/
X-Road v6.25.0 Release Notes

X-Road v6.25.0 Release Notes

Dec 10, 2020

Release Info

Version number

6.25.0

Release date

27.11.2020

Supported versions

  • 6.25.0

  • 6.24.1

  • 6.23.0

Supported platforms

Central Server

  • Ubuntu 18.04 LTS

  • Ubuntu 20.04 LTS

Configuration Proxy

  • Ubuntu 18.04 LTS

  • Ubuntu 20.04 LTS

Security Server

  • Ubuntu 18.04 LTS

  • Ubuntu 20.04 LTS

  • RHEL 7

  • RHEL 8

Official documentation

https://github.com/nordic-institute/X-Road/tree/master/doc

Source code

https://github.com/nordic-institute/X-Road/tree/master

Software license

MIT

On this page:

Changes in This Release

On Ubuntu 18.04 LTS upgrading the Security Server from version 6.23.0 to version 6.25.0 requires using apt install xroad-securityserver OR apt full-upgrade commands. Doing apt upgrade is not enough when upgrading from version 6.23.0 to version 6.25.0, because the command does not remove the xroad-jetty and xroad-nginx packages that are removed in the upgrade. When upgrading from version 6.24.0/1 to version 6.25.0, doing apt upgrade is enough.

On RHEL7 upgrading the Security Server from versions 6.23.0/6.24.x to version 6.25.0 is done using yum update.

Please note that Security Server direct upgrade from versions < 6.23 to 6.25.0 is not supported. In case you’re running a Security Server version < 6.23, please upgrade to version 6.23.0 first, and then from version 6.23.0 to version 6.25.0.

Summary

  • Support for Ubuntu 20.04 LTS

    • Central Server, Security Server and Configuration Proxy can be migrated from Ubuntu 18.04 LTS to the latest Ubuntu 20.04 LTS version.

  • Minor enhancements and bug fixes based on user feedback.

Completed Issues

Access to the X-Road Backlog and issue details requires signing up for an account. Sign up now and get access to the backlog and issue details immediately.

Issue ID

Type

Summary

Issue ID

Type

Summary

XRDDEV-408

Improvement

Add validation to service URLs when a new SOAP service is added on the Security Server. When a new WSDL service description is added, all service URLs must begin with "http://" or "https://".

XRDDEV-665

Improvement

Update the Security Server REST management API documentation. Add more information about validation errors and warning responses to:

XRDDEV-1090

Improvement

Update the Security Server installation guide (Ubuntu / RHEL) to:

  • Describe deployment options

  • Describe how the database setup can be customized

  • Describe database user roles and how they can be customized

XRDDEV-1091

Improvement

Update the Central Server installation guide to:

  • Describe deployment options

  • Describe how the database setup can be customized

  • Describe database user roles and how they can be customized

XRDDEV-1125

New

Add experimental support for running X-Road Security Server on Java 11 platform. The experimental support means that it is possible to run the Security Server on Java 11, but the support has not been extensively tested. Therefore, it is not recommended to run the Security Server on Java 11 in production environments.

By default, the installer still installs JRE8, installing and configuring JRE11 needs to be done manually.

XRDDEV-1222

Improvement

Update the Security Server installation guide (Ubuntu / RHEL) and user guide to better reflect the new Security Server UI and API.

XRDDEV-1223

Improvement

Update the Security Server architecture documents and other technical documents to better reflect the new Security Server UI and API.

XRDDEV-1237

New

Add autofocus to forms and dialogs on the Security Server UI. The first input field of selected forms and dialogs is automatically focused when a page is loaded.

XRDDEV-1244

Improvement

Improve the presentation of long identifiers (e.g., member, subsystem) in the Security Server UI. Before the change long identifiers caused problems with the UI layout in several views causing the layout to break.

XRDDEV-1266

Improvement

Improve error messages in the Security Server UI. In case the same error occurs multiple times, only one error message is shown in the UI. The error message contains a counter that indicates how many times the error has occurred.

XRDDEV-1272

Improvement

Update the OpenAPI 3 description of the Security Server's management REST API to provide more information about how warnings are handled.

XRDDEV-1299

New

Add Ubuntu 20.04 packaging for the Security Server.

XRDDEV-1300

New

Add Ubuntu 20.04 packaging for the Central Server.

XRDDEV-1301

New

Add Ubuntu 20.04 packaging for the Configuration Proxy.

XRDDEV-1302

Improvement

Improve security by securing communications between local X-Road processes running on the same server (e.g., signer, proxy). Before the change any user with console access could for example invoke signer operations (sign a message, create or delete a key etc.). Now root or xroad system user privileges are required. The communication is secured using TLS and mutual authentication between the components.

Starting from version 6.25.0 the communication is secured in all new and existing installations by default. Secure communications can be disabled by setting the "common.akka-use-secure-remote-transport" system parameter to false.

/etc/xroad/conf.d/local.ini
[common] akka-use-secure-remote-transport=false

XRDDEV-1324

Improvement

Add Ubuntu 20.04 LTS support to the X-Road Ansible scripts.

XRDDEV-1335

Fix

Update an icon in the Security Server UI. Replace an outdated certificate icon in Client - Internal servers view with the current icon version.

XRDDEV-1340

Fix

Fix admin user groups on a secondary Security Server on an Ubuntu cluster setup. On a Security Server cluster, secondary server admin should have only observer rights. Before version 6.25.0 on an Ubuntu cluster a normal admin is created instead. Starting from version 6.25.0 an admin with only observer rights is created.

Existing installations are not affected. The change does not remove groups from existing installations, only fixes new installations.

XRDDEV-1344

Improvement

Update the Central Server and Security Server (Ubuntu / RHEL) installation guides to describe how the required database structures and users can be created manually. When the required database structures and users are created manually before the installation process, the database superuser password is not needed during the installation and therefore, storing it on the server is not required.

XRDDEV-1345

Improvement

Create a Knowledge Base article on how to fix a failed Security Server database migration manually.

XRDDEV-1353

Improvement

Use key id as a label in the Keys and Certificates view in the new Security Server UI if the authentication or signing key is missing both label and friendly name.

XRDDEV-1354

Fix

Fix an issue that sometimes caused "Ã-" to be shown instead of close icon "X".

XRDDEV-1359

Fix

Fix an issue with resource caching in the Security Server UI.

XRDDEV-1360

Fix

Fix an issue that caused member classes from federated instances to be included in Add member and Add client views. It is possible to use only member classes defined in the instance where the Security Server is registered. Therefore, member classes from federated instances must not be included in Add member and Add client views.

XRDDEV-1362

Fix

Fix an issue that caused members and clients from federated instances to be included in Add member and Add client views. It is possible to add only members and clients from the instance where the Security Server is registered. Therefore, members and clients from federated instances must not be included in Add member and Add client views.

XRDDEV-1364

Fix

Fix an issue in the Add member view that caused an error message about a missing member code to be shown even if member code was entered.

XRDDEV-1365

Fix

Fix an issue in the client search that caused inaccurate search results. Before version 6.25.0 "Instance" and "Member class" fields worked as partial text match. Starting from version they work as full match.

XRDDEV-1366

Improvement

Improve validation when adding a new a local client and sending a client registration request. The improved validation covers:

  • check for an invalid member class when adding a new local client

  • check for both an invalid instance identifier and an invalid member class when registering a client.

XRDDEV-1371

Fix

Fix an issue that caused the Security Server UI database connection to fail if the database schema and username were different.

XRDDEV-1394

Improvement

Make API keys read-only on secondary nodes in a Security Server cluster. API keys are created on the primary node and replicated to all secondary nodes together with other configuration data. Starting from version 6.25.0 only API keys with the observer role can be used to access the Security Server management API on secondary nodes in a Security Server cluster. The API keys with the observer role can be used to read configuration from secondary nodes. In case an API key is not associated with the observer role, the API key does not grant any permissions on secondary nodes.

XRDDEV-1403

Fix

Fix an issue that caused signer to become unresponsive when system time jumps 10 seconds or more, e.g., during a snapshot freeze or when a virtual machine is suspended. Affected X-Road versions are 6.24.0 and 6.24.1. Starting from version 6.25.0 a jump in the system time does not make signer unresponsive.

XRDDEV-1405

Fix

Fix an issue that caused an error message to be shown to the user when navigating to the Security Server UI login page.

XRDDEV-1407

Improvement

Make Service Client wizard's Service filter case insensitive so that upper- and lowercase letters are treated being the same.

XRDDEV-1421

Fix

Fix an issue with certificates that caused the listing of tokens to fail in the Security Server UI. Certificates without a key usage extension were not handled correctly by the Security Server UI.

XRDDEV-1425

Fix

Fix an issue that allowed authentication CSR creation for keys stored on an HSM device. Starting from version 6.25.0 the usage type of a CSR is limited to signing when the key is stored on an HSM.

XRDDEV-1426

Fix

Fix an issue that caused keys without a defined key usage to be incorrectly grouped in the Security Server UI's Keys and Certificates view.

XRDDEV-1438

Fix

Fix an issue that caused proxy-ui-api module to log into rsyslog. After the fix, the proxy-ui-api module logs into proxy_ui_api.log application log only.

XRDDEV-1445

Fix

Fix a style issue in the error snackbar in the Security Server UI.

XRDDEV-1455

Improvement

Update license notices and add link to license notices in the Security Server UI.

XRDDEV-1457

Fix

Fix an issue with opening certificate details of a certificate stored on an HSM that has not been imported yet.

XRDDEV-1459

Improvement

Add link to license notices in the Central Server UI.

XRDDEV-1487

Fix

Implement a workaround to a connection timeout issue between configuration proxy and signer. The issue is caused by a bug in an external dependency and a permanent fix will be implement when an updated version of the dependency is available.

Issue types: fix (bug fix or technical debt), improvement (improvement to an existing feature), new (a new feature).

New/Updated Dependencies

Dependency

Old Version

New Version

Notes

Dependency

Old Version

New Version

Notes

Gradle

4.1

6.6

Required to support newer dependencies and tools

Contributors

The following developers have contributed to the development of this release version. A contribution means at least one Git commit that is included in the release. The full list of contributors of different X-Road® versions is available here.

GitHub Username

GitHub Username

carohauta

iluwatar

jansu76

jhyoty

olliru

petkivim

raits

Riippi

TJaakkola

Other Notes

Package Repositories

Repository

URL

Repository

URL

Bionic

deb https://artifactory.niis.org/xroad-release-deb bionic-<version> main

Focal

deb https://artifactory.niis.org/xroad-release-deb focal-<version> main

RPM / RHEL7

https://artifactory.niis.org/xroad-release-rpm/rhel/7/<version>

RPM / RHEL8

https://artifactory.niis.org/xroad-release-rpm/rhel/8/<version>

Repository Sign Key Details

Download URL

https://artifactory.niis.org/api/gpg/key/public

Hash

935CC5E7FA5397B171749F80D6E3973B

Fingerprint

A01B FE41 B9D8 EAF4 872F A3F1 FB0D 532C 10F6 EC5B

3rd party key server

SKS key servers

Packages

Bionic

Package

SHA256 checksum

Package

SHA256 checksum

xroad-addon-hwtokens_6.25.0-1.ubuntu18.04_all.deb

bafeeaa3a6f8e69f66f13955e25b10c39b0d23ed069c6e60e645c0335595a1b3

xroad-addon-messagelog_6.25.0-1.ubuntu18.04_all.deb

4c11c64efb958a55a4fb8854aa635f4ba3ad76bb559813138949e3ed7587d6da

xroad-addon-metaservices_6.25.0-1.ubuntu18.04_all.deb

30e807b4b2f45379215bb7f919a6bfb031f343c165cf66116d6d3609ef85fcf1

xroad-addon-opmonitoring_6.25.0-1.ubuntu18.04_all.deb

f13464905881577d32479a4ff1c8a6deee0a782ac3d27aece2d4e8090fb31576

xroad-addon-proxymonitor_6.25.0-1.ubuntu18.04_all.deb

6a5eddf250c6bffefa32000057e66f8f759ff9cebcbdc283025d27a59c9d9d97

xroad-addon-wsdlvalidator_6.25.0-1.ubuntu18.04_all.deb

d65a6cfefdfa30efd2c1887579e94d5d06362ccfd061a84551f93c70827fe45c

xroad-autologin_6.25.0-1.ubuntu18.04_all.deb

0a39c4386c46a1214ee7b5a71d53a6311edbd2f27a63ea1008e0840d1a969b37

xroad-base_6.25.0-1.ubuntu18.04_amd64.deb

a836ab8d98bf12c38cd8391857b7c3a9194935d498ff2d1a91de82932735850f

xroad-center_6.25.0-1.ubuntu18.04_all.deb

b8c22f98e862d692902dc3fdfde778febbad39d573d9071b111fb5fb209c27cd

xroad-center-clusterhelper_6.25.0-1.ubuntu18.04_all.deb

f83ff43af8c3213da503b192a7b8f960bd06f488bc23bdae10f3c87cbe679eb5

xroad-centralserver_6.25.0-1.ubuntu18.04_all.deb

e71cd3b116234a0dd5ce0c5b3bf48731c69c436a03bd080fbddcf2f3306449f9

xroad-centralserver-monitoring_6.25.0-1.ubuntu18.04_all.deb

931a06ff9d949b3c6dd1bb4b42e6963320c9bccae81b9745467feffdadfa7539

xroad-confclient_6.25.0-1.ubuntu18.04_amd64.deb

524156c1ae1952aa9ebe97a9172f76d271f448aff46bd4571ce853d27be5b2e9

xroad-confproxy_6.25.0-1.ubuntu18.04_all.deb

aa1dc5f669aec3e445be59d42f22835625e94c89e93d27ad4d58cafe30f62b49

xroad-jetty9_6.25.0-1.ubuntu18.04_all.deb

a42bf3f40213200f598b3ed070fba989e1d68d185709a40aeb311ef836f88648

xroad-monitor_6.25.0-1.ubuntu18.04_all.deb

d0c19c2517cd172d8ab03555848e09fedb4c35ba7d06379b76fbc80974b9ea78

xroad-nginx_6.25.0-1.ubuntu18.04_amd64.deb

59a8da56d9763a147fa9b355ce0cb1ec2c792f4ad72a45f84d809a7d36af79d2

xroad-opmonitor_6.25.0-1.ubuntu18.04_all.deb

2a1428d233b807e70e35469a60d355928f89061d1e7c7dbc184feea0817be3dc

xroad-proxy_6.25.0-1.ubuntu18.04_all.deb

0995fbbc61000ab831ac5c93ecf53380bac27513d38493ece6309665edc89f9e

xroad-proxy-ui-api_6.25.0-1.ubuntu18.04_all.deb

6026e754eeead9bf6b0a92e515be9b5b32e213862f659d6e18704e8e39aafc51

xroad-securityserver_6.25.0-1.ubuntu18.04_all.deb

58ea4ef65ae8c79fa4ceeeb22a8a444bdf70e54ad1b9451ee21046c623d76f3f

xroad-securityserver-ee_6.25.0-1.ubuntu18.04_all.deb

9f45d27b5e0a83e5849b9ccc5c8d9bff6db1309d6057e9296a71d65fb0b3de57

xroad-securityserver-fo_6.25.0-1.ubuntu18.04_all.deb

11027d4ef93c06a8d3a9cf92673d9c49c2e604132ba86908d20b4939a519340b

xroad-securityserver-fi_6.25.0-1.ubuntu18.04_all.deb

222e05fb87a7de8db07cc17827a25608061ac5a3f3b0cf7a405ae50daab025ce

xroad-securityserver-is_6.25.0-1.ubuntu18.04_all.deb

dbd031a41ca03c22117940edead4d1ae7e9ea038e300ae7b2e0c5994c5d94425

xroad-signer_6.25.0-1.ubuntu18.04_amd64.deb

dd048ada30c915ffbc910da88bc436dfbcba2795263e576b33b6468ab9b3b21b

Focal