Bug[ECA-5959] - Disabling OcspKeyBinding doesn't take effect until restart[ECA-6004] - RA Web: The field SAN MS-UPN is broken in Make New Request[ECA-6042] - Forbid non-modifiable empty Subject DN/Alt Name/Directory Attributes in EEP[ECA-6043] - Public Web: Create Keystore for Key Recovery displays Key specification drop-down menu[ECA-6101] - Disabling authorization cache, with value -1, gives error[ECA-6102] - Possible NPE when looking for database error to display[ECA-6119] - Regression: Role Members normalizes serial numbers with leading zeros [ECA-6143] - Regression: RA web can't process CSR[ECA-6147] - CMP Revocation with PBE responseProtection where KeyId is missing gives NPE[ECA-6151] - Misplaced "invalid certificate request" message[ECA-6153] - Regression: Processed approvals not listed in RA web[ECA-6157] - NPE in RA enrollment page when there's an end entity e-mail but no SAN[ECA-6158] - EST checkin causes Community build to fail[ECA-6159] - CMP: revocation should handle empty header.recipient[ECA-6163] - CAA Validator outputs stacktrace for expired DNSSEC protected records[ECA-6164] - Regression: ClassCastException when visiting "Search End Entities" in /ejbca/adminweb[ECA-6181] - NPE editing end entity with name constraints in profile, but no ExtendedInformation in entity[ECA-6183] - ServiceTypeHolder and ModuleTypeHolder.equals compares the wrong type[ECA-6184] - HardTokenInformation.equals compares the wrong type[ECA-6185] - RaRoleMemberBean compares the wrong type in getAvailableMatchKeys[ECA-6186] - PeerRaMasterServiceThreadBean compares the wrong type in keepServingRaPeer[ECA-6188] - GUI: Certificate Profiles form visually broken[ECA-6190] - EJBCA 6.x should handle legacy access match types from EJBCA 3.x[ECA-6193] - ejbca.cmd on windows does not handle enough arguments for all commands[ECA-6194] - CMP: enabling CMP over tcp causes deployment failure on modern Jboss[ECA-6201] - CMP: CA by KeyId function should work with internaltionalized characters, but be limited in length[ECA-6209] - CAA Validator seems to fail for gaps in DNSSEC domain records[ECA-6214] - Fix warnings in CT code[ECA-6216] - EJBCA's implementation of ValidatingResolver fails to receive an NSEC3 if CAA record set on domain is empty[ECA-6218] - Regression: NPE when performing browser enrollment with "allow extension override" enabled[ECA-6225] - Concurrent modifiation in ConfigurationHolder during startup with custom WS modifications[ECA-6231] - OCSP Responder may crash the VA's default responder signing certificate has expired. [ECA-6232] - Upgrade seems to cause a ConcurrentModificationException since lib upgrade[ECA-6233] - Correct upgrade guide in terms of obligatory versions[ECA-6235] - Hide EST Configuration menu options if module is not present[ECA-6240] - Roles upgraded from old (
Entity Framework Profiler v5.0 Build 5024
Improvement[ECA-3959] - Editing end entity profile generates unnecessary INFO[ECA-4413] - Simplify EJB lookups in CAAdminSessionBean[ECA-4438] - Remove unused caid parameter in CA.createPKCS7Rollover[ECA-4499] - Allow longer SAN and DN by default[ECA-4673] - Downloading an non-existent delta-CRL on the public web leads to a 404[ECA-4690] - Replace deprecated references to org.bouncycastle.asn1.x509.SubjectPublicKeyInfo.SubjectPublicKeyInfo(ASN1Sequence)[ECA-4795] - External RA: NPE in external RA gui when externalra-gui.issuerchain points to a non existing file[ECA-4803] - Security hardening[ECA-4906] - Limit OCSP Nonce to 32 bytes[ECA-4914] - Don't throw RTE when checking for non-existing CryptoToken activation status[ECA-4932] - Exclude install properties files from ejbca.ear[ECA-4936] - ConcurrentCache: Improve performance[ECA-4947] - Resetting an end entity password after key recovery should not require 'Edit End Entities'-rights[ECA-4952] - Simplified X509CertificateAuthenticationToken constructor[ECA-4963] - Certificate Profiles: Keep sorting, but sort default profile types first.[ECA-4970] - Set secure flag on Admin GUI session cookie[ECA-4983] - ejbcajslib.js has unneeded comment chars[ECA-4987] - Set search.cgi welcome page for RFC 4387 CRL and certificate stores[ECA-4998] - Document that CMP Unid support currently isn't supported[ECA-5029] - Usability improvement, limit Policy User Notice text field to 200 characters[ECA-5044] - Security Improvement[ECA-5047] - Improve pom.xml for cert-cvc[ECA-5088] - Move all CRUD methods from ApprovalData into ApprovalSessionBean[ECA-5106] - Add database column for subjectAltNames (SAN) in CertificateData[ECA-5115] - Allow notifications to be sent when admin has an external certificate not available in the database[ECA-5130] - Fix some resource leaks and thread locking issues in source[ECA-5142] - Generalize and improve InternalKeyBindingProperty[ECA-5147] - MS SQL server support in External RA build task[ECA-5148] - Perform some cosmetic improvements to the approve action page[ECA-5160] - Have externalized Approvals initialize their authentication tokens[ECA-5168] - Improve system tests for application servers that enforce class loading[ECA-5192] - Don't show admin roles that can't approve or view approvals[ECA-5195] - RA Enrollment: Show password only with downloading keystore[ECA-5196] - RA Enrollment: Provide user with more verbose error message during token creation[ECA-5203] - RA enrollment: Add support for autogenerated passwords[ECA-5212] - Sort Approvals by Request Date by default[ECA-5214] - KaRA: creating end entity should set email notification when it is required[ECA-5215] - KaRA: PRA Error handling when not unique subject DN or public key[ECA-5226] - Improve exceptions handling over peers to support more than just a message[ECA-5241] - Improve RA API exception handling[ECA-5247] - Change which requests are shown under the Pending and Processed tabs[ECA-5257] - RA enrollment: Download Token name should be CN value[ECA-5273] - Query.toString() should output something readable[ECA-5300] - Certificate Policies in the same order in certificate encoding as in the GUI[ECA-5301] - Add instruction for upgrade[ECA-5307] - PRA: Manage requests should show request ID[ECA-5317] - Autogenerated EE usernames as configurable with EEP[ECA-5318] - RA enrollment: Remove password fields with certificate creation if approval are not required[ECA-5332] - Statedump import should skip revocation of end entities' certificates[ECA-5343] - KaRA: AuthLoginException should contain error code, fix missing parameter to error messages[ECA-5344] - KaRA: password should be called enrollment code[ECA-5355] - KaRA: some reasons missing when explaining why admin can't approve a certain request[ECA-5356] - Delete modules/dist directory on clean[ECA-5357] - KaRA Usability: request form clearing and email[ECA-5362] - KaRA Usability: Rename "Needs Approval" and "Pending Approval"[ECA-5371] - KaRA Usability: more information when finalizing enrollment[ECA-5377] - Improvements for Approval Profiles Documentation[ECA-5393] - Log subject DN of cert failing validity check[ECA-5400] - KaRA: Document authorization rules for RA User and RA Admin[ECA-5405] - Security hardening[ECA-5410] - Approval profile notifications ability to include admin who last approved request[ECA-5418] - Show approval request type on the Manage Request page[ECA-5421] - CA Token Properties upgrade should debug log and be case insensitive
Master Ticket[ECA-3144] - Improved sub system integration (EJBCA Peer Systems)[ECA-3652] - Create PeerMessage datatype, ORM and CRUD beans[ECA-3653] - Create basic JSF pages for Peer mgmt [ECA-3659] - Connect GUI with CRUD[ECA-3671] - Add auth checks to CRUD bean[ECA-3694] - Milestone: Make PingMessage work from a PeerConnector created in the GUI[ECA-3699] - Outgoing TLS configuration as part AuthenticationKeyBinding [ECA-3700] - Rename peerconnector-common to *-ejb and move common classes under ear/lib/..jar [ECA-3702] - Basic publishing to peer system[ECA-3704] - Framework for making custom publisher configuration nicer[ECA-3710] - Do parallel publishing when the same thing is published to multiple targets[ECA-3711] - Changes to publishing API for efficient publishing of full CertificateData (and Base64CertData)[ECA-3712] - Efficient resynchronization of data between CA and Peer VA[ECA-3715] - Requested capabilities should be saved when creating peer connector[ECA-3722] - Create CLI support for PeerConnector[ECA-3742] - Publish the same updateTime that is used in the CA's database [ECA-3751] - Manual renewal of OcspKeyBinding at peer[ECA-3752] - Behavioral configuration for PeerConnectors [ECA-3756] - Make InternalKeyBinding access rules configurable[ECA-3757] - Minor PeerConnector refactoring and documentation[ECA-3759] - Service for automatic renewal of remote key bindings[ECA-3762] - Documentation: Create a security model for PeerConnectors [ECA-3770] - PeerConnector GUI improvements[ECA-3775] - Forbid start and return error when background task with same id exist[ECA-3777] - ListPeersCommand improvements[ECA-3778] - Drop concept of capabilities and use regular access rules framework[ECA-3781] - Improve peer message format[ECA-3782] - Stop connection pool and prevent start when peer connector is disabled or URL changes[ECA-3784] - More fine grained access rules for peer connectors[ECA-3785] - Disable plain http connections for peers[ECA-3786] - Shorten peer connector Servlet URL[ECA-3787] - Option for synchronization dry run[ECA-3803] - Peer connector system tests[ECA-3805] - Propagation of peer connection errors to UI[ECA-3806] - CLI for generic peer connection settings[ECA-3810] - Minor PeerConnector GUI improvements[ECA-3811] - Lookup authentication token at pool startup[ECA-3825] - Allow one AuthenticationKeyBinding to be used per Peer Connector[ECA-3833] - JEE5 support for enterprise edition only SSBs[ECA-3839] - Use one connection pool per outgoing id instead of URL[ECA-3840] - Cache PeerOutgoingInformation objects[ECA-3846] - More fine grained errors than UnknownMessageTypeResponse without information leakage[ECA-3850] - Use separate GlobalConfiguration for peer connections[ECA-3867] - Correct peer module license headers[ECA-3876] - Statedump support for peer connectors and configuration[ECA-3881] - Improve error message when peer responds with an unknown or broken message[ECA-3882] - PeerConnector: Ugly errors when using illegal characters in URL[ECA-3898] - Adjust logging of handled failures during peer publishing[ECA-3899] - Show mismatched access rules for incoming peer authorization instead of fixing it[ECA-3923] - Handle additional server side certificate end entity alias from PeerConnectionsTest[ECA-3928] - Rename Remote Systems menu item to "Peer System" 2ff7e9595c
Comments