Jan
24
2024
By dev on

Please download your copy at

https://mendelson.de/opensource
or
https://mendelson-e-c.com/opensource

What is new

*The used TLS security provider will be shown up in the overview of the supported TLS protocols now
(Client: File-Display HTTP server configuration)
*In the mail notification settings you have now the option to find out automatically your mail server settings by entering your notification receiver mail address
*The original filename verification has been enhanced
*Reworked the import/export functions of the certificate manager
*Added support for Ed25519 key generation in the certificate manager
*The client-server communication has been reduced by adding an additional compression layer
*Added the default values of the server settings to the interactive UI help - this allows the user to restore the default values once he has changed this
*The server preferences are cached now in the server processing, this reduces the number of database accesses signficant
*Certificate manager: Display the sign algorithm and the name of the EC curve in the overview
*Key generation: Adding support for SHA-2 512, SHA2 512 PSSRSA, SHA3 512 und SHA-3 512 PSSRSA signed keys
*Added the possibility to generate a subject key identifier (ski) extension in the key generator of the certificate manager
*Added an own notification for client-server connection problems - formerly it was just reported as system error which is not really the case
*The formerly file based key/certificate management has been moved to the database. This results in less file IO and more stable operations in cluster mode. R/O and access problems to keystore files are no longer an issue during operations.
*Added the possibility to export a full keystore file from the certificate manager
*Added the possibility to import a full keystore file to the system at server start
*Removed several filesystem based configuration checks regarding keystore files
*Removed several keystore file related server settings and configuration interfaces
*It's now possible to overwrite the certificate related security settings of the used local station per partner
*Added a more detailled error message if the postprocessing step "move file" failed

Resolved problems

*Fixed the error "Comparison method violates its general contract" that occurs very seldom in the certificate processing
*Fixed a serialization security issue in the http client package, thanks to MOGWAI LABS for reporting the problem
*There was a problem in the TLS certificate manager that it was not possible to delete all expired certificates at once
*Certificate Manager: It was not possible to export private keys into an external PKCS#12 keystore if their algorithm was EC or EdDSA
*Fixed problems with the basic authentication for outbound connections

Updated software packages

*Update to Bouncycastle v176 (crypto API)
*Update to jetty 10.0.18 (embedded HTTP server)
*Update to Lucene 9.8.0 (indexing of system events)
*Update to MINA 2.2.3 (client-server interface)
*Update to HSQLDB 2.72