[Ejbca-develop] EJBCA Community 6.5.0 released

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Hi,

After a too long silence the EJBCA Team is very pleased to release EJBCA
Community 6.5.0. We acknowledge that this release has been due for a
long time, and
we are working hard to increase communication in the future. So continue
to monitor this space.

This release has primarily focused on tuning up the UI and responding to
security developments in the Java EE world in the last few months.
We've shifted plenty of focus to QA during this period, so this version
is the most stable we've released yet.
All in all, we've fixed 145 new features in this specific release, bugs
and improvements. The delta from the latest Community release are
hundreds of more issues.

A selection of noteworthy improvements.

Administration UI:
	- Certificate profiles can now be set to restrict key algorithms,
curves (for EC) and key length.
	- The CSCA "CA Name Change" feature from ICAO 9303 7th part 12 has been
implemented.
   	- Fixed a possible information leakage in the administrative web in
regards to certificate and end entity profiles.
	- Auditor default role has been given access to additional pages in the UI
	- The Auditor Role has been extended, and now has read access to End
Entities, all configurations and roles.
        - Granular control has been added to DN and SAN elements in End
Entity Profiles. Entered values can be controlled using regular expressions.
        - Most of the UI has been given read-only rights, and a new role
template (named Auditor) can be created and built upon
	  to allow an auditor to view but not modify.
        - Custom Certificate Extensions and Extended Key Usages can now
be added on the fly from the UI, so no longer is a JBoss
	  restart required when new ones are added.

General Cryptography:
 	- The underlying BouncyCastle library has been upgraded to version 1.54

Documentation:
     - All return and error codes from the CMP servlet have been documented.

OCSP:
	- OCSP responder can now cache the revocation status of client
certificates (used to sign requests) for limited time periods.
        - X-Forwarded-For is now logged if present in OCSP requests

External RA:
	- CMP Proxy now checks for message signatures, HMAC and checks
revocation status for signing certificates, relieving the CA of handling
	  unauthorized messages.	

General:
	- WildFly8 and WildFly9 are now supported platforms.
        - Upgrade procedure has been improved, and EJBCA now tracks its
own version, allowing many steps that were previously
	  performed as part of manual upgrades to be performed automatically
instead.
        - Much security hardening and improvements.
        - Upgraded internal libraries

You can also see a summary of all changes from the last Community
release in the download section.
https://sourceforge.net/projects/ejbca/files/ejbca6/ejbca_6_5_0/

Read the full change log for details, and see the UPGRADE document for
all functionality changes and upgrade instructions. These are both
available in the download package.

Regards,
The EJBCA Team
-- 
RSA Conference 2017
------------------------------------------------------------------
San Francisco | February 13-17 | Moscone Center
Come visit us in booth #627 at RSA Conference 2017!

Want a free expo pass?
Go to https://www.rsaconference.com/events/us17/register
and use the code: XE7PRMKEY