr.enabled should have a default value

ECA-6892 - Create exhaustive regression tests for ApprovalSessionBean.getRemainingNumberOfApprovals(int)

ECA-6900 - Shift "Contributors" page from ejbca.org into Confluence Documentation

ECA-6905 - ACME draft-12 update: Remove tls-sni-02 and oob-01

ECA-6906 - ACME draft-12 update: Use camelcase instead of dash

ECA-6907 - ACME draft-12 update: New finalize workflow

ECA-6908 - ACME draft-12 update: Update and review all JavaDoc

ECA-6910 - ACME draft-12 update: Remove authz and cert resources "up" Link

ECA-6911 - ACME draft-12 update: newNonce should respond with HTTP 200

ECA-6912 - ACME draft-12 update: Update AcmeAccount creation workflow

ECA-6913 - ACME draft-12 update: Directory meta info should indicate if external account is required

ECA-6914 - ACME draft-12 update: Wildcard certificate issuance

ECA-6915 - ACME draft-12 update: Remove AcmeAuthorization scope

ECA-6916 - ACME draft-12 update: Update AcmeChallenge workflow

ECA-6917 - ACME draft-12 update: Verify response code for wrong content type

ECA-6918 - ACME: AcmeAccount should belong to an AcmeConfiguration

ECA-6920 - ACME persistence: AcmeNonceData

ECA-6922 - ACME draft-06 cleanup: Remove custom JAX-B serialization

ECA-6924 - ACME: Verify certbot compliance

ECA-6926 - ACME: Enable as part of release

ECA-6931 - ACME: Implement the missing calls in RaMasterApi to allow proxy use

ECA-6932 - ACME UI Configuration: GlobalAcmeConfiguration and AcmeConfigurations

ECA-6960 - ACME draft-12 update: Remove authzDeactivate resource "up" Link

ECA-6966 - Info log details when a database upgrade is started

ECA-6977 - Certificate Transparency, add verification of embedded SCTs and upgrade version of google/certificate-transparency-java

ECA-6980 - Remove root certificate from CT submission

ECA-6981 - GUI: Crypto Tokens form usability

ECA-6995 - GUI: End Entities search result revocation usability

ECA-7005 - Small improvement to CT debug logging

ECA-7017 - REST Jackson library unification

ECA-7018 - Add ACME to modular protocols configuration

ECA-7020 - When a CT log returns an error, log at info level instead of debug

ECA-7028 - modify REST enrollKeystore to accept JSON body rather than query parameters

ECA-7036 - Unidfnr data class should have unid as part of protection string.

ECA-7037 - File system property to disable X.509 client cert requirement for Admin GUI

ECA-7041 - Access rule '/cryptotoken/keys/generate/' is required to create CSR for OCSP Key Binding

ECA-7044 - Support Role namespace in EJB CLI

ECA-7045 - Reorganize crypto tokens documentation into a concept and an operational section

ECA-7048 - Adapt new RA API methods to RA API Guidelines

ECA-7049 - Make sure all RA API methods work both locally and remotely, where applicable

ECA-7056 - Create a "CA Overview" page in the documentation

ECA-7081 - Log all CRL parameters used when making a decision to generate a CRL or not

ECA-7087 - improve EJBCA_TRUNK_UNIT_PUPPET jenkins build (or runsa ant target) somehow, so that build error would make the build red

ECA-7091 - Remove Norwegian FNR from log

ECA-7095 - Enable "Don’t allow ROCA weak keys" in CA/B Forum RSA Key Validation Template

ECA-7097 - Merge REST revocation response classes

ECA-7113 - Make the dns resolver and iana root anchor configurable for acme

ECA-7121 - REST - return correct response code from POST and PUT endpoints

ECA-7123 - REST revocationstatus returns 'revoked' for non-existing entries

ECA-7124 - Complete IEjbcaWS JavaDoc for new RA master API calls.

ECA-7129 - Use static json for static swagger REST API documentation

ECA-7131 - SystemTest for REST Certificates search

ECA-7132 - Remove "default" ACME alias

ECA-7134 - Improve REST endpoint Swagger descriptions

ECA-7147 - Use consistent serial number response format in REST API

ECA-7166 - Update the documentation links for the OCSP keybindings page

ECA-7172 - Add new index for searches on AuditRecordData

ECA-7174 - Improve ProfileAndTraceInterceptor to print arguments properly

ECA-7177 - Increase CRL upload size from 60 KB to 250 MB

ECA-7186 - ACME Configuration: Hide EMPTY profile and add info text about Default CA etc.

ECA-7191 - Add request/response logging for REST calls

Epics

ECA-5792 - Allow peer publisher to only publish required data for OCSP

ECA-6727 - Revocation of Throwaway Certificates

New Features

ECA-6734 - New DB Table (Part of Alpha)

ECA-6737 - New SSB with basic NoConflictCertificateData functionality (Part of Alpha)

ECA-6738 - CA config changes + Admin GUI mods

ECA-6739 - Certificate lookup from PublishQueueServiceWorker

ECA-6740 - Changes in CRL generation logic

ECA-6741 - Update Database CLI

ECA-6743 - Modify EjbcaWS.revokeCert call (Part of Alpha)

ECA-6744 - Modify EjbcaWS.revokeCert call to accept more meta data

ECA-6745 - Manual tests with asynchronous replication

ECA-6746 - ECA-QA click test for Revocation of Throwaway Certs

ECA-6748 - System tests: WS call (Part of Alpha)

ECA-6750 - System tests: VA Publisher with Throwaway certs

ECA-6751 - Performance tests: Check existing tests (Revoke & OCSP)

ECA-6752 - Performance tests: Perform tests (before & after)

ECA-6753 - Document revocation of throw away certs

ECA-6789 - Edit CA page should include an option to select which certificatedata table to write to

Tasks

ECA-6756 - Add manual test of OCSP for UnidFnr

ECA-6778 - Update all occurrences of ocsp.extensionoid and extensionclass in documentation

Improvements

ECA-4337 - EJBCA client toolbox PKCS11HSMKeyTool generate command should not overwrite existing keys

ECA-6362 - Document all pages in the UI that are going to be deprecated by EJBCA 7.0

ECA-6572 - Remove timeStampClient.jar from documentation

ECA-6762 - Make existing EjbcaWS.revokeCert call work without certificate data being present

ECA-6764 - Fix missing header and id in test related classes.

ECA-6766 - System test of publishing of throw away certificate revocation status, with mock publisher

ECA-6767 - CertificateDataWrapper should handle revoked throw away certificate case

ECA-6772 - GUI: Usability about GeneralNames type fields (e.g. for Subject Alternative Name)

ECA-6779 - Update Confluence documentation for QC-Statements

ECA-6786 - VA Publisher should not update if revocation reason is permanent

ECA-6791 - Create separate CRUD bean for CertificateData and NoConflictCertificateData, for database queries etc.

ECA-6795 - CMP: don't log stack trace if CMP alias does not exist

ECA-6796 - Check new option "Accept revocations for non-existing entries" in backend code

ECA-6836 - Make it possible to issue throw-away certificates with publishers enabled

ECA-6837 - Restrict "Accept revocation of non-existing certificates" option to throw-away CAs only

ECA-6844 - Create fingerprint sheet in RA web

ECA-6850 - Add backend code for selecting which certificate data table to write to.

ECA-6856 - Use consistent format of library license references

ECA-6859 - Improved naming and ordering of Throw Away Certificate Revocation options

Bug Fixes

ECA-6717 - Remove clientToolBox dependency on ejbca-ejb

ECA-6728 - NPE when changing Approval Profile type

ECA-6761 - Republish/re-activate in the Admin Web passes html encoded data to API

ECA-6768 - DirectoryName in CMP (RA mode) requests doesn't work

ECA-6771 - GUI: Wrong designation of QC-Statements "Name Registration Authorities"

ECA-6775 - Unidfnr entity bean must handle longtext datatype.

ECA-6797 - ConfigDump does not find certain profiles etc. when --exclude option is used

ECA-6800 - junit ProtocolOcspHttpTest freezes

ECA-6823 - checkRevocationStatus returns wrong value for throw away CAs

ECA-6848 - Regression: 'Provide request info' hidden when only 'Select key algorithm' should be

ECA-6852 - Upgrade ocsp extensions does not account for '*' prefix

Epics

ECA-6464 - Implement UnidFnr as a Module

ECA-6466 - YAML Based Configuration Export

New Features

ECA-1960 - GUI: End-Entity Search results usability (actions with buttons)

ECA-5752 - Split out CSS from AdminGUI template.xhtml and provide theme support

ECA-5840 - Create an ant script that automatically exports EJBCA documentation to a local directory

ECA-6477 - Create base classes for the web test module

ECA-6514 - Create test + pilot export with basic End Entity Profiles export using YAML

ECA-6515 - Finish End Entity Profile YAML export

ECA-6516 - Create CLI interface for YAML export

ECA-6517 - Create YAML export for Validators

ECA-6518 - Create YAML export for CAs

ECA-6519 - Create YAML export for Certificate Profiles

ECA-6521 - Create YAML export for EST Configuration

ECA-6522 - Create YAML export for Services

ECA-6523 - Create YAML export for Publishers

ECA-6524 - Create YAML export for Crypto Tokens

ECA-6525 - Create YAML export for Roles

ECA-6526 - Create YAML export for Peer Connectors

ECA-6527 - Create YAML export for Internal Key Bindings

ECA-6528 - Create YAML export for Ocsp Configuration

ECA-6530 - Create YAML export for Admin Preferences

ECA-6532 - Options for what to include and exclude in YAML export

ECA-6533 - Create module for YAML export

ECA-6543 - Add CLI support for EST configs

ECA-6544 - Update test.xmli for YAML module

ECA-6546 - Implement java.util.Map to YAML conversion

ECA-6549 - Create automated test for ECAQA-153

ECA-6550 - Create automated test for ECAQA-87

ECA-6560 - Create automated test for ECAQA-98

ECA-6567 - Create automated test for ECAQA-78

ECA-6580 - Create YAML export for User Notifications in End Entity Profiles

ECA-6606 - Certificate revocation using EJBCA WebService API through External (Peer) RA

ECA-6615 - Fail hard if building with Confluence pull property set, but Confluence server can't be contacted.

ECA-6617 - Ensure that the Confluence docs are automatically (and always) updated with the ziprelease.

ECA-6620 - Put a placeholder page in Documentation if building without any prior Documentation retrieved

ECA-6629 - Create YAML export for SCEP configuration

ECA-6634 - Support SCEP via the RA

ECA-6646 - Remap all ? links in CA UI from old documentation to new Confluence based documentation

ECA-6649 - Configdump CA fixes

ECA-6661 - Remove init code from UNID-FNR OCSP Extension implementation

ECA-6662 - Entity bean (protected data)

ECA-6663 - SSB (with logic to check signature)

ECA-6664 - Create Scripts for DB Table

ECA-6665 - Module for UnidFnr

ECA-6666 - UnidFnr upgrade handling

ECA-6671 - Add CA ID generation to clientToolBox

ECA-6672 - OCSP ext. UI selection per keybinding

ECA-6695 - Create automated test for ECAQA-138

ECA-6696 - Create a helper class for Web Tests

ECA-6714 - Add description field for IKB "Trusted Certificates"

Tasks

ECA-6465 - Investigate the impact of curve aliases changing in BC v1.59

ECA-6483 - Add static code analyzing support for EJBCA code base.

ECA-6493 - Clean up warnings in CertProfileBean

ECA-6513 - Investigate and decide library to use for YAML

ECA-6553 - Update copyright year to 2018

ECA-6561 - Clean up ejbca.org and tighten up site

ECA-6585 - Create a CT logging Test Root

ECA-6720 - Remove old UNID-FNR properties from ocsp.properties.sample

Improvements

ECA-2156 - GUI: Search forms layout and usability

ECA-2731 - Move all find* methods from EndEntityManagementSession to EndEntityAccessSession

ECA-3417 - CaSession.getCAInfo and other get* methods in CaSession should return null

ECA-3610 - Bring all CRUD methods from UserData to EndEntityAccessSession

ECA-3772 - InformationMemory and associated cache classes are redundant and should be removed

ECA-5382 - RA: Allow certain admins to see requests that they are not allowed to approve

ECA-5499 - Use Facelet templating instead of frames

ECA-5520 - Additional information shown for CSRs uploaded

ECA-5675 - Request custom search should have date help in the RA

ECA-5769 - Support for nameSpace in EJBCA CLI

ECA-5864 - Make it possible to change EEP of an EE

ECA-6298 - CaInfo.getCertificateChain should return a List instead of a Collection

ECA-6320 - Allow validators to render dynamic values.

ECA-6325 - RA Web: Make the EE/Cert Details page match the search page

ECA-6352 - RA Web: Add a link back to the EE when viewing a certificate

ECA-6356 - Create system tests for modular protocol configuration

ECA-6411 - Move ServiceManifestBuilder into its own project

ECA-6437 - Ability to specify a subjectAltName and issuerAltName when creating CAs with CLI

ECA-6479 - Approval Partition names are not shown in the CA UI.

ECA-6501 - Add sun/security/action to jboss-deployment-structure.xml

ECA-6503 - Remove Web Tests from zip release

ECA-6506 - Null Pointer Exception when viewing an Accumulative Approval Request in Admin GUI

ECA-6551 - Format validation message properly under QueryGenerator

ECA-6554 - clientToolBox test with 8192 bit RSA keys fails with exception

ECA-6563 - GUI: Improve punctuation in English language for Admin GUI

ECA-6565 - Clean up language files

ECA-6566 - Clarifying ocsp.extensionoid description

ECA-6583 - Command line option to turn Configdump exceptions into warnings

ECA-6586 - Append file extension to YAML files

ECA-6590 - Replace spaces and special characters in configdump file names

ECA-6592 - Make YAML keys case consistent

ECA-6595 - Configdump export should require authentication token

ECA-6596 - Improve debug logging in CT with some more details

ECA-6600 - State BR version in the drop down in key validators

ECA-6605 - Create a unit test to ensure that CAA record sets that contain no ISSUE/ISSUE_WILD statements allow issuance

ECA-6607 - Refactoring the message keys of actions

ECA-6608 - GUI: Harmonize all popup windows

ECA-6610 - Remove redundant CAA language properties

ECA-6611 - Move guides section from EJBCA homepage to Confluence Documentation

ECA-6612 - Create an atomic WS call to perform key recovery

ECA-6613 - Include ConfigDump in ZipRelease

ECA-6614 - Allow PKCS#10 challengePassword encoded as IA5String

ECA-6616 - Source Confluence information from a PK-only properties file to avoid leaking data

ECA-6618 - Remove legacy documentation from EJBCA trunk

ECA-6619 - More gracefully handle deploying a Community release on an Enterprise installation

ECA-6637 - Basic System Configuration YAML export

ECA-6642 - When calling WS separate error messages if not authorized or if WS is disabled

ECA-6643 - Report unhandled getters in ConfigDump as errors

ECA-6645 - Make crypto token page resilient agains NPE when downgrading to Community

ECA-6650 - Ability to provide password piped to PKCS11HSMKeyTool

ECA-6651 - Update all links in the PrimeKey site to point to the new documentation.

ECA-6652 - ClientToolBox: document that generatenewuser uses two WS calls, and reference to certreq for the same functionality with a single WS call

ECA-6653 - EST re-enrollment should not also require username and password authentication

ECA-6657 - Improve performance when add a warning to each key in the crypto token already in use by another CA

ECA-6658 - Run.bat not in ejbca-db-cli

ECA-6675 - Move release notes, change log and upgrade documentation to Confluence

ECA-6679 - ConfigDump should handle relative paths on the CLI

ECA-6693 - Add ability to set explicitecc Crypto Token flag when renewing CA using the CLI

ECA-6697 - Allow for the same CT log appear in multiple CT log groups

ECA-6701 - Add Last-Modified, Expires and Etag headers to OCSP Post Responses

ECA-6706 - Restructure OCSP unid extension module to ejbca-ejb

ECA-6708 - Update tests for ProtocolLookupServerHttpTest for new UNID implementation

ECA-6716 - Remove Unid Data Source configuration and clean up Unid tests

ECA-6722 - Improve OCSP Extensions section in Admin GUI

ECA-6729 - File upload for test function of ExternalCommandCertificateValidator broken for Firefox and Chrome

Bug Fixes

ECA-5683 - Unescape escaped characters in SubjectAltName

ECA-6110 - Save should result in an error when 'Required' is checked for Subject DN Attributes

ECA-6489 - Header/footer filenames in System Configuration get reverted to default values

ECA-6500 - Typo in cesecore.properties.sample about ca.keepocspextendedservice

ECA-6502 - Approval state is not saved in Admin GUI

ECA-6507 - Certificate profile Approval style broken/ugly

ECA-6508 - ${ca.tokenpassword} in cli.xml should be quoted to allow whitespace and empty password

ECA-6510 - Cannot create certificate with a plus sign in SAN URI field

ECA-6538 - Modify all calls to FileUtils.writeStringToFile(...) to specify charset.

ECA-6548 - Approval Profiles WARNING javax.enterprise.resource.webcontainer.jsf.renderkit

ECA-6555 - Approve Actions with Status 'Expired' shows when Status 'Waiting' is used

ECA-6559 - Regression: CA Functions page broken due to non-JSP friendly code

ECA-6564 - Replace the word 'Unselect' by 'Deselect' in English language

ECA-6570 - Default CA Id is incorrect when importing an end entity profile with a missing CA Id

ECA-6571 - Search for expired approvals in RA Web is broken

ECA-6575 - Regression: importcacert command does not work with parameter 'initauth'

ECA-6579 - GUI: Word 'Actions' with 's' in table column headers

ECA-6581 - Regression: Add End Entity with name constraints permitted causes stacktrace

ECA-6589 - Regression: Editing an EE with name constraints causes NPE

ECA-6591 - Regression: DynamicUiProperty radio buttons not rendered

ECA-6597 - CAFingerprint of certificates are not populated correctly when importing CA and user certificates

ECA-6602 - Missing last used EE profile in Admin Preferences causes ConfigDump error

ECA-6609 - GUI: Tables graphically broken on home page

ECA-6621 - RA Web: Alignment of Certificate table

ECA-6639 - RA: New role can not be created if RA-login-role belongs to Namespace

ECA-6640 - Advanced search of EE doesn't follow RA Admin profile restrictions

ECA-6641 - WS through Peer RA does not work without a local Role on the RA

ECA-6644 - clientToolBox can not create proper CVCA link certificates

ECA-6654 - PublicCryptoToken can't be used for database protection verification

ECA-6656 - Order of SAN fields should not change if it comes from the CSR

ECA-6660 - RA: A comma in the certificate subject DN is displayed with leading /

ECA-6677 - ejbca-setup quick install script fails to run SQL cleanup commands

ECA-6678 - Warning about missing IKB ID null from ConfigDump

ECA-6681 - Fix warning about missing Validator getters from ConfigDump

ECA-6694 - CMP Configuration upgrade does not work

ECA-6698 - Unknown key binding causes Internal Key Bindings page to crash

ECA-6699 - CT label requirements (e.g. Google / non-Google) are sometimes not satisfied

ECA-6709 - Regression: Certificates with tag characters < > in directory name cannot be imported

ECA-6712 - 'Use IODEF E-mail' and 'Use IODEF WEB' checkmarks are behaving strangely

ECA-6718 - keyRecover WS call forwarded over peer connection throws if not available locally

ECA-6723 - OSCP signing cache does not update properly.

ECA-6725 - Fields not disabled when viewing a Validator

ECA-6730 - Fix test failures due to NPE in CaTestCase

EJBCA 6.11.1

21 Feb 2018

EJBCA 6.11.0.1

2018-01-11

Bug Fixes

[ECA-6086] - Document CAA IODEF limitations
[ECA-6120] - Document that CAA Validator requires TCP ports to be open in firewall
[ECA-6187] - clientToolBox. SCEPTest compares the wrong types in responses
[ECA-6199] - AdminWeb: Partitioned approval "Request has been executed"
[ECA-6222] - Public key exponent min value can be larger than max value for the RSA Key Validator.
[ECA-6223] - Possible to enter negative values in all numerical fields in RSA Key Validator
[ECA-6236] - Titles "Import CRL" and "Basic Functions" are not localized
[ECA-6237] - Display bug in Certificate Profile viewing
[ECA-6238] - GUI: Unknown language keys found in Audit Log
[ECA-6264] - Fix javadoc compilation errors
[ECA-6326] - Error when listing tokens on a HSM
[ECA-6330] - Error if default OCSP responder is set to NONE
[ECA-6345] - EJBCA Certificate Enrollment Error page
[ECA-6348] - when trying to navigate RA Web nothing happens (Blank page). Error message occured in logs
[ECA-6371] - Status labels not localized in "Protocol Configuration"
[ECA-6374] - ECC Key Validator shows incorrect label
[ECA-6376] - Add fields in Partitioned Approval results in java.lang.NullPointerException
[ECA-6388] - RA Web: Role Members issued by External CAs states "Unknown CA"
[ECA-6391] - CT Log Lifetime table accepts negative values
[ECA-6392] - Supervisor does not have access to certificate in audit log
[ECA-6417] - MAXFAILEDLOGINATTEMPTS in ExtendedInformation can be saved as a string if set via WS
[ECA-6421] - Regression: System Config cannot be saved, NPE
[ECA-6422] - Google Ct Policy is reset after flushing cache and saving
[ECA-6424] - Clicking on Add End Entity(request) in Approve actions page results in Internal Server Error
[ECA-6427] - Misplaced null check in EST operations session bean
[ECA-6429] - Regression: NPE in Admin GUI editing CVC CA that was created before validators
[ECA-6433] - RA Web: End Entity status change doesn't work from external RA
[ECA-6442] - Add dummy AlwaysAllowAuthenticationToken.InternalMatchValue in order to deserialize expired approval requests
[ECA-6445] - Upgrade of CAA Validator not triggered when ValidatorBase changed
[ECA-6449] - All form fields in End Entity Profiles page should have auto-complete disabled

New Feature
[ECA-4220] - Support for EST protocol
[ECA-4650] - GUI: View functionality for default certificate profiles
[ECA-5869] - Add links to an End Entity's certificates in the RA EE Search page.
[ECA-5870] - Allow for EE status change from the RA
[ECA-5997] - StateDump Validators
[ECA-6051] - Add post-processing to Validator framework
[ECA-6083] - In the Create CA screen, add a warning to each key in the crypto token that is already used by another CA
[ECA-6279] - Add GUI support for CAA misissuance reports w. IODEF
[ECA-6280] - Add WS IODEF support in backend for CAA misissuance reports
[ECA-6293] - Implement datatype for IODEF
[ECA-6313] - Use XML converter for IODEF types
[ECA-6315] - Support for CVC certificate extensions
[ECA-6383] - Support for FIPS 201-2 PIV FASC-N subjectAltName
[ECA-6404] - Include CMP Transaction ID in the log of CMP Proxy
[ECA-6425] - Password generator in clientToolBox
[ECA-6447] - Add a configurable whitelist to external validators
[ECA-6455] - Write documentation for EST

Task
[ECA-5944] - Go through RaMasterApi and verify that the presence of a certificate does not prevent forwarding of the request

Improvement
[ECA-3838] - Move DummyApprovalRequest into a test module
[ECA-3844] - Move all CRUD methods from CAData into CaSessionBean
[ECA-4476] - Name constraints should be validated before approval request gets added
[ECA-6155] - Make "treat lookup failure as permission to issue" configurable for CAA lookups
[ECA-6229] - Clean up unused language keys
[ECA-6246] - Introduce protocol configurations in system config
[ECA-6247] - Deny access to disabled protocols globally
[ECA-6249] - Modular Protocol Configuration to the RA over Peers
[ECA-6257] - Code clean up in RA Preferences.
[ECA-6285] - Improve comment about 'web.errorpage.notification' in 'web.properties.sample'
[ECA-6286] - Standard Date/Time examples for the logs
[ECA-6291] - Language files clean up, sorting "Mostly Configuration Module"
[ECA-6329] - OcspKeybindings should display active status
[ECA-6331] - Refactoring "HELPER" message keys in language files
[ECA-6333] - Document modular protocol configuration
[ECA-6366] - Add jboss-deployment-structure for BC provider on Oracle JDK for external RA SCEP server
[ECA-6367] - Add a constant for key purpose 0, defaultKey
[ECA-6368] - Remove old unused help links
[ECA-6369] - Change default OCSP signature algorithm to use SHA-256
[ECA-6370] - Update 'second' CSS style according to 'default' one
[ECA-6377] - Move profile ID constants into the correct classes
[ECA-6379] - Old list of Role Members is used when an Approval Request is created
[ECA-6396] - Specify Bouncy Castle provider explicitly for audit log verification
[ECA-6402] - Add test for expiration year filtering of CT Logs
[ECA-6405] - Notify user when RA is offline
[ECA-6407] - Modular protocol configuration over Peers using access rules
[ECA-6409] - Internal Key Bindings page throws exceptions when there's a crypto token error
[ECA-6410] - Modular protocol configuration improvements - Implement servlet filter
[ECA-6418] - Improve error handling for CV certificates
[ECA-6423] - Add Javadoc for CaConstants
[ECA-6428] - Modular protocol configuration improvements - UI, Configuration
[ECA-6430] - Custom CVC extensions in link certificates
[ECA-6432] - Improve error message to distinguish between client and server cert in peer connector
[ECA-6446] - Add a system configuration value for enabling External Command Validators
[ECA-6452] - "External Command" text frame in External Command Certificate Validator should be wider
[ECA-6457] - Create an upgrade routine that enables External Scripts (under System Configuration) only if any General Purpose Custom Publishers exist

EJBCA 6.10.1.1

2017-12-15

EJBCA 6.10.1

2017-12-11

EJBCA 6.10.0.2/3

2017-11-21

EJBCA 6.10.0.1

2017-11-08

EJBCA 6.9.1

2017-10-06

Bug
[ECA-6103] - importcert command fails in some instances for DirectoryName SAN values
[ECA-6104] - DNAME records are not followed correctly by CAA Validator
[ECA-6115] - CMP: error verifying extraCerts in RA mode when more than the EE cert is present in a chain longer than two
[ECA-6117] - Certificate with empty attribute can not be imported
[ECA-6121] - CAA Validator doesn't fail for nonsense domains.
[ECA-6135] - Regression: Key WS Key recovery requires call to edituser() before enrollment
[ECA-6148] - Remaining login attempts counter not decreased using public web
[ECA-6152] - Regression: Uploading EC CSRs in RA result in exception

New Feature
[ECA-6063] - Make Trust Anchor for CAA Validators configurable
[ECA-6116] - Add TTL information to CAA Tool output
[ECA-6133] - Add whitelist possibility to CAA Validator

Improvement
[ECA-6064] - Optimize issuance by minimizing EndEntity XML encoding/decoding
[ECA-6093] - Optimize ConfigurationHolder.getPrefixedPropertyNames
[ECA-6105] - Raw subject DN extended information should be base64 encoded
[ECA-6118] - Ability to use "description" attribute in directoryName fields
[ECA-6122] - Add additional logging to CAA Validator
[ECA-6123] - Make recursion depth configurable for CAA Validators
[ECA-6127] - CAA Validator should only lookup CAA records instead of ANY
[ECA-6128] - Make querying top level domains (TLDs) for CAA lookups optional
[ECA-6129] - Introduce DNS lookup caching for multiple SANs in the CAA Validator
[ECA-6136] - DNSSEC should be enabled by default in the CAA validator
[ECA-6137] - Issue if CAA lookup failed more than once and there is no DNSSEC chain to the ICANN root
[ECA-6145] - Support CNAME discovery as in Errata 5065
[ECA-6149] - Fill in default CAA Validator timout in the UI
[ECA-6150] - Stop writing complete stack traces for expected validation failures
[ECA-6161] - Make DNAME lookups in CAA validator optional

EJBCA 6.9.0.6

2017-09-21

Bug
[ECA-6107] - CAA validation allows issuance of wildcard certificates for subdomains, even though issuance is prohibited.
[ECA-6124] - CAA max recursion count is triggering for other checks than CNAMES
[ECA-6125] - KeyValidatorSession splits DNSNames incorrectly for CAA lookups
[ECA-6126] - CAA Validator fails for a SocketTimeoutException

EJBCA 6.9.0.5

2017-09-08

Improvement
[ECA-6107] - CAA validation allows issuance of wildcard certificates for subdomains, even though issuance is prohibited.

EJBCA 6.9.0.4

2017-09-07

Improvement
[ECA-6106] - CAA Validator should keep looking up domain tree even if NXDOMAIN is encountered

EJBCA 6.9.0.3

2017-09-05

Bug
[ECA-6099] - Ra Web: Trying to enroll P12 for user added in Admin GUI gives NPE

EJBCA 6.9.0.2

2017-08-30

Bug
[ECA-6088] - Create tables scripts all refer to the PublicKeyBlacklistData instead of BlacklistData

EJBCA 6.9.0.1

2017-08-29

Bug
[ECA-6088] - Role Member caching does not play well with clusters
[ECA-6089] - NPE when upgrading from 6.9.0Beta to 6.9.0Final due to IODEF
[ECA-6091] - NPE in View Certificates in RA Web if certificates have no KeyUsage

EJBCA 6.8.0.1

2017-08-17

Improvement
[ECA-6056] - Databaseprotection does not work with CertificateProfiles using Approvals

EJBCA 6.7.0.1

2017-04-27

Bug

[ECA-5853] - Upgrade to 6.7.0 fails due to Use Default CA Issue value

EJBCA 6.6.4

2017-02-20

Bug

[ECA-5687] - EJBCA 6.5.0 Community post-upgrade does not fail gracefully
[ECA-5700] - Upgraded ValidationAuthorityPublisher settings cannot be changed in GUI

EJBCA 6.6.3

2016-12-22

Bug
[ECA-5527] - PeerRaMasterServiceBean delays shutdown
[ECA-5554] - View certificate throws StringIndexOutOfBoundsException when certificate cannot be read
[ECA-5568] - Incorrect column type used in Oracle upgrade script
[ECA-5571] - ApprovalProfileSession is not sent to Workers, leading to an NPE
[ECA-5575] - Error generating CRL on MSSQL, update dialect to SQLServer2008Dialect
[ECA-5577] - Import certificate profiles in Admin GUI ignores profileId
[ECA-5578] - ExternalRA fails if no approval profile has been set

Improvement
[ECA-5079] - Make sun classes for PKCS#11 available using jboss-deployment-structure.xml
[ECA-5526] - Add new RA Web to Admin GUI menu

EJBCA 6.6.2

2016-12-04
---
Bug
[ECA-5549] - CT Log submission can fail in certain circumstances when it shouldn't

EJBCA 6.6.1

2016-11-23
---
Master Ticket
[ECA-5509] - Performance optimizations

Bug
[ECA-3554] - CVC certificate validity should not be backdated 10 minutes
[ECA-5253] - NPE should be avoided when not receiving an OCSP response in CmpProxyServlet
[ECA-5387] - Issuer Alternative Name not included in Root CA until it's renewed
[ECA-5479] - NPE when trying to view list of CMP configurations with missing profile
[ECA-5489] - Incorrect regex breaks "view certificate" page from Internal Key Bindings page for some CA DNs
[ECA-5495] - Update of imported CA certificate is not persisted to the CertificateData table
[ECA-5502] - Prevent legacy OCSP signer renewal from processing the same entry twice
[ECA-5514] - Make DynamicUiProperty.values thread safe

New Feature
[ECA-1628] - Add option to keep revoked expired certificates on CRLs.
[ECA-5141] - Specify hours, minutes and seconds in certificate profile
[ECA-5330] - Certificate expiration period specific to certain days
[ECA-5419] - Make CT Log timeout editable again, as well as the other fields
[ECA-5470] - Document trailing space in RDN value behavior in test
[ECA-5491] - Add CLI command to change crypto token for a CA
[ECA-5492] - Update Ubuntu quick start guide to 16.04 and Java 8

Task
[ECA-5428] - Get DB2 job on Jenkins running again
[ECA-5507] - Use available helper method for ContentVerifier creation

Improvement
[ECA-4447] - Make EJB timers non-persistent
[ECA-5451] - Prevent change of audit log node id once sequence is initialized
[ECA-5459] - Only regard revocation reasons *Compromise and unspecified as CA private key compromise in VA
[ECA-5460] - Update RHEL quick start in installation doc
[ECA-5469] - Document that WS certificateRequest method overwrites the end entity
[ECA-5478] - Ability to add multiple PDS URIs
[ECA-5486] - Document Java version requirements when running JBoss 7.1.1.GA or JBoss EAP 6
[ECA-5490] - Add new recommended database index for CRL generation
[ECA-5493] - Excessive logging when editing Certificate Profile
[ECA-5496] - IKB certificate import should not use the current CA certificate if public key does not match
[ECA-5501] - Don't initialize classes in ServiceManifestBuilder
[ECA-5517] - javascript for convertdot during ziprelease only works on JDK8

Sub-task
[ECA-5511] - Remove extra call to getDataMap() from ProfileData.getProfile()
[ECA-5512] - Remove some unneded calls to EndEntityInformation.extendedInformationToStringData()
[ECA-5513] - Make assertSerialNumberForIssuerOk() more light weight
[ECA-5516] - Investigate efficiency of ExtendedInformation persistence conversion