X-Road v6.20.0 Release Notes

Release Info

Version number6.20.0
Release date25.01.2019
Supported versions
  • 6.20.0
  • 6.19.0
  • 6.18.0
Supported platforms

Central Server

  • Ubuntu 14.04 LTS
  • Ubuntu 18.04 LTS

Configuration Proxy

  • Ubuntu 14.04 LTS
  • Ubuntu 18.04 LTS

Security Server

  • Ubuntu 14.04 LTS
  • Ubuntu 18.04 LTS
  • RHEL 7
Official documentationhttps://github.com/nordic-institute/X-Road/tree/master/doc
Source codehttps://github.com/nordic-institute/X-Road/tree/master
Software licenseMIT
On this page:

Changes in This Release

Summary

  • Support for Ubuntu 18.04 LTS.
    • Central Server, Security Server and Configuration Proxy can be migrated from Ubuntu 14.04 LTS to the latest Ubuntu 18.04 LTS version.
    • Ubuntu 14.04 LTS will quit receiving maintenance updates in Q2/2019 which is why migration is required.
    • Ubuntu 18.04 LTS support includes installation packages, and instructions for fresh install and migration from Ubuntu 14.
  • Security Server provides built-in support for Finnish data classification system level ST IV.
    • The default security configuration has been updated according to the Finnish Communications Regulatory Authority's requirements.
  • Messagelog time-stamping has been improved so that messagelog records are always verifiable regardless of the number of processed messages and Security Server’s load.
  • Security Server's security and maintainability is improved replacing customised and outdated 3rd party components with the latest off-the-shelf versions of the components.
    • In addition, maintainability is improved removing unsupported features and dead code from the codebase.

Completed Issues

Access to the X-Road Backlog and issue details requires signing up for an account. Sign up now and get access to the backlog and issue details immediately.

Issue IDTypeSummary
XRDDEV-8Fix

Replace an outdated custom version of Apache CXF's WSDL validator with the latest factory version. The fix reduces technical debt.

N.B.! The change may affect adding and/or refreshing services (WSDL documents) on Security Server. The new version of the validator might reject some WSDL documents that the previous version accepted.

XRDDEV-10FixReplace outdated Logback logging module by more robust Slf4jRequestLog module. The fix reduces technical debt.
XRDDEV-29Improvement

Update cryptographic strength of key exchange to 128bits on communication between Security Servers, and operational monitoring daemon and client. Introduce whitelist setting to configure accepted cipher suites on Security Server. The change is backwards compatible - when Security Server version >= 6.19.0 communicates with a version <= 6.18.0, the old cryptographic strength of key exchange (< 128 bits) is used.

After the improvement Security Server meets Finnish Communications Regulatory Authority's (FICORA) technical requirements for transferring ST IV classified information (on Finnish data classification system).

N.B.! Red Hat Enterprise Linux 7 (RHEL7) supports the new configuration starting from RHEL 7.3 - support for the new configuration requires RHEL 7.3 or newer.

XRDDEV-60Improvement

Add a script and related documentation for re-configuring the IP addresses of Central Server nodes in a high-availability (HA) cluster.

XRDDEV-62ImprovementLog a warning in Security Server's proxy.log when the amount of timestamped records reaches 70% of timestamp-records-limit. The warning indicates to Security Server administrator that the value of timestamp-records-limit should be increased.
XRDDEV-86FixStore X-Road version information in a platform independent way. Version information is available for X-Road components even if installation packages have not been installed, e.g. running Security Server in a Docker container.
XRDDEV-94NewCreate Security Server installation packages for Ubuntu 18.04 LTS.
XRDDEV-95NewCreate Central Server installation packages for Ubuntu 18.04 LTS.
XRDDEV-96NewCreate Configuration Proxy installation packages for Ubuntu 18.04 LTS.
XRDDEV-97NewCreate Ubuntu 18.04 LTS upgrade instructions for Security Server.
XRDDEV-98NewCreate Ubuntu 18.04 LTS upgrade instructions for Central Server.
XRDDEV-99NewCreate Ubuntu 18.04 LTS upgrade instructions for Configuration Proxy.
XRDDEV-101NewCreate Ubuntu 18.04 LTS installation instructions for Central Server, Configuration Proxy and Security Server.
XRDDEV-105FixFix error causing global configuration returning outdated data on a federation setup. The error is rare and can occur in a situation where two federated instances are started up after they have been both shut down long enough for global configuration to expire.
XRDDEV-106FixImprove Security Server performance by making authentication key handling more efficient.
XRDDEV-108FixFix error in operational monitoring regarding measuring the processing time of requests - time that is consumed between sending out a request and receiving a response. The previous logic might have caused operational monitoring to return incorrect and even negative values.
XRDDEV-117ImprovementImprove Security Server's XML parser's external entity processing to make XML parsing secure by default.
XRDDEV-138FixFix wrong namespace in X-Road Service Metadata Protocol (PR-META) document.
XRDDEV-141FixFix an error causing a query to fail when a service is available on two or more Security Servers, and the host name resolution of one of the Security Servers fails.
XRDDEV-143ImprovementMake Signer component's module manager update interval configurable. Security Server administrator can override the default value using a configuration file.
XRDDEV-144FixMake timeout value used in batch signatures configurable. Security Server administrator can override the default value using a configuration file.
XRDDEV-145Improvement

Improve messagelog time-stamping so that messagelog records are always verifiable regardless of the number of processed messages and Security Server’s load. When the number of messages to time-stamp reaches the maximum value, batch time-stamping cycle is repeated until the number of time-stamped records is lower than timestamp-records-limit.

XRDDEV-146Fix

Drop support for global configuration v1. Officially supported X-Road versions all use global configuration v2.

N.B.! Security Server versions <=6.7.13 are no longer supported by Central Server versions >= 6.20.0.

XRDDEV-162FixUpdate NIIS package repository (https://artifactory.niis.org) to official documentation.
XRDDEV-165FixMake client-side Security Server to enforce whitelisted cipher suites in the connections between Security Servers.
XRDDEV-168FixRemove unused code from the code base.
XRDDEV-169ImprovementAdd installation instructions for Security Server on RHEL7.
XRDDEV-170ImprovementAdd support for setting up a Security Server cluster running on Ubuntu 18.04 LTS using Ansible setup scripts.
XRDDEV-177Fix

Update X-Road software version number format that is shown in the Version tab of the Security Server UI.

Release version number format is x.y.z and snapshot version number format is x.y.z-SNAPSHOT-commitDate-commitHash.

XRDDEV-178NewAdd support for Central Server clustering on Ubuntu 18.04 LTS.
XRDDEV-184ImprovementConvert ASiC verifier's documentation (UG-SIGDOC) from Word to Markdown.
XRDDEV-191FixAdd environmental monitoring daemon and environmental monitoring query to X-Road's architecture documentation (ARC-G).
XRDDEV-192ImprovementAdd support for extracting a message from ASiC container when verification of the container fails. The improvement enables extraction of messages from ASiC containers when SOAP payload is not logged in messagelog database.
XRDDEV-220FixFix an intermittent failure in connection creation between Security Servers.
XRDDEV-222NewCreate Ubuntu 18.04 LTS upgrade instructions for Security Server cluster.
XRDDEV-229ImprovementFinnish national settings: Update default authentication and signing key length to 3072 bits (earlier 2048 bits).
XRDDEV-231ImprovementAdd X-Road brand colors and and X-Road logo in Central Server and Security Server UIs.
XRDDEV-232ImprovementAdd a Feedback page including links to X-Road Service Desk and X-Road Backlog in Central Server and Security Server UIs.
XRDDEV-248FixSet a timeout value for the SSL handshake when establishing a connection between Security Servers. Previously, the Security Server could wait forever for the SSL handshake to complete after the TCP connection was set up.
XRDDEV-256Improvement

Asicverifier's version number follows the Security Server's version number. Until now asicverifier's version number has been 1.0 and it has not changed even if the component has been updated. Starting from v6.20.0 asicverifier officially supports the matching Security Server version number. In addition, the version number is dropped from the jar filename, and a new command line option (--version) is introduced.

$ java -jar asicverifier.jar --version
AsicVerifier (X-Road) 6.20.0
XRDDEV-257ImprovementRemove NTP dependency from X-Road packaging. NTP is no longer automatically installed together with Central Server, Security Server and Configuration Proxy packages. Administrators are free to choose the time syncing mechanism they want to use.

Issue types: fix (bug fix or technical debt), improvement (improvement to an existing feature), new (a new feature).

Other Notes

Package Repositories

RepositoryURL
Bionic
deb https://artifactory.niis.org/xroad-release-deb bionic-<version> main
Trusty
deb https://artifactory.niis.org/xroad-release-deb trusty-<version> main
RPM
https://artifactory.niis.org/xroad-release-rpm/rhel/7/<version>

Repository signing key can be downloaded from: https://artifactory.niis.org/api/gpg/key/public

Packages

Ubuntu 14 (trusty)

PackageSHA256 Checksum
xroad-addon-hwtokens_6.20.0-1.ubuntu14.04_all.deb8d89873959b1616fc39afbb9a06e23323c0ca01db58291cd5f5ab93fd257b95a
xroad-addon-messagelog_6.20.0-1.ubuntu14.04_all.deb6edee695245b9b1950658470c6857e3f6feb223bfd5102e3a15e2a2af8ddcca5
xroad-addon-metaservices_6.20.0-1.ubuntu14.04_all.deb5428c3565255d556eb2b680ed3462a06316675daa4a80d14ca23f6bf89989038
xroad-addon-opmonitoring_6.20.0-1.ubuntu14.04_all.debfde7f7970c54fa540d732cbe619b5c9bdecdf92916141f3763aff98de12ba23e
xroad-addon-proxymonitor_6.20.0-1.ubuntu14.04_all.deba74f695fdd67f1e490e68f2dd9c23f5889b4b6510b9762db492f6606d8a66049
xroad-addon-wsdlvalidator_6.20.0-1.ubuntu14.04_all.debcd6ca3be1fc6dae7d4c783182799f34b10245e9d3d78f9ffb5204d187f1c423d
xroad-autologin_6.20.0-1.ubuntu14.04_all.deb6f3d05173d45eeff0527b8e838f3342b3f8359d1fb33836e311a3969e68d4edb
xroad-base_6.20.0-1.ubuntu14.04_amd64.deb1f425761525dbbc142bf0157c520bf36ba03e355b58414f2701d8e9ef30d3358
xroad-center-clusterhelper_6.20.0-1.ubuntu14.04_all.deb145b462da10f60528ea13be7345c7b934dedf31198b75705ef8945fcb7f02770
xroad-center_6.20.0-1.ubuntu14.04_all.deb2a92db835c4173b9f9a9d1d6d14fd49035d4453f4d2b96c8a5a55134ceb6bda4
xroad-centralserver-monitoring_6.20.0-1.ubuntu14.04_all.debbda0d33b66e9d340c4b7e98b728e90565eff0ac291fde55db5545231ff5cbf5b
xroad-centralserver_6.20.0-1.ubuntu14.04_all.debe5e8e53140b77ab83be068cd7d2f218269317efddf8a612cf976e12083e70e43
xroad-confclient_6.20.0-1.ubuntu14.04_amd64.debca9bd65ac5c70a5a33c4ba83e6d343025c737db19b91b2469e17545c974c351c
6.20.0/xroad-confproxy_6.20.0-1.ubuntu14.04_all.deb72befb2ebc96b63e66de8c11bf29597af7ef3aeecf8a7a788e3025e4ffc6d20d
xroad-jetty9_6.20.0-1.ubuntu14.04_all.deb4328fbf43961e9e691f5aa0e1a051e0a399842857c402958d20493ec69ab77fe
xroad-monitor_6.20.0-1.ubuntu14.04_all.deb4dbfc5b00bf76ba205fd19626b38c25612262f33008cdb97bd77aad0b0195ceb
xroad-nginx_6.20.0-1.ubuntu14.04_amd64.deb36b23f12121c1776e6d4036ed2784bda76fc7c1b75774cff1898be6c7668ad9e
xroad-opmonitor_6.20.0-1.ubuntu14.04_all.deb49150daabc0b0bcc91c12c5cc78ca9a26dacfee445ddfab5897ac06b995c6c5f
xroad-proxy_6.20.0-1.ubuntu14.04_all.deb4d3262171753790cbe0988f3552fa1c6899823c235694dee0ba10ddfd55504e8
xroad-securityserver-ee_6.20.0-1.ubuntu14.04_all.deb343cc2e143003cc9a9293dc3881741f9393f2b16646d7f031b1836a89777a91f
xroad-securityserver-fi_6.20.0-1.ubuntu14.04_all.deb0ff5139a7958b29fe102ad05ee9ffe8329b470ce0ac84669549594ee76bd509a
xroad-securityserver_6.20.0-1.ubuntu14.04_all.deb6021d100c98c459aeeb10245f296a30c2258ede17da5189d85a60ba99b383f68
xroad-signer_6.20.0-1.ubuntu14.04_amd64.deb5ce785e274e669ad1b394469069558d6dfe33431889decedd66bf3a1df7073ce

Ubuntu 18 (bionic)

PackageSHA256 Checksum
xroad-addon-hwtokens_6.20.0-1.ubuntu18.04_all.deb1e454345f1d8509ab9835bfe7af00cb8383585fa89e80db1197c652ca3ec28b2
xroad-addon-messagelog_6.20.0-1.ubuntu18.04_all.debb7acdf9bebe23c1c8e55a9cfd5302f80b818931566b06131b20d8817cd2968aa
xroad-addon-metaservices_6.20.0-1.ubuntu18.04_all.debb162b58498472df5b4442109fa911c14b51dfa0d9ff08d73646986ef4977a76f
xroad-addon-opmonitoring_6.20.0-1.ubuntu18.04_all.debd6aaf543df5e71232149cb881e7055c1c6a213b370c9d43c7ced3c904bfb7a5d
xroad-addon-proxymonitor_6.20.0-1.ubuntu18.04_all.deba11feba8b18d8e69550fb12557324159f3eee0c282a164705844c9d35a328c23
xroad-addon-wsdlvalidator_6.20.0-1.ubuntu18.04_all.deba67a14fc10e50c876bef1c4d4b0d9372b66c0393a6ac9271a594072544f7a19f
xroad-autologin_6.20.0-1.ubuntu18.04_all.deb85dc434e970e701852cb55871cf2ef8a711fbb4f3dd9e7074d1600b5f49e7d10
xroad-center-clusterhelper_6.20.0-1.ubuntu18.04_all.deb1cf49500c5762afcb4ab59a73f6fce9c4ab69c3b31fb17ce1190c489da23ee6d
xroad-base_6.20.0-1.ubuntu18.04_amd64.deb1f9440080195ae48bc764d3f1f57aacb05e924997b0cbcd4aa1bc62abd93279d
xroad-center_6.20.0-1.ubuntu18.04_all.debd8066b01373696eab09fdab417f499a399d33a222859d3a06f8d5087a4d683de
xroad-centralserver-monitoring_6.20.0-1.ubuntu18.04_all.debbf5e042cbff8b9a829f2559f42bb512b7ae7f1f979010e9aade68aff37b67f43
xroad-centralserver_6.20.0-1.ubuntu18.04_all.deb9c160de93d04f83913e9895daba9c275256279dbc0dfb388c0cfcf5ec7ffa8f1
xroad-confclient_6.20.0-1.ubuntu18.04_amd64.deb30abee50f73c775236bd2a17ce5a7597a03e4a1aaad6fa2b6fa2e339f12b8d75
xroad-confproxy_6.20.0-1.ubuntu18.04_all.deb0299253397f2d909c369560e834487c1865351c78e2ec3af68cd372dc6aa97bd
xroad-jetty9_6.20.0-1.ubuntu18.04_all.deb6dd4038e90da5cfbd22ea71d5b142e456e69fc763390cfa899fbd69948ec3b7e
xroad-monitor_6.20.0-1.ubuntu18.04_all.deb62e6f934c5f38a85e26afb820a3fd0818c26fddd032746efe081c4223f969b47
xroad-nginx_6.20.0-1.ubuntu18.04_amd64.deb2c040b902345cb6289814b1a70d1a32d8ff510793f9b6f9f71d197e5e661b02b
xroad-opmonitor_6.20.0-1.ubuntu18.04_all.debf5d08b40a76e00a1b7c6065575925431d9bb3a808b57681e0295cf290044deda
xroad-proxy_6.20.0-1.ubuntu18.04_all.deb157687588425822b65874ccdd2f5b0a039f8cbfe177d48ff004bf647f018d480
xroad-securityserver-ee_6.20.0-1.ubuntu18.04_all.debad5945dcfb7d15d9f57a9fc2acd90b4f813c252a71fd2b3ddf3d273daf1b89d8
xroad-securityserver-fi_6.20.0-1.ubuntu18.04_all.deb94a5e98cb2620cf87a13cb0a1121b14675bbcfb21b02be7863f424cdeaa7733e
xroad-securityserver_6.20.0-1.ubuntu18.04_all.debd8951f73f4ca4283331eb8851629146562c8ded6f578e2e21e06b134050085ae
xroad-signer_6.20.0-1.ubuntu18.04_amd64.debbf908288e6926c4558f413e81c91b2b4d4895fb1d853d32e322c1b80e1134863

RPM

PackageSHA256 Checksum
xroad-addon-messagelog-6.20.0-1.el7.x86_64.rpm6e7faa7a9a616eb4fe265f21724b00775d621b4778a199c3b3b773a031cfdb78
xroad-addon-metaservices-6.20.0-1.el7.x86_64.rpm1b80b5457c1ba33cc5caf14dd0b133b569e0422688947b5f1e98ec516e71629e
xroad-addon-opmonitoring-6.20.0-1.el7.x86_64.rpm45e81a0c3990a789f5f0c608631a35bb5aff9e49befa41a45856aca93a32cd32
xroad-addon-proxymonitor-6.20.0-1.el7.x86_64.rpm8d4ba7a4082adae34c786d969d67e52fce422a24349c445f83acfe8e819e1d8a
xroad-addon-wsdlvalidator-6.20.0-1.el7.x86_64.rpm4079c447d82a8c0b56e2e0fd9c3da96e4e278cbc79ecf4a3190f8e6c791b1886
xroad-autologin-6.20.0-1.el7.noarch.rpmc6a23eca8d517627b72cca6354ae0ac1dd21088048102d98ffe7d97d1cde416a
xroad-base-6.20.0-1.el7.x86_64.rpm8f7a0171ac6bcc22ddc85fda59a56de9e154b4b9c5b79b9e76d7b6975e007639
xroad-common-6.20.0-1.el7.x86_64.rpm14f9e67d854568bf18337116a5e3a3f835cea3daa137d5252d471feefe2d70a7
xroad-confclient-6.20.0-1.el7.x86_64.rpm9642af8f8f7eb017101fd008cf0a526a6cb4f75af3b798b5ceeef0fca1033408
xroad-jetty9-6.20.0-1.el7.x86_64.rpm0bc72fc1fb14ee6ac2f54e6226044e1162eb96874b0d6c23e5715b14031d7ebd
xroad-monitor-6.20.0-1.el7.x86_64.rpm12250378c947f92e5583492f23b0b11dbc5f3227fc6d812b562536718b32ad0c
xroad-nginx-6.20.0-1.el7.x86_64.rpm7498e1555bd25809ae14a1e1620230f27d8a4bc5107a5316ac8bc3b394736361
xroad-opmonitor-6.20.0-1.el7.x86_64.rpmf37774872426bc5c543ba793d26dd03465b3779fe2a8d632a30aaaeb7bc59d56
xroad-proxy-6.20.0-1.el7.x86_64.rpm9e263c1e179d11846c1fe06418c59fd58bd79dc5ea8893cd825514a2039d0bb4
xroad-securityserver-6.20.0-1.el7.noarch.rpmd07c6a8992ca833b894a4fc310f43d27cbfcf162fa1b65ddc07ad7eaf2334ff8
xroad-securityserver-fi-6.20.0-1.el7.noarch.rpm1a46b72c13401486c2a66403ab8cf7295f495cf8c5f95fce71a693922754d9c3
xroad-signer-6.20.0-1.el7.x86_64.rpm6f0c1405273e458d9b52724affc0cafc8518e6f6015e91998373c1473296f8b1