Releases: xipki/xipki
Releases · xipki/xipki
v6.5.3
- Gateway
- Bugfix: fixed bug "Cannot update an existing certificate over CMP"
- Add new REST APIs to re-key certificates.
- MGMT-CLI (Management Client)
- Check whether database for caconf is empty before importing.
- Dependencies
- jackson: 2.16.0 -> 2.16.1
- log4j: 2.20.0 -> 2.22.1
- The binary
xipki-setup-6.5.3.zipcan also be downloaded from the maven central repository- Directly via HTTP download
https://repo.maven.apache.org/maven2/org/xipki/assembly/xipki-setup/6.5.3/xipki-setup-6.5.3.zip - Via the
maven-dependency-plugin<artifactItem> <groupId>org.xipki.assembly</groupId> <artifactId>xipki-setup</artifactId> <version>6.5.3</version> <type>zip</type> </artifactItem>
- Directly via HTTP download
- SHA256 Checksum
b60abff7004b8b0418df2ff025db0e6704a5c5d38b93042a6c21fc62603b6a56xipki-setup-6.5.3.zip
v6.5.2
- All Components
- Add script to customize host and port of tomcat instances, passwords, etc.
- Audit: use Map<String, String> instead String to configure audit.
- Gateway
- Merge gateway wars to gateway.war.
- MGMT-CLI (Management Client)
- Add demo scripts.
- Command ca:ca-info prints also the associated publishers, profiles and requestors.
- Dependencies
- dnsjava: 3.5.2 -> 3.5.3
- The binary
xipki-setup-6.5.2.zipcan also be downloaded from the maven central repository- Directly via HTTP download
https://repo.maven.apache.org/maven2/org/xipki/assembly/xipki-setup/6.5.2/xipki-setup-6.5.2.zip - Via the
maven-dependency-plugin<artifactItem> <groupId>org.xipki.assembly</groupId> <artifactId>xipki-setup</artifactId> <version>6.5.2</version> <type>zip</type> </artifactItem>
- Directly via HTTP download
- SHA256 Checksum
3889f86f97beb4e8099eedef5241ce6ba7ac5ff2bd892f2b08f7c6c658733125xipki-setup-6.5.2.zip
v6.5.1
- CA, OCSP, Gateway, HSM Proxy
- Add scripts to copy files automatically.
- The binary
xipki-setup-6.5.1.zipcan also be downloaded from the maven central repository- Error in the INSTALL.md in the restored root folder
- Script
setup/provision-keycerts.shdoes not exist, it has been merged tosetup/generate-keycerts.sh.
- Script
- Directly via HTTP download
https://repo.maven.apache.org/maven2/org/xipki/assembly/xipki-setup/6.5.1/xipki-setup-6.5.1.zip - Via the
maven-dependency-plugin<artifactItem> <groupId>org.xipki.assembly</groupId> <artifactId>xipki-setup</artifactId> <version>6.5.1</version> <type>zip</type> </artifactItem>
- Error in the INSTALL.md in the restored root folder
- SHA256 Checksum
e813c15120f1e7eca74a05362c11489069a3484834ede7f590c8753f44c211bdxipki-setup-6.5.1.zip
v6.5.0
- All Components
- No demo keys and certificates will be delivered.
- Simplified password configuration.
- CA
- Change the location of file 'calock'.
- Add configuration of reverseProxyMode.
- Add support of file-based CA configuraion.
- Unified message format of CA configuration in CA management API and Database Ex-/Import.
- Remove support of database with DBSCHEMA.VERSION <= 8 (XiPKI v6.3.0 and less).
Use MGMT-CLI to export-then-import these databases.
- OCSP
- Remove the management interface (not necessary)
- Gateway
- Add configuration of reverseProxyMode.
- HSM Proxy
- New component introduced in this version.
- Dependencies
- xipki ipkics11wrapper: 1.0.7 -> 1.0.8
- xipki commons: 6.3.1 -> 6.3.2
- bouncycastle: 1.76 -> 1.77
- jdbc driver postgresql: 42.6.0 -> 42.7.0
- jdbc driver mariadb: 3.2.0 -> 3.3.0
- jdbc driver h2: 2.2.220 -> 2.2.224
- The binary
xipki-setup-6.5.0.zipcan also be downloaded from the maven central repository- Directly via HTTP download
https://repo.maven.apache.org/maven2/org/xipki/assembly/xipki-setup/6.5.0/xipki-setup-6.5.0.zip - Via the
maven-dependency-plugin<artifactItem> <groupId>org.xipki.assembly</groupId> <artifactId>xipki-setup</artifactId> <version>6.5.0</version> <type>zip</type> </artifactItem>
- Directly via HTTP download
- SHA256 Checksums
b4959fe68b87a1c20b56bed6767fdfe6831224459d399b58c8f2c94061536927xipki-setup-6.5.0.zip
v6.4.0
- CA
- Feature: encode the requests and responses between gateway and ca-server in CBOR format (was JSON).
- Feature: extend Properties to use the place-holder ${env:name} for environment and ${sys:name} for system property.
- Feature: add limitation to the name of CA, publisher, requestor, cert profile, signer, and alias of CA.
- Feature: add support of constant value of types PrintableString, UTF8String, INTEGER, BIT STRING and OCTET STRING.
- Feature: add limitation to the name of CAs, signers, publishers, requestors, and certificate profiles.
- Feature: allow the use of aliases for certificate profiles in a CA.
- Add support of tomcat 10+
- OCSP
- Feature: extend Properties to use the place-holder ${env:name} for environment and ${sys:name} for system property.
- Add support of tomcat 10+
- Gateway
- Feature: add support of ACME with challenge types dns-01, http-01 and tls-alpn-01
- Feature: encode the requests and responses between gateway and ca-server in CBOR format (was JSON).
- Feature: extend Properties to use the place-holder ${env:name} for environment and ${sys:name} for system property.
- Feature: add support of short URLs in EST, REST and SCEP gateways.
- Add support of tomcat 10+
- CLI
- N/A
- MGMT-CLI (Management Client)
- N/A
- Dependencies
- Replace JSON parser gson with jackson.
- Bouncycaste: 1.73 -> 1.76
- ipkcs11wrapper: 1.0.5 -> 1.0.7
- log4j: 2.19.0 -> 2.20.0
- mariadb-java-client: 3.1.4 -> 3.2.0
- slf4j: 1.7.32 -> 1.7.36
- SHA256 Checksum
-
47e9a24a15e3352a6a172606efb56b824f0c37d477434ee7a13a8cffce7049eexipki-setup-6.4.0.zip
-
v6.3.0
- Release date: 2023/04/29
- CA
- Do not check the uniqueness of serial number in database if it contains
at least 95 random bits. - Fixed bug "the scheduled generation of CRLs does not work".
- Split the database of CA to 2 databases: 1 only for the CA's
configuration, and 1 for the generated certificates and CRLs.
Note: software of this version works also with databases of versions
between 6.0.0 and 6.2.x.
- Do not check the uniqueness of serial number in database if it contains
- OCSP
- N/A
- Gateway
- N/A
- CLI
- N/A
- MGMT-CLI (Management Client)
- N/A
- Dependencies
- ipkcs11wrapper: 1.0.4 --> 1.0.5
- bouncycastle: 1.72 --> 1.73
- replace tinylog with log4j2 v2.19.0.
- Misc
- Compared to 6.2.0, there is only one ZIP-file for all software components.
- Source: the modules audit, audit-extra, datasource, password, security,
shell-base, util, xipki-tomcat-password have beed moved to
xipki/commons.
- SHA256 Checksum
4db0e27eabc01f4cecc67d2eb5501556a7ee17b43a98e650bacd8c14030aea90xipki-setup-6.3.0.zip
v6.2.0
- Release date: March 26, 2023
- CA
- Extend the entities to generate CRLs from master CAs to all CAs.
- Rewritten the PKCS#11 code.
- (CA) Gateway
- Rewritten the PKCS#11 code.
- OCSP
- Rewritten the PKCS#11 code.
- CLI
- Support PBE-encrypted password in the karaf shell.
- Support PBE-encrypted password in the SSL configuration.
- Rewritten the PKCS#11 code.
- Add missing letters in SecurePasswordInputPanel.
- MGMT-CLI (Management Client)
- Support PBE-encrypted password in the karaf shell.
- Support PBE-encrypted password in the SSL configuration.
- Rewritten the PKCS#11 code.
- Add missing letters in SecurePasswordInputPanel.
- Dependencies
- Replace jpkcs11wrapper v1.0.0 by ipkcs11wrapper v1.0.4.
- tinylog: 2.6.0 --> 2.6.1
- JDBC driver postgresql: 42.5.3 --> 42.6.0
- JDBC driver mariadb: 3.1.2 --> 3.1.3
- zip4j: 2.11.3 --> 2.11.5
- SHA256 Checksum
b6730e714559c6f39cf586088e90176130780800d1d41bc95a5ebf9c4baa8c36xipki-ca-6.2.0.zipe6d32b798366511ea1a52967c38047378f6b1f518a856e924a05a36261e18cb0xipki-cli-6.2.0.tar.gz72dca9ab209e5e53d49848046f93636a5079ae115dd605528975f07826c9f1f5xipki-gateway-6.2.0.zip39d00ab231c85deda2c77ce7900654681dbe02e6540ea6d036fe994f02fddd6exipki-mgmt-cli-6.2.0.tar.gz4a40542221c49393e20e882cd779ea2cb9d9d1f903dfd235c140e57c26d3652cxipki-ocsp-6.2.0.zip
v6.1.0
- CA
- Use SQL scripts instead the Liquibase XML file to initialize the database
- Rewritten the PKCS#11 code
- (CA) Gateway
- Rewritten the PKCS#11 code
- OCSP
- Use SQL scripts instead the Liquibase XML file to initialize the database
- Rewritten the PKCS#11 code
- CLI
- Rewritten the PKCS#11 code
- MGMT-CLI (Management Client)
- Add command ca:sql to execute SQL scripts.
- DB Tool
- Removed. Merged to MGMT-CLI.
- Dependencies
- Removed dependency liquibase.
- Replace fastjson by gson
- Replace sunpkcs11-wrapper by jpkcs11wrapper
- apache-karaf: 4.3.7 --> 4.4.3
- tinylog: 2.5.0 --> 2.6.0
- JDBC driver mariadb-java-client: 2.7.6 --> 3.1.2
- JDBC driver postgresql: 42.4.2 --> 42.5.3
- SHA256 Checksum
ebd08fe0e25cff1f59b5845aa405ac4e68e7cfb55540798a675e3d2e165777f4xipki-ca-6.1.0.zip21c6a06c8930ce3de896de067647744806ce9d2da27a48a667ca9f6d4a6ba052xipki-cli-6.1.0.tar.gzdc002025656a2874134cbc1cedf50fff078179538f3adc19772614be6a554edcxipki-gateway-6.1.0.zip8f9429178a863f4317772f4b3737efefd75d17b4dc09ed60aea596dcfc27894cxipki-mgmt-cli-6.1.0.tar.gz37f862f0b5ed48b6317fadfc77b6940ba00a727a7d7fb217618146f0b38723d0xipki-ocsp-6.1.0.zip
v6.0.0
- CA
- CA communicates only with RA over RESTful API with mutual TLS.
- Remove the support of protocols CMP and SCEP with CA.
- Add support of EST.
- Change the database schema of CA.
- Reduce the minimal interval to generate CRL from 1 day to 1 hour.
- Add integrity protection of the audit entries.
- Add feature to save the keypair generated by the CA (in encrypted form).
- Add feature to generate keypair in software token, in hardware token, or from keypool (database).
- (CA) Gateway
- New module: protocol proxies (RA) for different protocols CMP, SCEP, EST and RESTful API.
- OCSP
- N/A
- CLI
- Add option to encrypt the database export result.
- Remove support of JDK 8.
- MGMT-CLI (Management Client)
- Add new module mgmt-cli (was part of the module cli)
- DB Tool
- N/A
- Dependencies
- Bouncycastle from 1.70 to 1.72
- Fastjson from 1.2.79 to 1.2.83
- Liquibase fom 4.7.1 to 4.15.0
- Tinylog from 2.3.2 to 2.5.0
- H2 jdbc driver from 1.4.200 to 2.1.214
- MariaDB jdbc driver from 2.7.5 to 2.7.6
- PostgreSQL jdbc drive from 4.2.24 to 42.2.24 to 42.4.2
- SHA256 Checksum
0f61edccb82b670780c68ff2cf243f99add0d7703d4bac1071ebd0a05c83ae83xipki-ca-6.0.0.zipa4afbab9c8b1de6e53ed157dfab7cf195e5b4c7cf1947ee042c45d445470448bxipki-cli-6.0.0.tar.gz8a62a7825371824b2aff2ebc230baad14c1ba01ccc64ac3db72f7c9d478ca1daxipki-dbtool-6.0.0.zip33e32a6de88cd443fab31877228cbf22594edf5fa5a6824b20ca0dd301247aefxipki-gateway-6.0.0.zip7e132f2490126af9ab788c6c42fa1f97878f92da315e175dcc494310f742ab0cxipki-mgmt-cli-6.0.0.tar.gz0e99933f0abf3ef50aedf8e67ec55b5237107efc0d1d66a12e9ed49c70a6e466xipki-ocsp-6.0.0.zip
v5.3.15
- CA
- Add support of JDK 17
- Add option to control whether to save certificates in the database.
- Add option sql.type to use database other than pre-defined types
- Customize behavour for ncipher HSM and smartcard-based HSM
- Allow the specification of Utimaco's vendor user
CKU_CS_GENERIC - Add license mechanism
- Embed the bouncycastle jars in the installation binary
- OCSP
- Add support of JDK 17
- Allow configuration of sign algorithms not matching keys
- Add option sql.type to use database other than pre-defined types
- Customize behavour for ncipher HSM and smartcard-based HSM
- Allow the specification of Utimaco's vendor user
CKU_CS_GENERIC - Add license mechanism
- Embed the bouncycastle jars in the installation binary
- Use h2-database for OCSP cache and CRL by default (can be configured to other database type)
- CLI
- Add support of JDK 17
- Correct the configuration of sslTruststorePassword
- Customize behavour for ncipher HSM and smartcard-based HSM
- Allow the specification of Utimaco's vendor user
CKU_CS_GENERIC
- DB Tool
- Add support of JDK 17
- Add option sql.type to use database other than pre-defined types
- Dependencies
- Update liquibase 3.10.3 to 4.7.1, pkcs11-wrapper from 1.4.8 to 1.4.9, karaf from 4.2.14 to 4.2.15 (jdk8) and 4.3.6.
- SHA256 Checksum
6f9c9413cff232035dd6efd67d93844cfe8aee3d41624c2de6ed4243e4a346aexipki-ca-5.3.15.zip7b541fee2f75f9da2754e74d43a9efd8a834eedd6c0f72ca0ba69a1fbd8ce78dxipki-cli-5.3.15-jdk8.tar.gze415f620249cba9ffe25b307a166f272893a5d756ffcb7af093bd00dbab3a154xipki-cli-5.3.15.tar.gz3121700f85c1f71ec18a6d79e8813464a2c79c192a77cd3f28d6dd065bde14fbxipki-dbtool-5.3.15.zipc518cbecf441da613f98df407f524fa2ac8a07461bf08a170e848c538269fcf0xipki-ocsp-5.3.15.zip26aebcc6fe553a244d03859c43a8f20e52b03614f2dcfe1da3df876ba7f01630xipki-p11proxy-5.3.15.zip