X-Road v6.26.0 Release Notes
Release Info
Version number | 6.26.0 |
|---|---|
Release date | 26.03.2021 |
Supported versions |
|
Supported platforms | Central Server
Configuration Proxy
Security Server
|
Official documentation | |
Source code | |
Software license |
Changes in This Release
Summary
Support for replacing OpenJDK8 with another Java 8 distribution on Ubuntu 18.04 LTS and Ubuntu 20.04 LTS.
Security improvements.
Write special characters to audit log in encoded format on Central Server and Security Server.
Add CSRF protection to Security Server's management API's "API keys" endpoint.
Minor enhancements and bug fixes based on user feedback.
Replace OpenJDK8 with another Java 8 distribution on Ubuntu 18.04 LTS and Ubuntu 20.04 LTS
Ubuntu OpenJDK 8 support ends after April 2021. Therefore, it is strongly recommended to migrate from the Ubuntu OpenJDK to AdoptOpenJDK which will be supported until 2026. Migration instructions from OpenJDK to AdoptOpenJDK are available here.
Completed Issues
Access to the X-Road Backlog and issue details requires signing up for an account. Sign up now and get access to the backlog and issue details immediately.
Issue ID | Type | Summary |
|---|---|---|
Fix | Fix various permission check inconsistencies in the Security Server UI frontend implementation | |
Improvement | Improve Security Server UI Keys and Certificates view to give better visual feedback about different token statuses | |
Improvement | Update local memory caches for the Security Server API to have a TTL of 60 seconds. This resolves issue with clustered configurations where modifications to api keys on primary node were not reflected on secondary nodes | |
Improvement | Add Subject Alternative Name (SAN) to the Security Server UI certificate details view. For API users this introduces a new field to the CertificateDetails type Of the various types that the Subject Alternative Name field can contain, X-Road only displays the following, which have a standard string format:
| |
Improvement | Update the HSM wrapper library to current version | |
Fix | Fix incorrectly displaying session expiration errors in the Security Server UI when navigating away and back to the server. | |
Fix | Fix incorrect Security Server API OpenApi description concerning possible key usage values | |
Fix | Update the Security Server UI Keys and Certificates view search field label from "Service" to "Search" | |
Fix | Update the Security Server UI add member/client/subsystem views and searches to have correct texts based on the wizard | |
Fix | Fix the Security Server UI add service clients view add subject wizard, where filtering the subjects would cause the radio button to visually appear to be deselected | |
Improvement | Update the Security Server UI local groups view to forbid adding non-printable characters | |
Improvement | Improve the Security Server UI endpoint input validation | |
Fix | Fix "Generate CSR" button not becoming disabled in Security Server UI add key flow while generating the CSR was in progress | |
Improvement | Improve audit logging to escape special characters so that they would not cause certain file readers to show the log entries incorrectly Special characters in the audit log are now displayed in the JSON escaped format (see https://tools.ietf.org/id/draft-ietf-json-rfc4627bis-09.html#rfc.section.7) As an example, here is an escaped unicode character within the login user (\u0085): | |
Fix | Fix a potential CSRF vulnerability in the Security Server API keys endpoints | |
Fix | Fix installing xroad-opmonitor packages on a server with no Security Server installed | |
Fix | Fix cases where missing OCSP responses would cause incorrect actions to be available to the user in the keys and certificates view of the Security Server UI | |
New | Update Ubuntu installation instructions for the Central Server and Security Server to describe installing the software with AdoptOpenJDK8. This change is due to the current information about Ubuntu dropping support for OpenJDK8 in April 2021 | |
Improvement | Improve configuration on Ubuntu based releases to make using alternative JAVA installations easier For new installs, X-Road now uses the systems default JAVA installation, this can be overridden by setting JAVA_HOME in /etc/xroad/services/local.conf to point to the preferred installation. For upgrades, the JAVA installation defined by JAVA_HOME in /etc/xroad/services/global.conf is used and the setting is migrated to /etc/xroad/services/local.conf. | |
Fix | Fix issue with log files where entries are hardcoded to be in the UTC timezone. After this update the logs will default to the servers timezone | |
Improvement | Update the Security Server clustering documentation to cover Ubuntu 20.04 and RHEL 8 setups. The updated document can be viewed here: https://github.com/nordic-institute/X-Road/blob/develop/doc/Manuals/LoadBalancing/ig-xlb_x-road_external_load_balancer_installation_guide.md | |
New | Added functionality to X-Road components to log the JAVA version being used to run the component at startup. In case the version is not supported by the software a warning is logged. | |
Fix | Update PostgreSQL JDBC driver that fixes a bug mentioned in: https://www.postgresql.org/message-id/flat/87h82kzwqn.fsf%40news-spur.riddles.org.uk | |
Fix | Update Akka to version 2.6.11 to properly fix a bug that affected Akka remoting in X-Road | |
Fix | Update Xerces to version 2.12.1 to get latest bug fixes | |
Fix | Fix issue where adding member to local group would fail in some instances | |
Fix | Fix issue where the log file "/var/log/xroad/proxy_ui_api_access.log" was not created | |
Fix | Fix issue where Central Server Cluster HA installation would leave the xroad-jetty service in a failed state with a remote database setup |
Issue types: fix (bug fix or technical debt), improvement (improvement to an existing feature), new (a new feature).
New/Updated Dependencies
Dependency | Old Version | New Version | Notes |
|---|---|---|---|
Akka | 2.6.10 | 2.6.11 | Fixes a bug that caused Akka remoting errors with Signer: https://github.com/akka/akka/issues/29828 |
HSM Wrapper | 1.3 | 1.6.2 | Updated HSM wrapper with latest bug fixes |
PostgreSQL JDBC driver | 42.2.16 | 42.2.18 | Fixes a communications bug with the PostgreSQL server: https://www.postgresql.org/message-id/flat/87h82kzwqn.fsf%40news-spur.riddles.org.uk |
xercesImpl | 2.12.0 | 2.12.1 | Update Xerces with the latest bugfix release |
httpmime | 4.5.2 | 4.5.13 | Updated to the latest bugfix release |
cxf-tools-validator | 3.4.0 | 3.4.2 | Updated to the latest bugfix release |
openapi-parser | 1.0.4 | 1.0.5 | Updated to the latest bugfix release |
swagger-parser | 2.0.21 | 2.0.24 | Updated to the latest bugfix release |
rack-cache | 1.6.0 | 1.6.1 | Updated to the latest bugfix release |
xmlsec | 2.2.0 | 2.2.1 | Updated to the latest bugfix release |
httpclient | 4.5.6 | 4.5.13 | Updated to the latest bugfix release |
jetty | 9.4.34.v20201102 | 9.4.36.v20210114 | Updated to the latest bugfix release |
hibernate | 5.4.23.Final | 5.4.28.Final | Updated to the latest bugfix release |
jackson | 2.11.3 | 2.11.4 | Updated to the latest bugfix release |
spring-cloud-dependencies | Hoxton.SR8 | Hoxton.SR10 | Updated to the latest release |
axios | 0.20.0 | 0.21.1 | Updated to the latest release |
Contributors
The following developers have contributed to the development of this release version. A contribution means at least one Git commit that is included in the release. The full list of contributors of different X-Road® versions is available here.
Other Notes
Package Repositories
Repository | URL |
|---|---|
Bionic |
|
Focal |
|
RPM / RHEL7 |
|
RPM / RHEL8 |
|
Repository Sign Key Details
Download URL | |
|---|---|
Hash | 935CC5E7FA5397B171749F80D6E3973B |
Fingerprint | A01B FE41 B9D8 EAF4 872F A3F1 FB0D 532C 10F6 EC5B |
3rd party key server |
Packages
Bionic
Package | SHA256 checksum |
|---|---|
xroad-addon-hwtokens_6.26.0-1.ubuntu18.04_all.deb | 799e859ab0783237335273707931921c4abf53f27fba27866a1a163d9c4cac34 |
xroad-addon-messagelog_6.26.0-1.ubuntu18.04_all.deb | 9f439d24679f11da6efc6f81f1d3aabcf478d9992f91bca690cea419d8184505 |
xroad-addon-metaservices_6.26.0-1.ubuntu18.04_all.deb | dfc9982d4363f2f8a7065ad68a2ed1bb0b8f96b419499f0ef5d9866a88a30fa9 |
xroad-addon-opmonitoring_6.26.0-1.ubuntu18.04_all.deb | 0bf6e8b504c6e02a59d7f8a3933873eed94c9bba61a042ed9524b558f5842582 |
xroad-addon-proxymonitor_6.26.0-1.ubuntu18.04_all.deb | ab8418dab2b90c1efd4917a069063cbe51c416942462d8204acd46ea2260b4df |
xroad-addon-wsdlvalidator_6.26.0-1.ubuntu18.04_all.deb | b722ae3372d68f923f71a8ea72923f9e13d9dd64b47c6dcf513a0806dc090eb8 |
xroad-autologin_6.26.0-1.ubuntu18.04_all.deb | a2b562db42e8f9dc8c80c2ad9e29bfb1dd0fb258adffd095c3f553c213a2dce2 |
xroad-base_6.26.0-1.ubuntu18.04_amd64.deb | 9a293a9a4b7da4852b462c28996db2e0ba6646f214b3ef4d40bbf6ce5f129470 |
xroad-center_6.26.0-1.ubuntu18.04_all.deb | 1b5375bf2fb3dc7c2c5d83710f9c5ee27e68ed2e8571fcd800d7a62eb637b127 |
xroad-centralserver-monitoring_6.26.0-1.ubuntu18.04_all.deb | 8974fa21eab8dd7f337af90f90e12c644fc72d6cefc06b708b0f15754bf521cb |
xroad-center-clusterhelper_6.26.0-1.ubuntu18.04_all.deb | 1d5cdc9b59801e02cf1c655d1b4ebb3e6fe9084dbed871bb89765af980736191 |
xroad-centralserver_6.26.0-1.ubuntu18.04_all.deb | 4c091b529faaa21917528fd52db7a4cb9f697c941082b55fed44cc2a7cec4425 |
xroad-confclient_6.26.0-1.ubuntu18.04_amd64.deb | 2dde2043c83321b11e8df1e62a2a81a8ff1b400cfacbecfeb8aecf26f7f244f6 |
xroad-confproxy_6.26.0-1.ubuntu18.04_all.deb | ec6067acdec8fc18c221b08abe3ccfac518713f2b380b972b72087fcc7e13737 |
xroad-jetty9_6.26.0-1.ubuntu18.04_all.deb | c43b58684a8a14abd9b2943318fb6404e96fa9b2efbeca6b575544193e6ebf0a |
xroad-monitor_6.26.0-1.ubuntu18.04_all.deb | 8c1d97059d08395ef24c9068d3b163cdda881e7d98e64ec4423417694b2b5342 |
xroad-nginx_6.26.0-1.ubuntu18.04_amd64.deb | 9234174430e5191d08d3bcb55bf53989992f38a224a834bcac44cdb1ff910b04 |
xroad-opmonitor_6.26.0-1.ubuntu18.04_all.deb | 51caa7f1cea9187d17d6c17d4b20582aa3003a24f84c137c9aa029fc7cef6c8c |