From 99cbfe61cf68ade2547243c3184292c55ad1e0f1 Mon Sep 17 00:00:00 2001 From: Doug Koerich Date: Tue, 19 May 2026 17:12:25 -0300 Subject: [PATCH 1/4] Doc: new FIPS 140-3 compliant license signing (SparkPost/Momentum#1064) Signed-off-by: Doug Koerich --- content/momentum/4/before-you-begin.md | 10 ++++++++-- content/momentum/changelog/5/index.md | 1 + content/momentum/navigation.yml | 2 ++ 3 files changed, 11 insertions(+), 2 deletions(-) diff --git a/content/momentum/4/before-you-begin.md b/content/momentum/4/before-you-begin.md index 505b325a1..5f54f3f73 100644 --- a/content/momentum/4/before-you-begin.md +++ b/content/momentum/4/before-you-begin.md @@ -1,5 +1,5 @@ --- -lastUpdated: "03/26/2020" +lastUpdated: "05/19/2026" title: "Before You Begin" description: "This chapter describes issues that need to be considered or addressed prior to preparing for the installation on Analytics and or Platform MTA nodes For each of your servers that run the MTA you will need a license file in this directory opt msys ecelerity etc You will need to..." --- @@ -15,4 +15,10 @@ You will need to provide Message Systems with a MAC address for each MTA node in ### Note -The [Momentum REST Injector](/momentum/3/3-rest) introduced in Momentum 3.14 continues to work in Momentum 4 and does not require a license. You can still use this injector to inject messages with simple template substitutions, but it has a very limited feature set compared to the Momentum 4 REST APIs. \ No newline at end of file +Starting with Momentum 5.3.0, licenses issued by Message Systems are signed with ECDSA P-256 / SHA-256 ([FIPS 186-4](https://csrc.nist.gov/pubs/fips/186-4/final)). A re-issued license in this format is required only on deployments that **enforce** FIPS 140-3 at the crypto-library level — for example, when running against SafeLogic CryptoComply (a FIPS 140-3 validated drop-in for OpenSSL), or against OpenSSL 3.x configured with `default_properties = fips=yes`. In those configurations the DSA-2048 / SHA-1 verify path is rejected as non-compliant and the MTA reports the license as invalid. + +Existing DSA-2048 / SHA-1 licenses continue to validate on all other deployments, including OpenSSL 3.x with the FIPS provider merely loaded (without `default_properties = fips=yes`). + +### Note + +The [Momentum REST Injector](/momentum/3/3-rest) introduced in Momentum 3.14 continues to work in Momentum 4 and does not require a license. You can still use this injector to inject messages with simple template substitutions, but it has a very limited feature set compared to the Momentum 4 REST APIs. diff --git a/content/momentum/changelog/5/index.md b/content/momentum/changelog/5/index.md index bb0d99fc4..25c3fcd29 100644 --- a/content/momentum/changelog/5/index.md +++ b/content/momentum/changelog/5/index.md @@ -6,6 +6,7 @@ name: "Momentum 5.x Changelogs" description: "Momentum 5.x Changelogs" --- +* [Momentum 5.3.0 Changelogs](/momentum/changelog/5/5-3-0) * [Momentum 5.2.1 Changelogs](/momentum/changelog/5/5-2-1) * [Momentum 5.2.0 Changelogs](/momentum/changelog/5/5-2-0) * [Momentum 5.1.1 Changelogs](/momentum/changelog/5/5-1-1) diff --git a/content/momentum/navigation.yml b/content/momentum/navigation.yml index d48717903..bdf6aabcf 100644 --- a/content/momentum/navigation.yml +++ b/content/momentum/navigation.yml @@ -1981,6 +1981,8 @@ - link: /momentum/changelog/5 title: Momentum 5.x Changelog items: + - link: /momentum/changelog/5/5-3-0 + title: Momentum 5.3.0 Changelog - link: /momentum/changelog/5/5-2-1 title: Momentum 5.2.1 Changelog - link: /momentum/changelog/5/5-2-0 From 7db2f6b49cb40051d8dcaefe28b98a016c6f39df Mon Sep 17 00:00:00 2001 From: Doug Koerich Date: Tue, 19 May 2026 17:17:50 -0300 Subject: [PATCH 2/4] Doc: missed the new changelog page (SparkPost/Momentum#1064) Signed-off-by: Doug Koerich --- content/momentum/changelog/5/5-3-0.md | 13 +++++++++++++ 1 file changed, 13 insertions(+) create mode 100644 content/momentum/changelog/5/5-3-0.md diff --git a/content/momentum/changelog/5/5-3-0.md b/content/momentum/changelog/5/5-3-0.md new file mode 100644 index 000000000..7b8809a5d --- /dev/null +++ b/content/momentum/changelog/5/5-3-0.md @@ -0,0 +1,13 @@ +--- +lastUpdated: "07/01/2026" +title: "Momentum 5.3.0 Changelog" +description: "Momentum 5.3.0 was released on 2026-07-01. This section will list all of the major changes that happened with the release of Momentum 5.3.0. Depending on installation type, all changes may not be applicable" +--- + +This section will list all of the major changes that happened with the release of **Momentum 5.3.0**. Depending on installation type, all changes may not be applicable + + + +| Type | Ticket | Description | +| --- | --- | --- | +| Feature | I-1064 | Added support for [license](/momentum/4/before-you-begin#momentum-license) signatures using ECDSA P-256 with SHA-256 ([FIPS 186-4](https://csrc.nist.gov/pubs/fips/186-4/final)), required on deployments that enforce FIPS 140-3 (for example, SafeLogic CryptoComply, or OpenSSL 3.x configured with `default_properties = fips=yes`). Existing DSA-2048 / SHA-1 licenses continue to validate on all other deployments, including OpenSSL 3.x with the FIPS provider loaded but without strict enforcement. | From 58279afeb6963c808e8537a3c74a2568ea5bc39f Mon Sep 17 00:00:00 2001 From: Doug Koerich Date: Tue, 19 May 2026 17:24:35 -0300 Subject: [PATCH 3/4] Doc: summarizing in the changelog table (SparkPost/Momentum#1064) Signed-off-by: Doug Koerich --- content/momentum/changelog/5/5-3-0.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/momentum/changelog/5/5-3-0.md b/content/momentum/changelog/5/5-3-0.md index 7b8809a5d..e2b3be0f8 100644 --- a/content/momentum/changelog/5/5-3-0.md +++ b/content/momentum/changelog/5/5-3-0.md @@ -10,4 +10,4 @@ This section will list all of the major changes that happened with the release o | Type | Ticket | Description | | --- | --- | --- | -| Feature | I-1064 | Added support for [license](/momentum/4/before-you-begin#momentum-license) signatures using ECDSA P-256 with SHA-256 ([FIPS 186-4](https://csrc.nist.gov/pubs/fips/186-4/final)), required on deployments that enforce FIPS 140-3 (for example, SafeLogic CryptoComply, or OpenSSL 3.x configured with `default_properties = fips=yes`). Existing DSA-2048 / SHA-1 licenses continue to validate on all other deployments, including OpenSSL 3.x with the FIPS provider loaded but without strict enforcement. | +| Feature | I-1064 | Added support for [license](/momentum/4/before-you-begin#momentum-license) signatures using ECDSA P-256 with SHA-256. | From 77f00133b5dbd05677dc2b31b70973fb93d9f8b0 Mon Sep 17 00:00:00 2001 From: Doug Koerich <122404417+dkoerichbird@users.noreply.github.com> Date: Wed, 20 May 2026 10:35:27 -0300 Subject: [PATCH 4/4] Adding notice about Node.js 24 to be installed separately (Momentum#1214) (#839) Signed-off-by: Doug Koerich --- content/momentum/changelog/5/5-3-0.md | 1 + 1 file changed, 1 insertion(+) diff --git a/content/momentum/changelog/5/5-3-0.md b/content/momentum/changelog/5/5-3-0.md index e2b3be0f8..66b1633f3 100644 --- a/content/momentum/changelog/5/5-3-0.md +++ b/content/momentum/changelog/5/5-3-0.md @@ -11,3 +11,4 @@ This section will list all of the major changes that happened with the release o | Type | Ticket | Description | | --- | --- | --- | | Feature | I-1064 | Added support for [license](/momentum/4/before-you-begin#momentum-license) signatures using ECDSA P-256 with SHA-256. | +| Feature | I-1214 | Removed `msys-nodejs` RPM from the Momentum bundle, to be replaced with the 3rd-party `nodejs` package. Node.js LTS 24+ must be installed separately from the system or a vendor repository. |