X-Road v7.4.0 Release Notes

Release Info

Version number	7.4.0
Release date	21.12.2023
Supported versions	7.4.0 7.3.2 7.2.2
Supported platforms	Central Server Ubuntu 20.04 LTS Ubuntu 22.04 LTS Configuration Proxy Ubuntu 20.04 LTS Ubuntu 22.04 LTS Security Server Ubuntu 20.04 LTS Ubuntu 22.04 LTS RHEL 7 RHEL 8 Docker
Official documentation	https://github.com/nordic-institute/X-Road/tree/master/doc
Source code	https://github.com/nordic-institute/X-Road/tree/master
Software license	MIT

On this page:

Changes in This Release

Summary

Support for distributing global configuration over HTTPS.
Support for rotating global configuration sign keys on the Central Server without having to distribute a new version of the configuration anchor.
Support for changing the Security Server address in the Security Server web interface.
Make it possible to disable a subsystem temporarily on the Security Server.
Support for mapping LDAP groups to X-Road roles so that the Central Server and Security Server web interface users can be centrally managed via LDAP.
Configurable minimum supported communication partner Security Server version.
Support for enforcing new key creation when generating a certificate sign request (CSR) for authentication and signing keys on the Security Server.
Support for managing the registration and management service TLS key and certificate using the Central Server UI and management REST API.
Replace Akka with gRPC for inter-process communication between Security Server and Central Server components.
Replace the SHA-1 hashing algorithm with SHA-256.
Minimum supported JAVA version bumped to version 17.
- For RHEL7 systems, manual steps are required.
- The Java 17 installation instructions for RHEL7 are available in the Security Server Installation Guide for RHEL.
Minimum supported PostgreSQL version bumped to version 12.
- For RHEL7 systems, a manual update is required. The steps to migrate are available in the Knowledge Base.
Minor enhancements and bug fixes based on user feedback.

Both the Security Server and Central Server have been updated to the latest version of Spring Boot, which also upgrades the Jetty version used. This means that backups created prior to version 7.4.0 can not be used to restore the configuration on the newer version.

On the Central Server, restarting Nginx automatically may fail when upgrading to version 7.4.0. In that case, please restart Nginx manually (sudo systemctl restart nginx) once the upgrade process has been completed.

Completed Issues

Issue ID	Type	Summary

Issue ID	Type	Summary
XRDDEV-50	New	Make it possible to disable a subsystem temporarily on a Security Server. Disabling a subsystem temporarily enables the Security Server administrator to disable a subsystem so that all the services added under the subsystem cannot receive requests. If the same subsystem is registered on multiple Security Servers, disabling the subsystem on one Security Server doesn’t affect the others. Disabling a subsystem doesn’t change any configuration items regarding the subsystem or its services, it just makes the association between the Security Server and subsystem invisible to other Security Servers so that they cannot send requests to it. Similarly, a disabled subsystem cannot be used as a service client either. Note 1: When a subsystem is disabled, all the services under it stop receiving service requests immediately. However, the Security Server may receive service requests targeted to the services under the disabled subsystem for a couple of minutes after a subsystem has been disabled until the change is propagated to all the Security Servers. In that case, the requests are not forwarded to the service provider information systems by the Security Server. Instead, all service requests received during that time period fail and an error message is returned to the service consumer. Note 2: The Central Server Administrator must refresh the management services WSDL on the management Security Server(s) and configure access rights for the new management service.
XRDDEV-227	New	Make it possible to change the Security Server address in global configuration from the Security Server administrator UI and management REST API. The change is approved automatically by the Central Server, and it doesn’t require a manual approval from the Central Server administrator. By default, the change becomes visible to all the Security Servers in the ecosystem within a couple of minutes. Note 1: When changing the Security Server address, the address visible on top of the Security Server UI is updated only after logging out and logging back in to the UI. Note 2: The Central Server Administrator must refresh the management services WSDL on the management Security Server(s) and configure access rights for the new management service.
XRDDEV-445	Improvement	Replace the SHA-1 hashing algorithm with SHA-256. The change is fully backwards compatible and therefore, it doesn't apply to the authentication certificate hash in global configuration V2 and querying OCSP responses between the Security Servers.
XRDDEV-824	Improvement	Add support for enforcing new key creation when generating a certificate sign request (CSR) for authentication and signing keys on the Security Server. The feature is enabled by default which means that it’s not possible to generate a new CSR for a key that already has an existing certificate. The feature can be disabled by setting the `proxy-ui-api.allow-csr-for-key-with-certificate` system property to true on the Security Server.
XRDDEV-1203	New	Add support for managing the registration and management service TLS key and certificate using the Central Server UI and management REST API. Starting from version 7.4.0, the registration and management service TLS key and certificate can be recreated and downloaded using the Central Server UI and management REST API. Also, it's possible to create a certificate sign request (CSR) and upload a certificate issued by a trusted Certificate Authority (CA). The filenames are change from `/etc/xroad/ssl/internal.key` to `/etc/xroad/ssl/management-service.key` and from `/etc/xroad/ssl/internal.crt` to `/etc/xroad/ssl/management-service.crt`. Note: When the key and certificate are rotated, and mTLS is enabled between the management Security Server and the management services, the new certificate must be updated to the management Security Server.
XRDDEV-1689	Improvement	Introduce updated version of the global configuration to support upcoming features. New global configuration version is V3. Also global configuration V2 remains supported for backwards compatibility. Security Servers older than version 7.4.0 use global configuration V2 while Security Servers starting from version 7.4.0 use global configuration V3. Global configuration V3 is extensible and it provides a capability to add new optional elements without breaking backwards compatibility.
XRDDEV-1983	Improvement	Update store names on the Security Server web interface to be in line with the recommended naming convention with Pinia.
XRDDEV-1997	Improvement	Introduce mapping groups to X-Road system groups to support central management of the Central Server and Security Server web interface users via LDAP. The Central Server and Security Server administrator user permissions are managed using X-Road-specific Linux groups that are mapped to X-Road user roles. An administrator must be a member of the X-Road-specific groups in order to access the management UI. Starting from version 7.4.0, it’s possible to map additional Linux groups to X-Road user roles using the `proxy-ui-api.complementary-user-role-mappings` and `admin-service.complementary-user-role-mappings` system properties. It enables granting administrators permissions to the management UI using existing Linux groups instead of adding administrators to the X-Road-specific groups. For example: /etc/xroad/conf.d/local.ini `[proxy-ui-api.complementary-user-role-mappings] XROAD_SECURITY_OFFICER=group1,group2 XROAD_SERVICE_ADMINISTRATOR=group3,group4` More information about the properties is available in the X-Road System Parameters User Guide.
XRDDEV-1999	New	Make it possible to define what the minimum supported version of a communication partner's Security Server is allowed to be. Starting from version 7.4.0, service providers are able to configure a minimum required X-Road software version for client Security Servers. It means that client Security Servers older than the configured version are not able to access services anymore. Service providers can configure the required minimum version using the `proxy.server-min-supported-client-version` system property. By default, the property doesn't have any value which means that a minimum version hasn't been set. Instead, when the value is set, all the minor and patch versions starting from the configured version are approved. More information about the property is available in the X-Road System Parameters User Guide. X-Road Operators may set this value in the country-specific meta packages, e.g., Estonia and Finland are setting the value to three latest versions which means that requests that are originating from client Security Servers older than version 7.2.0 are not accepted anymore in the Estonian and Finnish X-Road ecosystems. The value is rolling which means that it changes for every X-Road minor version, e.g., when version 7.5.0 is released, the minimum supported version is 7.3.0.
XRDDEV-2028	Improvement	Improve the Security Server proxy components logging so that it logs a warning if it was unable to connect to a node of a clustered Security Server. Only log an error if connecting to all nodes failed.
XRDDEV-2263	Fix	Update the Central Server web interface from Vue 2 to Vue 3.
XRDDEV-2398	Fix	Improve timestamping service recovery on the Security Server so that it is able to correctly recover on all nodes of the cluster when the service becomes available again.
XRDDEV-2403	Improvement	Migrate ASIC container hash-chain verification utility from Ruby to JAVA.
XRDDEV-2412	Improvement	Improve signer components test coverage in preparation of migrating it to gRPC.
XRDDEV-2419	Fix	Deprecate old rate-limiting configuration parameters on the Security Server so that we only use one method for configuring them on both the Security Server and Central Server. The deprecated parameters are: request.sizelimit.regular request.sizelimit.binary.upload ratelimit.requests.per.second ratelimit.requests.per.minute The following parameters should be used instead: request-sizelimit-regular request-sizelimit-binary-upload rate-limit-requests-per-second rate-limit-requests-per-minute Please see the System Parameters Guide for details.
XRDDEV-2440	Fix	Improve role checks on the Security Server frontend so that certain roles don't mistakenly try to request data they don't have access to.
XRDDEV-2441	Fix	Fix and issue on the Security Server frontend that caused the "Add localngroup" dialog to not correctly close in case of errors.
XRDDEV-2444	Fix	Fix potential replay attack issue with the initialization flow of the Central Server.
XRDDEV-2445	Fix	Fix localization issues on the Security Server and Central Server web interfaces.
XRDDEV-2455	Improvement	Make it possible to navigate from member details to Security Server details using the owned servers table in the Central Server web interfaces member details view.
XRDDEV-2456	Improvement	Allow the user to input more than 25 characters as the search criteria in the member and Security Server table views on the Central Server web interface.
XRDDEV-2457	Improvement	Improve the usability of filter fields on the Central Server web interface so that the user wouldn't need to double click the field to search.
XRDDEV-2461	Fix	Fix issue with the service client URL not being validated correctly when edited on the Security Server.
XRDDEV-2462	Fix	Fix issue where the add client service access rights default view would send the incorrect empty value for filtering.
XRDDEV-2463	Fix	Update the Security Server web interface from Vue 2 to Vue 3.
XRDDEV-2465	Improvement	Show a help text in the Security Server UI when the enforce-token-pin-policy property has been enabled and the strict PIN policy rules are enforced. The help text contains the rules so that the user knows what are the complexity requirements for the PIN code.
XRDDEV-2468	Improvement	Migrate the signer component interactions from Akka to gRPC. Note: Any Akka-related system properties are not supported anymore starting from version 7.4.0, e.g., `<component>.akka.remote.artery.advanced.maximum-frame-size`. If Akka-related system properties have been used to override Akka's default configuration values, they should be manually removed from the configuration.
XRDDEV-2469	Improvement	Disable showing Liquibase banner during installations to make the installation output less cluttered.
XRDDEV-2470	Fix	Fix an issue that enabled registering Security Servers with duplicate codes on the Central Server under certain conditions.
XRDDEV-2472	Improvement	Introduce a safer way to add new unique constraints on existing database fields on the Central Server, which also runs checks to verify the state of the database beforehand.
XRDDEV-2474	Fix	Fix an issue that caused the new Central Server backups to exclude the Nginx configurations for management and registration services.
XRDDEV-2475	Fix	Fix an issue that caused the automatically re-created configuration anchor not to contain the new signing key after new signing key creation on the Central Server.
XRDDEV-2476	Improvement	Improve messagelog addons test coverage in preparation of migrating it to gRPC.
XRDDEV-2477	Improvement	Improve op-monitor addons test coverage in preparation of migrating it to gRPC.
XRDDEV-2478	Improvement	Improve proxymonitor addons test coverage in preparation of migrating it to gRPC.
XRDDEV-2479	Improvement	Improve environmental monitoring components test coverage in preparation of migrating it to gRPC.
XRDDEV-2480	Fix	Fix incorrect file name when downloading the Security Server's OpenAPI description via the API.
XRDDEV-2483	Fix	Fix an issue with the edit Security Server address field not showing the current address on the Central Server web interface.
XRDDEV-2485	Improvement	Migrate the proxymonitor and xroad-monitor addon interactions from Akka to gRPC. Note: Any Akka-related system properties are not supported anymore starting from version 7.4.0, e.g., `<component>.akka.remote.artery.advanced.maximum-frame-size`. If Akka-related system properties have been used to override Akka's default configuration values, they should be manually removed from the configuration.
XRDDEV-2486	Improvement	Migrate the environmental monitoring component interactions from Akka to gRPC. Note: Any Akka-related system properties are not supported anymore starting from version 7.4.0, e.g., `<component>.akka.remote.artery.advanced.maximum-frame-size`. If Akka-related system properties have been used to override Akka’s default configuration values, they should be manually removed from the configuration.
XRDDEV-2487	Improvement	Migrate op-monitor addong interactions from Akka to gRPC. Note: Any Akka-related system properties are not supported anymore starting from version 7.4.0, e.g., `<component>.akka.remote.artery.advanced.maximum-frame-size`. If Akka-related system properties have been used to override Akka’s default configuration values, they should be manually removed from the configuration.
XRDDEV-2488	New	Introduce a way to include dynamic values in metapackage build process. Introduce automatic minimum supported version setting to the Estonian and Finnish metapackages syncing it with the minimum supported version of time of release.
XRDDEV-2490	New	Migrate X-Road components to JAVA 17. Ubuntu 20.04 LTS, Ubuntu 22.04 LTS and RHEL8 platforms are migrated automatically from Java 11 to Java 17. Instead, the RHEL7 platform requires manual configuration steps. The Java 17 installation instructions for RHEL7 are available in the Security Server Installation Guide for RHEL.
XRDDEV-2491	Fix	Update the Security Server and Central Server management services to Spring Boot 3. As a part of the upgrade, bump the minimum supported PostgreSQL version to version 12. For the RHEL7 platform, a manual upgrade is required. The instructions for the migration are available in the Knowledge Base.
XRDDEV-2493	New	Make it possible to configure the Central Server to use HTTPS with a trusted CA for publishing global configuration. A new private key and a self-signed TLS certificate are created automatically when installing a new Central Server or upgrading an existing installation from an older version. After the installation or upgrade, the Central Server Administrator is required to manually apply for a TLS certificate from a trusted Certificate Authority (CA) and then configure the certificate. More information about configuring a trusted TLS certificate is available here. This step is required, because the Security Server does not trust the new automatically generated self-signed certificate by default. The Security Server supports disabling certificate verification, but it is not recommended to disable it in production environments. Starting from version 7.4.0, the global configuration will be available on the Central Server ports 80 and 443. The old HTTP endpoint on port 80 guarantees that older Security Servers that do not support downloading global configuration over HTTPS continue to work normally. Also, the new Security Servers that support downloading global configuration over HTTPS will fall back to HTTP if the TLS certificate of the new HTTPS endpoint is not properly configured. Changes in the global configuration download ports may cause changes to firewall configuration on the Central Server since inbound traffic from the Security Servers to port 443 must be allowed. Note: When upgrading the Central Server from version < 7.4.0 to version >= 7.4.0, the configuration anchor must be re-generated, distributed to all the Security Server administrators through an external channel (e.g., email) and imported to each Security Server to enable downloading global configuration over HTTPS. Without the new configuration anchor Security Servers will continue to download global configuration over HTTP.
XRDDEV-2494	New	Make it possible to configure the Configuration Proxy to use HTTPS with a trusted CA for publishing global configuration. A new private key and a self-signed TLS certificate are created automatically when installing a new Configuration Proxy or upgrading an existing installation from an older version. After the installation or upgrade, the Configuration Proxy Administrator is required to manually apply for a TLS certificate from a trusted Certificate Authority (CA) and then configure the certificate. More information about configuring a trusted TLS certificate is available here. This step is required, because the Security Server does not trust the new automatically generated self-signed certificate by default. The Security Server supports disabling certificate verification, but it is not recommended to disable it in production environments. Starting from version 7.4.0, the global configuration will be available on the Configuration Proxy ports 80 and 443. The old HTTP endpoint on port 80 guarantees that older Security Servers that do not support downloading global configuration over HTTPS continue to work normally. Also, the new Security Servers that support downloading global configuration over HTTPS will fall back to HTTP if the TLS certificate of the new HTTPS endpoint is not properly configured. Changes in the global configuration download ports may cause changes to firewall configuration on the Configuration Proxy since inbound traffic from the Security Servers to port 443 must be allowed. Note: When upgrading the Configuration Proxy from version < 7.4.0 to version >= 7.4.0, the configuration anchor must be re-generated, distributed to all the Security Server administrators through an external channel (e.g., email) and imported to each Security Server to enable downloading global configuration over HTTPS. Without the new configuration anchor Security Servers will continue to download global configuration over HTTP.
XRDDEV-2495	New	Make it possible for the Security Server to use global configuration provided by a new HTTPS endpoint that uses a TLS certificate issued by a trusted CA. By default, the Security Server tries to download the global configuration over HTTPS and verify the global configuration download endpoint's TLS certificate. If the verification fails or the HTTPS endpoint is not available for some other reason, the Security Server uses the old HTTP endpoint. Also, the Security Server supports disabling certificate verification, but it is not recommended to disable it in production environments. The global configuration download TLS certificate verification can be enabled/disabled using the `configuration-client.global_conf_tls_cert_verification` property. Instead, the global configuration download hostname verification can be enabled/disabled using the `configuration-client.global_conf_hostname_verification` property. More information about the properties is available in the X-Road System Parameters User Guide. Changes in the global configuration download ports may cause changes to firewall configuration on Security Server since outbound traffic to the Central Server and Configuration Proxy port 443 must be allowed. Note: To enable downloading global configuration over HTTPS, a configuration anchor generated using the Central Server version 7.4.0 or later must be imported to the Security Server.
XRDDEV-2496	New	Add ACME server URL and IP address properties to CA entity's configuration in global configuration V3 schema. The new properties are not used for anything yet. Instead, they will be used by the ACME support scheduled for version 7.5.0.
XRDDEV-2498	Improvement	Migrate the messagelog addon interactions from Akka to gRPC. Note: Any Akka-related system properties are not supported anymore starting from version 7.4.0, e.g., `<component>.akka.remote.artery.advanced.maximum-frame-size`. If Akka-related system properties have been used to override Akka’s default configuration values, they should be manually removed from the configuration.
XRDDEV-2502	Improvement	Improve the API key management security so that the user is only able to create API keys with the roles that they themselves have. Only a user with the “System Administrator” role is able to create API keys with the “Management Services” role.
XRDDEV-2512	Fix	Fix issue where adding management and registration service keys during Central Server installation could fail silently. Now a warning is logged if there was an issue.
XRDDEV-2519	Improvement	Add support for rotating global configuration sign keys on the Central Server without having to distribute a new version of the configuration anchor. Starting from version 7.4.0, the Central Server sign keys are included in the global configuration. Thanks to this, rotating the sign keys is possible without importing a new version of the configuration anchor to each Security Server. Instead, the Security Server gets the sign key from the global configuration directly and applies it immediately. Importing the configuration anchor to the Security Server manually is also possible, but it's required only when the Security Server is initialised for the first time. Note 1: When rotating the global configuration sign key, the new sign key must not be activated immediately. Instead, please wait for at least a couples of minutes before activating it so that there's enough time for the new sign key to be propagated to all the Security Servers. By default, the Central Server regenerates the global configuration files once per minute and the Security Servers download the global configuration once per minute. Therefore, it may take a couple of minutes before the new key has reached all the Security Servers. Also, if the default interval values have been changed, the required time may be longer. Note 2: If a Security Server has been offline / turned off when the global configuration sign key has been rotated, an updated version of the configuration anchor including the new sign key must be manually uploaded to the Security Server. Note 3: When federation is used, after rotating the global configuration sign key, a new configuration anchor must be generated, shared with the operators of federated X-Road ecosystems and uploaded to the federated ecosystems' Central Servers and Configuration Proxies. Otherwise, Security Servers registered to a federated ecosystem after the key rotation, do not trust the new key when they try to download the federated ecosystem's global configuration.
XRDDEV-2520	Improvement	Add support for publishing REST services using the OpenAPI 3.1 service description. The supported OpenAPI versions are now 3.0 and 3.1.
XRDDEV-2521	New	Change the default client information system inbound communication ports are from 80 to 8080 and from 443 to 8443 on Ubuntu-based Security Servers. In this way, the default ports are consistent regardless of the hosting operating system. The change is applied to new installations only and existing installations are not affected by it. Also, if custom ports have been configured locally by the Security Server administrator, they are not affected. X-Road Operators may set the default port values in the country-specific meta packages. The Estonian ecosystem continues to use ports 80 and 443 by default for new installations after the change.
XRDDEV-2525	Improvement	Add support for adding a new OCSP service without a certificate to the Central Server. If an OCSP service uses a certificate that's issued by the root certificate of the CA that the OCSP service is associated with and the root certificate is uploaded to the Central Server, uploading the OCSP service's certificate to the Central Server is not mandatory.
XRDDEV-2528	Fix	Set maximum length for the Security Server username and password.
XRDDEV-2529	Improvement	Implement the SameSite cookie on the Security Server.
XRDDEV-2531	Fix	Fix a problem that caused the Edit token view to crash on the Security Server when refreshing the page.
XRDDEV-2538	Fix	Update the /var/log/xroad/proxy_ui_api_access.log log file rolling policy so that the configuration is consistent with other Security Server components.
XRDDEV-2543	Fix	Minor fixes to Central Server permissions.

Issue types: fix (bug fix or technical debt), improvement (improvement to an existing feature), new (a new feature).

New/Updated Dependencies

Dependency	Old Version	New Version	Notes

Dependency	Old Version	New Version	Notes
Java	11	17
Spring Boot	2.7.12	3.1.5
Jetty	9.4.51.v20230217	11.0.17
Tomcat	9.0.75	10.1.13
Hibernate	5.6.15	6.2.9
Log4j2	2.17.2	2.20.0
Akka	2.1.13	-	Akka was replaced with gRPC
gRPC	-	1.58.0
Vue	2.6.14	3.3.4
Vuetify	2.6.10	3.3.19

Contributors

The following developers have contributed to the development of this release version. A contribution means at least one Git commit that is included in the release. The full list of contributors of different X-Road® versions is available here.

GitHub Username

GitHub Username
andresrosenthal
enelir
justasnortal
mikkbachmann
mloitm
ovidijusnortal
petkivim
raits
ricardas-buc
VPaliliunas

Other Notes

Package Repositories

Repository	URL

Repository	URL
Bionic	^{deb https://artifactory.niis.org/xroad-release-deb focal-7.4.0 main}
Focal	^{deb https://artifactory.niis.org/xroad-release-deb jammy-7.4.0 main}
RPM / RHEL7	^{https://artifactory.niis.org/xroad-release-rpm/rhel/7/7.4.0/}
RPM / RHEL8	^{https://artifactory.niis.org/xroad-release-rpm/rhel/8/7.4.0/}
Docker	https://hub.docker.com/r/niis/xroad-security-server-sidecar

Repository Sign Key Details

Download URL	https://artifactory.niis.org/api/gpg/key/public
Hash	935CC5E7FA5397B171749F80D6E3973B
Fingerprint	A01B FE41 B9D8 EAF4 872F A3F1 FB0D 532C 10F6 EC5B
3rd party key server	Ubuntu key server

Packages

Focal

Package	SHA256 checksum

Package	SHA256 checksum
xroad-addon-hwtokens_7.4.0-1.ubuntu20.04_amd64.deb	774fd490720630c05ce8983f6b6ffa4f4c3ae8ddc6aa224f7947397d9db7afbc
xroad-addon-messagelog_7.4.0-1.ubuntu20.04_all.deb	f16fc78c945a54cd37fdb935686335373912f4c6ebd7ded2a99c26e3f1a3c366
xroad-addon-metaservices_7.4.0-1.ubuntu20.04_all.deb	b9c2cb716d41b034f39acaf8c78cc4329d62525a89c062ab6d63ec31b910252f
xroad-addon-opmonitoring_7.4.0-1.ubuntu20.04_all.deb	593ef8ed631696f6ca3290fc92edcaa21e5479a354eb269e76560313031dacbb
xroad-addon-proxymonitor_7.4.0-1.ubuntu20.04_all.deb	60d87312c12583c99c8351c529e53ffc5f4a64eb174205287ef6e71a9b6fa988
xroad-addon-wsdlvalidator_7.4.0-1.ubuntu20.04_all.deb	9137d9fce055250a538a3cf2e81b3f413862702736334aaf1c343466a5e182b8
xroad-autologin_7.4.0-1.ubuntu20.04_all.deb	a1ce304245cc6753e689cc6fee9cd63b54ddbe0d9919653af76a05761f2d3b37
xroad-base_7.4.0-1.ubuntu20.04_amd64.deb	2ff637432a5ea5ab1eac2487624426a241ffe82cfb617f954bf757b38c112481
xroad-center_7.4.0-1.ubuntu20.04_all.deb	fee129b0c0e1803df3310c28b25fb59aa7e1cd9f6b70e0bb2acb75b87f585938
xroad-center-management-service_7.4.0-1.ubuntu20.04_all.deb	4a16e6b77436d25cb76e1926c94ec4e597036d7e2cc303dce36358bf069363b0
xroad-center-registration-service_7.4.0-1.ubuntu20.04_all.deb	7a8b9762bd80ae15c42be51cc8438e5041f1b8e38bf7d6473467b58a4db1d4fe
xroad-centralserver_7.4.0-1.ubuntu20.04_all.deb	94d8f26c6b4bae3138ed4bb2b7fb52b98125d7e77acd3ad597eeb95e264d77c2
xroad-centralserver-monitoring_7.4.0-1.ubuntu20.04_all.deb	84acbabb33b6f6ca5cb4de0905a6644123770fa6f5df1d49fdb3114047299179
xroad-confclient_7.4.0-1.ubuntu20.04_amd64.deb	af15bc92e96d65c7025c38537d9547e260a62f682fd7240601a59744834dea56
xroad-confproxy_7.4.0-1.ubuntu20.04_all.deb	97d7e56a98ab7d32c5fd5b4b46027a09785215f26365a4021923c58d36007488
xroad-database-local_7.4.0-1.ubuntu20.04_all.deb	782b513d4b90b35b3329b0fe5bf166e6b1f8d898c7ad502fb57e4c1d18fbd98c
xroad-database-remote_7.4.0-1.ubuntu20.04_all.deb	012ae0456473a32cd57f2a0aff9a5fce760f8497dbc92f6d0700167b004cf698
xroad-monitor_7.4.0-1.ubuntu20.04_all.deb	85806822fe9f86294e481e178ee61cf693b3ec3607b34bfa2c43b403c6227133
xroad-nginx_7.4.0-1.ubuntu20.04_amd64.deb	b0d186e08940f9f31bdf2de9582879f16ea10a0e07edb482310afb2e5ff949fc
xroad-opmonitor_7.4.0-1.ubuntu20.04_all.deb	d90ee5a11cd590456a2924d5208ddb7c7143aea7d47d41c6ba46ce762b9ed1f5
xroad-proxy_7.4.0-1.ubuntu20.04_all.deb	b694f7f955e3999d40932d218ddd95b6953b54561fa6493841abf1c9eb54f4c9
xroad-proxy-ui-api_7.4.0-1.ubuntu20.04_all.deb	2afab8e473f7b37e23bd05b61f7ae41229346f92721f50537e87b5e52b167bbc
xroad-securityserver_7.4.0-1.ubuntu20.04_all.deb	54895d5f33e66ab45361883e1fc22d44b75f891d5ffe9a80cec62f05901cc3e2
xroad-securityserver-fi_7.4.0-1.ubuntu20.04_all.deb	1084f8fe7b51747a26039021dd31bc6c27e71968aa77a45c30cfcf53699df395
xroad-securityserver-ee_7.4.0-1.ubuntu20.04_all.deb	74b1faa66d1b4b3b5d9fdb731b9f857d1c5766f760c0d4ec05a08d983d6b934f
xroad-securityserver-is_7.4.0-1.ubuntu20.04_all.deb	355c836958b41655b36a4ddbada663a6abd9b56f33473b1241ee8fb084863adb
xroad-securityserver-fo_7.4.0-1.ubuntu20.04_all.deb	1f22f462268ae02187c8000f15e026cdd68afd9f65433c382930dc76c95fd899
xroad-signer_7.4.0-1.ubuntu20.04_amd64.deb	ca90a60cc8885863291e076c545360264fbb7c46a6b0aa2e778a56293a526e1a

Jammy

Package	SHA256 checksum

Package	SHA256 checksum
xroad-addon-hwtokens_7.4.0-1.ubuntu22.04_amd64.deb	1cd33c2d3e2bbf928b135e6df5734fc439dca9f6e78f799daa396b3b94253517
xroad-addon-messagelog_7.4.0-1.ubuntu22.04_all.deb	62dd9af0404f5f6ed10ec640fb8093667e3a7132811275afd3e1f28adba59e89
xroad-addon-metaservices_7.4.0-1.ubuntu22.04_all.deb	67a23af243f099a4adbff28b8e8e69b75924ae2780d49372f448806ed0532515
xroad-addon-proxymonitor_7.4.0-1.ubuntu22.04_all.deb	e497a25c7887ddc6f449d7158e490e9cec00679862e2cc2727319fc840f4e657
xroad-addon-opmonitoring_7.4.0-1.ubuntu22.04_all.deb	354f48e4600bf5b07a24c743ad685387b7758431dedb4f9d0851d6edbf043e54
xroad-addon-wsdlvalidator_7.4.0-1.ubuntu22.04_all.deb	d69e0eb1625f3173e08ca463a09e108244413f6e8a994ab131fc9e3a6b32dfa5
xroad-autologin_7.4.0-1.ubuntu22.04_all.deb	d6664067b0c6064b8d996beec0ce33e0acbcc2854e07fdbb817412a130ea6903
xroad-base_7.4.0-1.ubuntu22.04_amd64.deb	eeb1c63902180bbadca0b6c7f65ceb462df4ec301dafc0f2b0385a61837e26da
xroad-center_7.4.0-1.ubuntu22.04_all.deb	84c26417efe68e12f623617c9aaae570247b09af509e2851840dabdf3072564b
xroad-center-management-service_7.4.0-1.ubuntu22.04_all.deb	a0fa3db9b55b2b10bcb3d1a75b5df0881e37ed9f634aa8125b33b16cc28fc6a7
xroad-center-registration-service_7.4.0-1.ubuntu22.04_all.deb	f219165c4e029619975d26e8647fff96daf04d079472c71f2a9b4fd58f6f71f9
xroad-centralserver-monitoring_7.4.0-1.ubuntu22.04_all.deb	ad8e3d9f0bafa1199eae80fed8efb58cc4b64c8636b74e5db4315898c0a9f79c
xroad-centralserver_7.4.0-1.ubuntu22.04_all.deb	10c0f8e7210366c926573c9f08553d7dd14eb4049a107e22a6e14ef3beb668f1
xroad-confclient_7.4.0-1.ubuntu22.04_amd64.deb	d2aedbbc035394061367bc900df53ba22b0b402a83d403c94e5b949ace5cbc2f
xroad-confproxy_7.4.0-1.ubuntu22.04_all.deb	0668e94290b72d2decbd3a4ca6fa4fb3c56d2475b671ef738037f32358a07c91
xroad-database-local_7.4.0-1.ubuntu22.04_all.deb	a60a885a81650dc7d34e6fa4c3555dd849a838a49f4bd028f40ace95e0783217
xroad-database-remote_7.4.0-1.ubuntu22.04_all.deb	397950938967cffc2b85e66516375543b253c429fcc3990595aefe43ff47e938
xroad-monitor_7.4.0-1.ubuntu22.04_all.deb	6483b9991697ac6e2456b144a55c5df81d9e60662dfb463acafc736c30a20bcf
xroad-nginx_7.4.0-1.ubuntu22.04_amd64.deb	f9135a8ad23e2e556952f66b067b065c11aca8d7ae4f76be62d475034f77fe40
xroad-opmonitor_7.4.0-1.ubuntu22.04_all.deb	9e6e2cd6135efa9ef55daa6df631c4ca7bec8648b742e2549bff6f37512c8e5c
xroad-proxy_7.4.0-1.ubuntu22.04_all.deb	403b25c3ce4d3e766818ec15afcd4b04eb15d39607771182ce39ede8d8c4cc7a
xroad-proxy-ui-api_7.4.0-1.ubuntu22.04_all.deb	c3c9e0fd6e102975e8579fbdb8be7ba76aadda41782f09e778d958efebec290b
xroad-securityserver_7.4.0-1.ubuntu22.04_all.deb	ede66ecab297e5249e743c68557876e619464f9825e3c36fbb4786bbe4b7e967
xroad-securityserver-fi_7.4.0-1.ubuntu22.04_all.deb	3e8910d4efd2bfdb4f9bd79abc7c69f9fb7925089fae94ef3aa65b2174c1411a
xroad-securityserver-ee_7.4.0-1.ubuntu22.04_all.deb	42f652a57c51d0b61923d8e4d3d019307ed5c8749d1ad7c92b78a50b65bea86e
xroad-securityserver-fo_7.4.0-1.ubuntu22.04_all.deb	2822ca3085741172da59a192e87ecc1dd5049be7f8c06e1508b6500d004cf4b7
xroad-securityserver-is_7.4.0-1.ubuntu22.04_all.deb	3edb9cd61f865c098a5095544778077a2714d5ffe41ac7d1c6cbf308df0ee472
xroad-signer_7.4.0-1.ubuntu22.04_amd64.deb	e5ce6579b329cd0ec3ea3639fe288189ec50275176b64713c175551433b67e49

RPM / RHEL7

Package	SHA256 checksum

Package	SHA256 checksum
xroad-addon-messagelog-7.4.0-1.el7.x86_64.rpm	d901aa27e89726f6fe6fc765c93d25860c4639a104d745fa15e824a5c18d116b
xroad-addon-metaservices-7.4.0-1.el7.x86_64.rpm	5c5166e225f4dcd98d6d0038a518f40ff98843918e4ee567e203bc3baa6455ce
xroad-addon-opmonitoring-7.4.0-1.el7.x86_64.rpm	1066ff2bc2fa251782f1b3ab2862babecc009f00e4dc336c2eb54538c7459d92
xroad-addon-proxymonitor-7.4.0-1.el7.x86_64.rpm	e7ca53ef508d0111c5f6f56375be3a2251e33398fcd8284a0d58886d1296eb0a
xroad-addon-wsdlvalidator-7.4.0-1.el7.x86_64.rpm	545d91913738187403b49fe6c8e65ab21f5a799fa39f802b805efb1fb937633b
xroad-autologin-7.4.0-1.el7.noarch.rpm	fb087f087e430b7bac68d22ee5d5b4a65f427b8d106c66a3a2c5d430efc88080
xroad-base-7.4.0-1.el7.x86_64.rpm	e4c851b92f123cae912e03aa1832c1a5b4a5b7839cf2d9a633ea3962eb9b7fdb
xroad-confclient-7.4.0-1.el7.x86_64.rpm	f3e98c77422da93c13eabc0fc7dc9d5905fee425f93cbd0c02a668f35158ef4b
xroad-database-local-7.4.0-1.el7.noarch.rpm	c23b39b684d8ff9076983061698155db779b790b6baa7db1bcf5e20079dff816
xroad-database-remote-7.4.0-1.el7.noarch.rpm	d01435bc9d6f94a75e1ad92711caafdbefe9b5dcc98079e5465efcc893088de0
xroad-monitor-7.4.0-1.el7.x86_64.rpm	2d73108331a98cfa5b656705ff743e942eb471f3ea0ac570dcfc576395a07b51
xroad-opmonitor-7.4.0-1.el7.x86_64.rpm	440cb738f695f9a3318c7f3eda2070f0612232c06eb91e681b3ab20a92df809e
xroad-proxy-7.4.0-1.el7.x86_64.rpm	5642b62324ffd0c594179133344320e39929f2fab03106006a8801e22f645b81
xroad-proxy-ui-api-7.4.0-1.el7.x86_64.rpm	ccfc677da1e1579f6adb51312e409aea25e7b383311c3a689bdc9d83b79e3640
xroad-securityserver-7.4.0-1.el7.noarch.rpm	7b6a85e90b319c83e2b4417880ed345cd78a8cec138614ef6a866d426b838649
xroad-securityserver-fi-7.4.0-1.el7.noarch.rpm	2deb2bd640e324b671807153520c3b79b382c224aa13fe9cc9ba8914e7f6a1e3
xroad-securityserver-fo-7.4.0-1.el7.noarch.rpm	179e5e0e2f6c5578f3f6f8f14c2daca7d3b62cb92b362c87dd9015e177078e71
xroad-securityserver-is-7.4.0-1.el7.noarch.rpm	0b9524b2be53309cc9d7791881f61c21ef3367161d106eb80261034b7c8d4c09
xroad-signer-7.4.0-1.el7.x86_64.rpm	0af14a4efbfa294c806a3117ea1d1cb9646856ae6eabeb56f86b7df3fb627eb2

RPM / RHEL8

Package	SHA256 checksum

Package	SHA256 checksum
xroad-addon-messagelog-7.4.0-1.el8.x86_64.rpm	9732dd84be6e2d68f63f25dee75560651d61d9bdde4965fa212750f7030dceaa
xroad-addon-metaservices-7.4.0-1.el8.x86_64.rpm	35bbfd3652e722bb7f5defc296dec09f326fdabb9f68c813516445c927dc31c6
xroad-addon-opmonitoring-7.4.0-1.el8.x86_64.rpm	687cad26ce705f6b997638427202a8bd7eb667f0943f1f3c00c226c40799ec64
xroad-addon-proxymonitor-7.4.0-1.el8.x86_64.rpm	758056b6af06f5efbbd542d288ecc0f4b015a4c483dbf7935a8f37778a4c1ecf
xroad-addon-wsdlvalidator-7.4.0-1.el8.x86_64.rpm	39f019af7fb841433640c7905c370056f687ba997a5e47cd4365875362d6f8ee
xroad-autologin-7.4.0-1.el8.noarch.rpm	77c3c42329d8e870cfa565fe7692cf40a8ab670681e852e778b7e464e176523c
xroad-base-7.4.0-1.el8.x86_64.rpm	d3a77a4559943c6e07ebcf63f60971ef8693833bc26a250471c1148cbaf0beeb
xroad-confclient-7.4.0-1.el8.x86_64.rpm	b39ba9c9874d543e4567f7ace46ee3dec8676576e7a0b1170bc2aafd7a1d063d
xroad-database-local-7.4.0-1.el8.noarch.rpm	7ab2696c24ac0313b415f45442ea2f590e0a58f45170455d2201d93e80ac5ac3
xroad-database-remote-7.4.0-1.el8.noarch.rpm	aa5fd4650ce84bf748e65d98ee8a140a38dd18b6d643ad47dac4a676d2ea58e3
xroad-monitor-7.4.0-1.el8.x86_64.rpm	6e74668b491d731fc139dc66d432eb98538da6d57e3beac3ff5396941e2b2234
xroad-opmonitor-7.4.0-1.el8.x86_64.rpm	5deb4f8cb4cbdd1743321436c87c1ae5d3e4c4f53f6f0db9c1c84452dcb073cf
xroad-proxy-7.4.0-1.el8.x86_64.rpm	1c969f31d00b2e03eff1b55abf245225a268d385a40d0d9796cac69a65fc28a4
xroad-proxy-ui-api-7.4.0-1.el8.x86_64.rpm	3b503dc59515a5b7621db72f9f5723b6c22f4537491e879f09d0ffae463e0b61
xroad-securityserver-7.4.0-1.el8.noarch.rpm	c597905efbf8f0e2091a9308d34f72d17de464b51353619106fc95746bcfc5f8
xroad-securityserver-fi-7.4.0-1.el8.noarch.rpm	82777982f4373852e463096f9c5a06afe750e2319da4049ef8e4c3bfec2ae6d3
xroad-securityserver-fo-7.4.0-1.el8.noarch.rpm	7d124b112c6091b006e8e30802d9bd80ffd54ab1961218f59f8b92fdcfb40c3d
xroad-securityserver-is-7.4.0-1.el8.noarch.rpm	4b802efbceee6e5126687b6a0e91da9e0050a33368d5277fb2d98eb203a857d8
xroad-signer-7.4.0-1.el8.x86_64.rpm	0bc2fc2d90acca2069d8311c9b1283a47db28dbe3d45aa43666b621b4a9f7827

X-Road Knowledge Base