X-Road v6.20.0 Release Notes

Last updated: Apr 24, 2019

5 min read

Release Info

Version number	6.20.0
Release date	25.01.2019
Supported versions	6.20.0 6.19.0 6.18.0
Supported platforms	Central Server Ubuntu 14.04 LTS Ubuntu 18.04 LTS Configuration Proxy Ubuntu 14.04 LTS Ubuntu 18.04 LTS Security Server Ubuntu 14.04 LTS Ubuntu 18.04 LTS RHEL 7
Official documentation	https://github.com/nordic-institute/X-Road/tree/master/doc
Source code	https://github.com/nordic-institute/X-Road/tree/master
Software license	MIT

On this page:

Changes in This Release

Summary

Support for Ubuntu 18.04 LTS.
- Central Server, Security Server and Configuration Proxy can be migrated from Ubuntu 14.04 LTS to the latest Ubuntu 18.04 LTS version.
- Ubuntu 14.04 LTS will quit receiving maintenance updates in Q2/2019 which is why migration is required.
- Ubuntu 18.04 LTS support includes installation packages, and instructions for fresh install and migration from Ubuntu 14.
Security Server provides built-in support for Finnish data classification system level ST IV.
- The default security configuration has been updated according to the Finnish Communications Regulatory Authority's requirements.
Messagelog time-stamping has been improved so that messagelog records are always verifiable regardless of the number of processed messages and Security Server’s load.
Security Server's security and maintainability is improved replacing customised and outdated 3rd party components with the latest off-the-shelf versions of the components.
- In addition, maintainability is improved removing unsupported features and dead code from the codebase.

Completed Issues

Access to the X-Road Backlog and issue details requires signing up for an account. Sign up now and get access to the backlog and issue details immediately.

Issue ID	Type	Summary
XRDDEV-8	Fix	Replace an outdated custom version of Apache CXF's WSDL validator with the latest factory version. The fix reduces technical debt. N.B.! The change may affect adding and/or refreshing services (WSDL documents) on Security Server. The new version of the validator might reject some WSDL documents that the previous version accepted.
XRDDEV-10	Fix	Replace outdated Logback logging module by more robust Slf4jRequestLog module. The fix reduces technical debt.
XRDDEV-29	Improvement	Update cryptographic strength of key exchange to 128bits on communication between Security Servers, and operational monitoring daemon and client. Introduce whitelist setting to configure accepted cipher suites on Security Server. The change is backwards compatible - when Security Server version >= 6.19.0 communicates with a version <= 6.18.0, the old cryptographic strength of key exchange (< 128 bits) is used. After the improvement Security Server meets Finnish Communications Regulatory Authority's (FICORA) technical requirements for transferring ST IV classified information (on Finnish data classification system). N.B.! Red Hat Enterprise Linux 7 (RHEL7) supports the new configuration starting from RHEL 7.3 - support for the new configuration requires RHEL 7.3 or newer.
XRDDEV-60	Improvement	Add a script and related documentation for re-configuring the IP addresses of Central Server nodes in a high-availability (HA) cluster.
XRDDEV-62	Improvement	Log a warning in Security Server's proxy.log when the amount of timestamped records reaches 70% of timestamp-records-limit. The warning indicates to Security Server administrator that the value of timestamp-records-limit should be increased.
XRDDEV-86	Fix	Store X-Road version information in a platform independent way. Version information is available for X-Road components even if installation packages have not been installed, e.g. running Security Server in a Docker container.
XRDDEV-94	New	Create Security Server installation packages for Ubuntu 18.04 LTS.
XRDDEV-95	New	Create Central Server installation packages for Ubuntu 18.04 LTS.
XRDDEV-96	New	Create Configuration Proxy installation packages for Ubuntu 18.04 LTS.
XRDDEV-97	New	Create Ubuntu 18.04 LTS upgrade instructions for Security Server.
XRDDEV-98	New	Create Ubuntu 18.04 LTS upgrade instructions for Central Server.
XRDDEV-99	New	Create Ubuntu 18.04 LTS upgrade instructions for Configuration Proxy.
XRDDEV-101	New	Create Ubuntu 18.04 LTS installation instructions for Central Server, Configuration Proxy and Security Server.
XRDDEV-105	Fix	Fix error causing global configuration returning outdated data on a federation setup. The error is rare and can occur in a situation where two federated instances are started up after they have been both shut down long enough for global configuration to expire.
XRDDEV-106	Fix	Improve Security Server performance by making authentication key handling more efficient.
XRDDEV-108	Fix	Fix error in operational monitoring regarding measuring the processing time of requests - time that is consumed between sending out a request and receiving a response. The previous logic might have caused operational monitoring to return incorrect and even negative values.
XRDDEV-117	Improvement	Improve Security Server's XML parser's external entity processing to make XML parsing secure by default.
XRDDEV-138	Fix	Fix wrong namespace in X-Road Service Metadata Protocol (PR-META) document.
XRDDEV-141	Fix	Fix an error causing a query to fail when a service is available on two or more Security Servers, and the host name resolution of one of the Security Servers fails.
XRDDEV-143	Improvement	Make Signer component's module manager update interval configurable. Security Server administrator can override the default value using a configuration file.
XRDDEV-144	Fix	Make timeout value used in batch signatures configurable. Security Server administrator can override the default value using a configuration file.
XRDDEV-145	Improvement	Improve messagelog time-stamping so that messagelog records are always verifiable regardless of the number of processed messages and Security Server’s load. When the number of messages to time-stamp reaches the maximum value, batch time-stamping cycle is repeated until the number of time-stamped records is lower than timestamp-records-limit.
XRDDEV-146	Fix	Drop support for global configuration v1. Officially supported X-Road versions all use global configuration v2. N.B.! Security Server versions <=6.7.13 are no longer supported by Central Server versions >= 6.20.0.
XRDDEV-162	Fix	Update NIIS package repository (https://artifactory.niis.org) to official documentation.
XRDDEV-165	Fix	Make client-side Security Server to enforce whitelisted cipher suites in the connections between Security Servers.
XRDDEV-168	Fix	Remove unused code from the code base.
XRDDEV-169	Improvement	Add installation instructions for Security Server on RHEL7.
XRDDEV-170	Improvement	Add support for setting up a Security Server cluster running on Ubuntu 18.04 LTS using Ansible setup scripts.
XRDDEV-177	Fix	Update X-Road software version number format that is shown in the Version tab of the Security Server UI. Release version number format is x.y.z and snapshot version number format is x.y.z-SNAPSHOT-commitDate-commitHash.
XRDDEV-178	New	Add support for Central Server clustering on Ubuntu 18.04 LTS.
XRDDEV-184	Improvement	Convert ASiC verifier's documentation (UG-SIGDOC) from Word to Markdown.
XRDDEV-191	Fix	Add environmental monitoring daemon and environmental monitoring query to X-Road's architecture documentation (ARC-G).
XRDDEV-192	Improvement	Add support for extracting a message from ASiC container when verification of the container fails. The improvement enables extraction of messages from ASiC containers when SOAP payload is not logged in messagelog database.
XRDDEV-220	Fix	Fix an intermittent failure in connection creation between Security Servers.
XRDDEV-222	New	Create Ubuntu 18.04 LTS upgrade instructions for Security Server cluster.
XRDDEV-229	Improvement	Finnish national settings: Update default authentication and signing key length to 3072 bits (earlier 2048 bits).
XRDDEV-231	Improvement	Add X-Road brand colors and and X-Road logo in Central Server and Security Server UIs.
XRDDEV-232	Improvement	Add a Feedback page including links to X-Road Service Desk and X-Road Backlog in Central Server and Security Server UIs.
XRDDEV-248	Fix	Set a timeout value for the SSL handshake when establishing a connection between Security Servers. Previously, the Security Server could wait forever for the SSL handshake to complete after the TCP connection was set up.
XRDDEV-256	Improvement	Asicverifier's version number follows the Security Server's version number. Until now asicverifier's version number has been 1.0 and it has not changed even if the component has been updated. Starting from v6.20.0 asicverifier officially supports the matching Security Server version number. In addition, the version number is dropped from the jar filename, and a new command line option (--version) is introduced. $ java -jar asicverifier.jar --version AsicVerifier (X-Road) 6.20.0
XRDDEV-257	Improvement	Remove NTP dependency from X-Road packaging. NTP is no longer automatically installed together with Central Server, Security Server and Configuration Proxy packages. Administrators are free to choose the time syncing mechanism they want to use.

Issue types: fix (bug fix or technical debt), improvement (improvement to an existing feature), new (a new feature).

Other Notes

Package Repositories

Repository	URL
Bionic	deb https://artifactory.niis.org/xroad-release-deb bionic-<version> main
Trusty	deb https://artifactory.niis.org/xroad-release-deb trusty-<version> main
RPM	https://artifactory.niis.org/xroad-release-rpm/rhel/7/<version>

Repository

URL

Bionic

deb https://artifactory.niis.org/xroad-release-deb bionic-<version> main

Trusty

deb https://artifactory.niis.org/xroad-release-deb trusty-<version> main

RPM

https://artifactory.niis.org/xroad-release-rpm/rhel/7/<version>

Repository signing key can be downloaded from: https://artifactory.niis.org/api/gpg/key/public

Packages

Ubuntu 14 (trusty)

Package	SHA256 Checksum
xroad-addon-hwtokens_6.20.0-1.ubuntu14.04_all.deb	8d89873959b1616fc39afbb9a06e23323c0ca01db58291cd5f5ab93fd257b95a
xroad-addon-messagelog_6.20.0-1.ubuntu14.04_all.deb	6edee695245b9b1950658470c6857e3f6feb223bfd5102e3a15e2a2af8ddcca5
xroad-addon-metaservices_6.20.0-1.ubuntu14.04_all.deb	5428c3565255d556eb2b680ed3462a06316675daa4a80d14ca23f6bf89989038
xroad-addon-opmonitoring_6.20.0-1.ubuntu14.04_all.deb	fde7f7970c54fa540d732cbe619b5c9bdecdf92916141f3763aff98de12ba23e
xroad-addon-proxymonitor_6.20.0-1.ubuntu14.04_all.deb	a74f695fdd67f1e490e68f2dd9c23f5889b4b6510b9762db492f6606d8a66049
xroad-addon-wsdlvalidator_6.20.0-1.ubuntu14.04_all.deb	cd6ca3be1fc6dae7d4c783182799f34b10245e9d3d78f9ffb5204d187f1c423d
xroad-autologin_6.20.0-1.ubuntu14.04_all.deb	6f3d05173d45eeff0527b8e838f3342b3f8359d1fb33836e311a3969e68d4edb
xroad-base_6.20.0-1.ubuntu14.04_amd64.deb	1f425761525dbbc142bf0157c520bf36ba03e355b58414f2701d8e9ef30d3358
xroad-center-clusterhelper_6.20.0-1.ubuntu14.04_all.deb	145b462da10f60528ea13be7345c7b934dedf31198b75705ef8945fcb7f02770
xroad-center_6.20.0-1.ubuntu14.04_all.deb	2a92db835c4173b9f9a9d1d6d14fd49035d4453f4d2b96c8a5a55134ceb6bda4
xroad-centralserver-monitoring_6.20.0-1.ubuntu14.04_all.deb	bda0d33b66e9d340c4b7e98b728e90565eff0ac291fde55db5545231ff5cbf5b
xroad-centralserver_6.20.0-1.ubuntu14.04_all.deb	e5e8e53140b77ab83be068cd7d2f218269317efddf8a612cf976e12083e70e43
xroad-confclient_6.20.0-1.ubuntu14.04_amd64.deb	ca9bd65ac5c70a5a33c4ba83e6d343025c737db19b91b2469e17545c974c351c
6.20.0/xroad-confproxy_6.20.0-1.ubuntu14.04_all.deb	72befb2ebc96b63e66de8c11bf29597af7ef3aeecf8a7a788e3025e4ffc6d20d
xroad-jetty9_6.20.0-1.ubuntu14.04_all.deb	4328fbf43961e9e691f5aa0e1a051e0a399842857c402958d20493ec69ab77fe
xroad-monitor_6.20.0-1.ubuntu14.04_all.deb	4dbfc5b00bf76ba205fd19626b38c25612262f33008cdb97bd77aad0b0195ceb
xroad-nginx_6.20.0-1.ubuntu14.04_amd64.deb	36b23f12121c1776e6d4036ed2784bda76fc7c1b75774cff1898be6c7668ad9e
xroad-opmonitor_6.20.0-1.ubuntu14.04_all.deb	49150daabc0b0bcc91c12c5cc78ca9a26dacfee445ddfab5897ac06b995c6c5f
xroad-proxy_6.20.0-1.ubuntu14.04_all.deb	4d3262171753790cbe0988f3552fa1c6899823c235694dee0ba10ddfd55504e8
xroad-securityserver-ee_6.20.0-1.ubuntu14.04_all.deb	343cc2e143003cc9a9293dc3881741f9393f2b16646d7f031b1836a89777a91f
xroad-securityserver-fi_6.20.0-1.ubuntu14.04_all.deb	0ff5139a7958b29fe102ad05ee9ffe8329b470ce0ac84669549594ee76bd509a
xroad-securityserver_6.20.0-1.ubuntu14.04_all.deb	6021d100c98c459aeeb10245f296a30c2258ede17da5189d85a60ba99b383f68
xroad-signer_6.20.0-1.ubuntu14.04_amd64.deb	5ce785e274e669ad1b394469069558d6dfe33431889decedd66bf3a1df7073ce

Ubuntu 18 (bionic)

Package	SHA256 Checksum
xroad-addon-hwtokens_6.20.0-1.ubuntu18.04_all.deb	1e454345f1d8509ab9835bfe7af00cb8383585fa89e80db1197c652ca3ec28b2
xroad-addon-messagelog_6.20.0-1.ubuntu18.04_all.deb	b7acdf9bebe23c1c8e55a9cfd5302f80b818931566b06131b20d8817cd2968aa
xroad-addon-metaservices_6.20.0-1.ubuntu18.04_all.deb	b162b58498472df5b4442109fa911c14b51dfa0d9ff08d73646986ef4977a76f
xroad-addon-opmonitoring_6.20.0-1.ubuntu18.04_all.deb	d6aaf543df5e71232149cb881e7055c1c6a213b370c9d43c7ced3c904bfb7a5d
xroad-addon-proxymonitor_6.20.0-1.ubuntu18.04_all.deb	a11feba8b18d8e69550fb12557324159f3eee0c282a164705844c9d35a328c23
xroad-addon-wsdlvalidator_6.20.0-1.ubuntu18.04_all.deb	a67a14fc10e50c876bef1c4d4b0d9372b66c0393a6ac9271a594072544f7a19f
xroad-autologin_6.20.0-1.ubuntu18.04_all.deb	85dc434e970e701852cb55871cf2ef8a711fbb4f3dd9e7074d1600b5f49e7d10
xroad-center-clusterhelper_6.20.0-1.ubuntu18.04_all.deb	1cf49500c5762afcb4ab59a73f6fce9c4ab69c3b31fb17ce1190c489da23ee6d
xroad-base_6.20.0-1.ubuntu18.04_amd64.deb	1f9440080195ae48bc764d3f1f57aacb05e924997b0cbcd4aa1bc62abd93279d
xroad-center_6.20.0-1.ubuntu18.04_all.deb	d8066b01373696eab09fdab417f499a399d33a222859d3a06f8d5087a4d683de
xroad-centralserver-monitoring_6.20.0-1.ubuntu18.04_all.deb	bf5e042cbff8b9a829f2559f42bb512b7ae7f1f979010e9aade68aff37b67f43
xroad-centralserver_6.20.0-1.ubuntu18.04_all.deb	9c160de93d04f83913e9895daba9c275256279dbc0dfb388c0cfcf5ec7ffa8f1
xroad-confclient_6.20.0-1.ubuntu18.04_amd64.deb	30abee50f73c775236bd2a17ce5a7597a03e4a1aaad6fa2b6fa2e339f12b8d75
xroad-confproxy_6.20.0-1.ubuntu18.04_all.deb	0299253397f2d909c369560e834487c1865351c78e2ec3af68cd372dc6aa97bd
xroad-jetty9_6.20.0-1.ubuntu18.04_all.deb	6dd4038e90da5cfbd22ea71d5b142e456e69fc763390cfa899fbd69948ec3b7e
xroad-monitor_6.20.0-1.ubuntu18.04_all.deb	62e6f934c5f38a85e26afb820a3fd0818c26fddd032746efe081c4223f969b47
xroad-nginx_6.20.0-1.ubuntu18.04_amd64.deb	2c040b902345cb6289814b1a70d1a32d8ff510793f9b6f9f71d197e5e661b02b
xroad-opmonitor_6.20.0-1.ubuntu18.04_all.deb	f5d08b40a76e00a1b7c6065575925431d9bb3a808b57681e0295cf290044deda
xroad-proxy_6.20.0-1.ubuntu18.04_all.deb	157687588425822b65874ccdd2f5b0a039f8cbfe177d48ff004bf647f018d480
xroad-securityserver-ee_6.20.0-1.ubuntu18.04_all.deb	ad5945dcfb7d15d9f57a9fc2acd90b4f813c252a71fd2b3ddf3d273daf1b89d8
xroad-securityserver-fi_6.20.0-1.ubuntu18.04_all.deb	94a5e98cb2620cf87a13cb0a1121b14675bbcfb21b02be7863f424cdeaa7733e
xroad-securityserver_6.20.0-1.ubuntu18.04_all.deb	d8951f73f4ca4283331eb8851629146562c8ded6f578e2e21e06b134050085ae
xroad-signer_6.20.0-1.ubuntu18.04_amd64.deb	bf908288e6926c4558f413e81c91b2b4d4895fb1d853d32e322c1b80e1134863

RPM

Package	SHA256 Checksum
xroad-addon-messagelog-6.20.0-1.el7.x86_64.rpm	6e7faa7a9a616eb4fe265f21724b00775d621b4778a199c3b3b773a031cfdb78
xroad-addon-metaservices-6.20.0-1.el7.x86_64.rpm	1b80b5457c1ba33cc5caf14dd0b133b569e0422688947b5f1e98ec516e71629e
xroad-addon-opmonitoring-6.20.0-1.el7.x86_64.rpm	45e81a0c3990a789f5f0c608631a35bb5aff9e49befa41a45856aca93a32cd32
xroad-addon-proxymonitor-6.20.0-1.el7.x86_64.rpm	8d4ba7a4082adae34c786d969d67e52fce422a24349c445f83acfe8e819e1d8a
xroad-addon-wsdlvalidator-6.20.0-1.el7.x86_64.rpm	4079c447d82a8c0b56e2e0fd9c3da96e4e278cbc79ecf4a3190f8e6c791b1886
xroad-autologin-6.20.0-1.el7.noarch.rpm	c6a23eca8d517627b72cca6354ae0ac1dd21088048102d98ffe7d97d1cde416a
xroad-base-6.20.0-1.el7.x86_64.rpm	8f7a0171ac6bcc22ddc85fda59a56de9e154b4b9c5b79b9e76d7b6975e007639
xroad-common-6.20.0-1.el7.x86_64.rpm	14f9e67d854568bf18337116a5e3a3f835cea3daa137d5252d471feefe2d70a7
xroad-confclient-6.20.0-1.el7.x86_64.rpm	9642af8f8f7eb017101fd008cf0a526a6cb4f75af3b798b5ceeef0fca1033408
xroad-jetty9-6.20.0-1.el7.x86_64.rpm	0bc72fc1fb14ee6ac2f54e6226044e1162eb96874b0d6c23e5715b14031d7ebd
xroad-monitor-6.20.0-1.el7.x86_64.rpm	12250378c947f92e5583492f23b0b11dbc5f3227fc6d812b562536718b32ad0c
xroad-nginx-6.20.0-1.el7.x86_64.rpm	7498e1555bd25809ae14a1e1620230f27d8a4bc5107a5316ac8bc3b394736361
xroad-opmonitor-6.20.0-1.el7.x86_64.rpm	f37774872426bc5c543ba793d26dd03465b3779fe2a8d632a30aaaeb7bc59d56
xroad-proxy-6.20.0-1.el7.x86_64.rpm	9e263c1e179d11846c1fe06418c59fd58bd79dc5ea8893cd825514a2039d0bb4
xroad-securityserver-6.20.0-1.el7.noarch.rpm	d07c6a8992ca833b894a4fc310f43d27cbfcf162fa1b65ddc07ad7eaf2334ff8
xroad-securityserver-fi-6.20.0-1.el7.noarch.rpm	1a46b72c13401486c2a66403ab8cf7295f495cf8c5f95fce71a693922754d9c3
xroad-signer-6.20.0-1.el7.x86_64.rpm	6f0c1405273e458d9b52724affc0cafc8518e6f6015e91998373c1473296f8b1