To have it out before the summer holidays we released EJBCA 3.10.3.
This is a maintenance release with only 6 issues fixed.
The release was primarily done to fix a regression for EAC CVC CAs using ECC keys.
- EAC CVC Document Verifiers using ECC keys did not work properly. This was fixed and new test cases was added to the test suite.
- Removed requirement to use “Batch generation” when using CMP RA mode.
- Fixed issue that revocation in admin gui did not work with CAs using accented characters.
- Added code to mitigate potential cross site scripting in admin gui. Note that client certificate authentication was still needed so it was not publicly exploitable.
- Added UTF-8 URI encoding for the public http port (8080). It was previously only enabled for the https ports.
Read the full changelog for details.