X-Road v6.21.0 Release Notes

Release Info

Version number	6.21.0
Release date	30.04.2019
Supported versions	6.21.0 6.20.1 6.19.1
Supported platforms	Central Server Ubuntu 14.04 LTS Ubuntu 18.04 LTS Configuration Proxy Ubuntu 14.04 LTS Ubuntu 18.04 LTS Security Server Ubuntu 14.04 LTS Ubuntu 18.04 LTS RHEL 7 N.B.! v6.21.0 is the last new version released for Ubuntu 14.04 LTS. Starting from v6.22.0 the supported platforms are Ubuntu 18.04 LTS and RHEL7. Ubuntu 14.04 versions of previous releases (v6.20.1, v6.21.0) are supported until the end of the release's official support period.
Official documentation	https://github.com/nordic-institute/X-Road/tree/master/doc
Source code	https://github.com/nordic-institute/X-Road/tree/master
Software license	MIT

On this page:

Changes in This Release

Summary

Security Server provides support for consuming and producing both SOAP and REST services.
- REST-based systems can be integrated to X-Road without technical changes and an additional adapter service component.
- REST support is not limited to just JSON and XML messages as Security Server does not set any restrictions to the content type of the payload that is transferred between a service consumer and a service producer.
- Consuming and producing SOAP services remains supported and no changes are required to existing SOAP based service consumers and producers.
X-Road onboarding process is streamlined enabling automatic approval of registration requests of new X-Road member organizations and information systems.
- X-Road operator may choose between automatic and manual approval of registration requests within an X-Road ecosystem.
- Automatic approval speeds up the registration process and reduces the daily management tasks of the X-Road operator.
Standalone Security Server is a special version of Security Server that is ready-to-use in minutes without the normal Security Server installation, configuration and registration process.
- Standalone Security Server is meant for testing purposes in X-Road service development and it cannot communicate with other Security Servers.
- Standalone Security Server is targeted especially to developers and organizations that are developing services to be published via X-Road.
- N.B.! Standalone Security Server has been released on 8th May 2019 on Docker Hub.

More Detailed Summary of REST Related Features

Basic REST functionality
- Message exchange with signing and time-stamping
- Message logging with archiving
- Downloading and verification of log records
Adding a REST service using an URL
- No support for OpenAPI definitions
Operational monitoring of REST services
Service-level authorization
Certificate based authentication (clients + services)
X-Road Message Protocol for REST 1.0

Completed Issues

Access to the X-Road Backlog and issue details requires signing up for an account. Sign up now and get access to the backlog and issue details immediately.

Issue ID	Type	Summary
XRDDEV-120	New	Create Proof of Concept (PoC) level implementation of REST support. Basic REST message exchange between Security Servers without validations, checks, logging etc.
XRDDEV-149	New	Create version number update tool for developers that can be used to update X-Road version number in all related files and locations.
XRDDEV-155	New	Further define issues discovered in REST PoC implementation. More detailed planning of REST support implementation.
XRDDEV-225	New	Add configuration option that allows auto-accepting authentication certificate registration requests on Central Server. When enabled, the feature is applied only if the member owning the Security Server is registered on the Central Server already. By default, auto-accepting is disabled and it can be enabled adding the below configuration in "/etc/xroad/conf.d/local.ini" on Central Server: [center] auto-approve-auth-cert-reg-requests=true
XRDDEV-226	New	Add configuration option that allows auto-accepting Security Server client registration requests on Central Server. Security Server client registration request is automatically accepted on the Central Server when the following conditions are met: Automatic approval of Security Server client registration requests is enabled on the Central Server. Client registration request has been signed by the member owning the subsystem to be registered as a Security Server client. Signature and certificate have passed verification. Member owning the subsystem is registered on Central Server. If any of the conditions above is false, manual approval is required. Older versions of Security Server do not include the signature of the client owner in the registration request and therefore, manual approval is always required. By default, auto-accepting is disabled and it can be enabled adding the below configuration in "/etc/xroad/conf.d/local.ini" on Central Server: [center] auto-approve-client-reg-requests=true
XRDDEV-230	Improvement	Add a unique message id generated by consumer Security Server to every request-response message pair, so that it is be possible to distinguish messages in message log and operational monitoring database. Security Server versions prior to version 6.21.0 ignore the additional message id.
XRDDEV-245	New	Implement Docker support for Security Server. Create Security Server Dockerfile and Docker image. The Docker image is available on Docker Hub. N.B.! Security Server Docker image is for test and development purposes only. It is not recommended to use it in production environments.
XRDDEV-258	Fix	Update JRuby dependency from version 9.1.13 to 9.1.17.
XRDDEV-263	New	Add REST services to the Security Server data model. Update Security Server configuration database schema and code base to support REST services in addition to SOAP services.
XRDDEV-264	New	Add support for transferring REST messages of arbitrary size. Large REST messages can be transferred through X-Road with equal or better scalability and performance compared to SOAP with attachments.
XRDDEV-284	New	Add support for configuring REST services in the Security Server admin UI. REST services can be added, modified, removed and configured using the admin UI just like SOAP services.
XRDDEV-285	New	Implement logging of REST messages to message log database. Logging of message payload is enabled/disabled using new "message-body-logging" parameter - it is used to enable/disable the logging of both SOAP and REST message payloads. Removal of message body is usually done for confidentiality reasons (body contains data that should not be stored in the logs, e.g. personal data). A new system parameter "max-loggable-body-size" defines maximum loggable REST message body size (default value: 10 MB). If the REST message body exceeds the maximum loggable body size, the body is truncated in the log if "truncated-body-allowed" system parameter is true, and the message is rejected if "truncated-body-allowed" system parameter is false (default value: false). The message body is stored in the database as a large binary object which maximum size is 1 GB. N.B.! Use of "soap-body-logging" system parameter is deprecated, use "message-body-logging" parameter from now on. "soap-body-logging" parameter still works in v6.21.0 and its value is used to enable/disable the logging of both SOAP and REST message payloads. However, the "soap-body-logging" system parameter will be removed in future versions.
XRDDEV-314	New	Extend message log database structure to support logging of REST messages.
XRDDEV-328	New	Implement archiving of REST messages from message log database to ASiC containers. REST message records are archived from message log database to disk according to the message log archival schedule. Archived message log records are removed from the message log database according to the removal schedule.
XRDDEV-337	Fix	Fix scaling issues of X-Road logo on Security Server and Central Server UIs.
XRDDEV-341	Fix	Update Hibernate dependency from version 4.3.11 to 5.1.17.
XRDDEV-352	New	Add support for downloading REST message records via Security Server's signed document download web service interface.
XRDDEV-353	New	Add support for verifying ASiC containers containing REST messages. It is possible to verify the signature of ASiC containers containing REST message records using the asicverifier tool. It is possible to export REST messages from ASiC container using the asicverifier tool. Exporting messages is possible regardless of the result of the verification.
XRDDEV-358	New	Add recording REST messages to operational monitoring. REST messages are recorded by operational monitoring and the data is stored in the operational monitoring database. Operational monitoring collects the same information from REST messages that is collected from SOAP messages.
XRDDEV-361	Fix	Fix a problem in Security Server's resource usage.
XRDDEV-375	New	Add support for Security Server protocol extension in REST messages. Security Server REST implementation supports "X-Road-Security-Server" HTTP header that can be used for sending a request to a specific Security Server.
XRDDEV-380	Fix	Fix missing "getSecurityServerMetrics" request message in message log. Before the fix, "getSecurityServerMetrics" request message was not recorded in the message log database.
XRDDEV-398	New	Add X-Road Message Protocol for REST on GitHub as a Markdown document. X-Road Message Protocol for REST is used between information systems and X-Road Security Servers to consume and produce REST services.
XRDDEV-400	Improvement	Return a descriptive error message when getWsdl metaservice is invoked for a REST service.
XRDDEV-412	Improvement	Prevent SOAP service calls from REST interface and REST service calls from SOAP interface. X-Road does not provide automatic message/protocol conversions between SOAP and REST services. Therefore, services must be consumed using their native implementations – SOAP or REST.
XRDDEV-418	Fix	Validate REST implementation against X-Road Message Protocol for REST, and align REST implementation with the specification.
XRDDEV-419	New	Include the unique message id implemented in task XRDDEV-230 in the REST message signature and HTTP request headers. The unique message id is included in REST request and response messages in the "X-Road-Request-Id" HTTP header.
XRDDEV-423	Fix	Fix error in running operational monitor database migrations on upgrade/reinstall on RHEL7.
XRDDEV-426	Fix	Fix performance regression and native memory leak in message log database archiving.
XRDDEV-432	Fix	Prevent adding new REST services using a service code that already exists under the same subsystem. REST service codes must be unique within a subsystem. The same service code can be used under different subsystems.
XRDDEV-439	Fix	Fix error in message log cleaning when there are more than ~50k messages to clean. Instead of deleting records from message log in a single query, records are deleted in batches (default: 10 000 records per batch). In addition, cleaning of message log is done 4 times a day (2 times a day in versions < 6.21.0) and cleaning does not overlap with archiving.
XRDDEV-443	Fix	Fix error in updating REST service code. Before the fix updating the service code field of a REST service removed all the access rights from the service.

Issue types: fix (bug fix or technical debt), improvement (improvement to an existing feature), new (a new feature).

New/Updated Dependencies

Dependency	Old Version	New Version	Notes
Apache HttpComponents HttpAsyncClient	4.1.1	4.1.4
Apache HttpComponents HttpClient	4.5.2	4.5.6
Hibernate	4.3.11	5.1.17	Release notes Security fixes: CVE-2018-1000632
Jetty	9.4.6.v20170531	9.4.14.v20181114	Release notes
JRuby	9.1.13	9.1.17	Release notes
PostgreSQL JDBC driver	42.2.1	42.2.5	Release notes Security fixes: CVE-2018-10936

Other Notes

Package Repositories

Repository

URL

Bionic

deb https://artifactory.niis.org/xroad-release-deb bionic-<version> main

Trusty

deb https://artifactory.niis.org/xroad-release-deb trusty-<version> main

RPM

https://artifactory.niis.org/xroad-release-rpm/rhel/7/<version>

Repository signing key can be downloaded from: https://artifactory.niis.org/api/gpg/key/public

Ubuntu Bionic

Package	SHA256 checksum
xroad-addon-hwtokens_6.21.0-1.ubuntu18.04_all.deb	93070dfcaadeb024a1f85cb10d82a5399bd605427b8ba2ccda48b18ecdcc1fc7
xroad-addon-messagelog_6.21.0-1.ubuntu18.04_all.deb	6464ae22628dbafca933a93dfefdce44ece9e80485e52221cac69633ca422889
xroad-addon-metaservices_6.21.0-1.ubuntu18.04_all.deb	8ddbf43702e6c92c53e268a3187cbcf6c25edd37f1c94e592cc072b541bd8b18
xroad-addon-opmonitoring_6.21.0-1.ubuntu18.04_all.deb	b208e104f64f688ab4295891debe64f754e09821fea150ea8851576e11092811
xroad-addon-proxymonitor_6.21.0-1.ubuntu18.04_all.deb	66fb1d0a5be320f094d6a724007bfc0ba69bf5b625e9d3f6a123825689e6c7da
xroad-autologin_6.21.0-1.ubuntu18.04_all.deb	93a4197000e37771b70b292f19765e1a88f8f7e00ac58a4d41f4a496d08f500c
xroad-addon-wsdlvalidator_6.21.0-1.ubuntu18.04_all.deb	503c91159ec8cf812d95b118c89535b0fe74e14f042ebdd016a206fc94954cb3
xroad-base_6.21.0-1.ubuntu18.04_amd64.deb	f7d33a8cfd700460ae5a271df223cd040b8943b9593973b078b24311b079c58e
xroad-center-clusterhelper_6.21.0-1.ubuntu18.04_all.deb	26386990663e017168154b6ba250ad38c8e576121af6e601cdf2bf79c3f9f3e5
xroad-center_6.21.0-1.ubuntu18.04_all.deb	6d04aa466f9f78849fa01b26f5f001e893d5c2330f5c9c19e1913b2e36cc12ac
xroad-centralserver-monitoring_6.21.0-1.ubuntu18.04_all.deb	c0f026afa1fbc2cefdccf57fbaf481bcd26e8dac39945dba2f11c12e0030787c
xroad-centralserver_6.21.0-1.ubuntu18.04_all.deb	88fcabae451ecb2bbeeb9f2e9e31665485600586ec15b8b8e71e9947298bd0c4
xroad-confclient_6.21.0-1.ubuntu18.04_amd64.deb	a26b39f94a8821eeb9cf98315060a3d072874e1d4f340eec0cbc8ffab4e31a91
xroad-confproxy_6.21.0-1.ubuntu18.04_all.deb	a8d854c41d9ecbbf1a12ba896b235e95de88dd630d2f60d10565023dc471cead
xroad-jetty9_6.21.0-1.ubuntu18.04_all.deb	9e8ea6d11e5c4e8988776fe55a87d61a781a92634cd4e560ac9e477399c88ebd
xroad-monitor_6.21.0-1.ubuntu18.04_all.deb	f1bce08b1fc2387bd78b2f91472f136dbd462e47f7719596ae6412abf1653153
xroad-nginx_6.21.0-1.ubuntu18.04_amd64.deb	7e13e039fc06c0c96bb8347ead9934e51c52d155c42e060590d4d12c7b87f856
xroad-opmonitor_6.21.0-1.ubuntu18.04_all.deb	76a7809a1e20e59ab60a80ca619650057ae5faacfc1baced509119a62c13a95a
xroad-proxy_6.21.0-1.ubuntu18.04_all.deb	2cd36de14991b813a0ae1bd210f5d49dc090f49be938a2e28389350a47f929a9
xroad-securityserver-ee_6.21.0-1.ubuntu18.04_all.deb	df8c58444021ba47c69d86e0ebd0a5d038a93d100e050f1371bbc3254f689057
xroad-securityserver-fi_6.21.0-1.ubuntu18.04_all.deb	2c1d89ebabe2dff9e038586187e20bda6df5061dc9b7d1e6e5cb04eb5fd9c6ec
xroad-securityserver_6.21.0-1.ubuntu18.04_all.deb	713a07de89150842ed32671f157b11b37b40c36fb7737783b68317308d109e1d
xroad-signer_6.21.0-1.ubuntu18.04_amd64.deb	23b95fd7f604723f4a6105db92fb011c865e6cd45376663ed079963583af7628

Ubuntu Trusty

Package	SHA256 checksum
xroad-addon-hwtokens_6.21.0-1.ubuntu14.04_all.deb	d5f791c59e5d5b00b4bf581861c50799713f309e743bb82978c69d9deae9f0d1
xroad-addon-messagelog_6.21.0-1.ubuntu14.04_all.deb	707877c068a37ccf97a37a42b144e26438f7f10ba3f2eab755446e322f522151
xroad-addon-metaservices_6.21.0-1.ubuntu14.04_all.deb	359aec24a5d779af3ea1bda297006691055d6c230d07b3f5139c9b200e79daa6
xroad-addon-opmonitoring_6.21.0-1.ubuntu14.04_all.deb	bd99d410477d714f277fdaa6e043fbc6dbe3540b09f559fd31ca7f931f240e29
xroad-addon-proxymonitor_6.21.0-1.ubuntu14.04_all.deb	638d47282de6ae87d8f998cb6feba89275b17394fbc1343ff8672efc1ed8fd2e
xroad-addon-wsdlvalidator_6.21.0-1.ubuntu14.04_all.deb	5aeb0aca5d3615eaa9f2971c639b170df6ee3b7074a91a22cf599c4e390edaaf
xroad-autologin_6.21.0-1.ubuntu14.04_all.deb	59b0adac40abaef1e1b5b2fbe6a439e7812e8f608cf2c8a551cd914948087b54
xroad-base_6.21.0-1.ubuntu14.04_amd64.deb	5facd9f2c698a53c13f55402e6f9b41f0bcfdfd2bbe5fbd8408a354cccfa38df
xroad-center-clusterhelper_6.21.0-1.ubuntu14.04_all.deb	b06d866022607c70082245b4a24aa29c6aee565a1566383ace9d5ab3d82d4f04
xroad-center_6.21.0-1.ubuntu14.04_all.deb	5595563b1783916b4af913f4ce8287640bfc80e7cb722ab2241f0d2bf843d4fb
xroad-centralserver-monitoring_6.21.0-1.ubuntu14.04_all.deb	d5f5433a4e4161fc54636f708b72d46c470cf14c0ca242823e8b524e45ea684d
xroad-centralserver_6.21.0-1.ubuntu14.04_all.deb	f807bf295b6421298f039b2ecaab7b7c94522cdba74bcd4c6671f2af6e3877fa
xroad-confclient_6.21.0-1.ubuntu14.04_amd64.deb	e905cb1337009beab09132d98faa751a9092614e8f88c8ba36e82c57abf4dd09
xroad-confproxy_6.21.0-1.ubuntu14.04_all.deb	181b3064f1658f8f693a0dfc3be4ec1ee33e8721fe57504c1029f0f28521d46d
xroad-jetty9_6.21.0-1.ubuntu14.04_all.deb	0679ebb28ad7ed83336ce76b17ee479fbd9b521ca5e0c94debf9832398d0f4cd
xroad-monitor_6.21.0-1.ubuntu14.04_all.deb	d1f717a951991f29eba64f1c4148dee7881da1618970fdd297f0674bb15f7c2a
xroad-nginx_6.21.0-1.ubuntu14.04_amd64.deb	db8cc5ff1e62d711afef24bea9c09d9053b0087e95460aa8892170edc577a755
xroad-opmonitor_6.21.0-1.ubuntu14.04_all.deb	ffe270d6794eba9c441c64b87a191b521ff475c024c20e079962caee29e9f933
xroad-proxy_6.21.0-1.ubuntu14.04_all.deb	f4002b9ee5e28cfeae43e715cd688141079c3417aae9b00d58b7f73c4da03371
xroad-securityserver-ee_6.21.0-1.ubuntu14.04_all.deb	4f0652513f23591880d2c06fae6cd9937dcac7a3785eda8da2b197410dfe6960
xroad-securityserver_6.21.0-1.ubuntu14.04_all.deb	eed44d5d0e159cdc1b64355874ec3068b9a749a114b7ab883de5f71fda6b6342
xroad-securityserver-fi_6.21.0-1.ubuntu14.04_all.deb	80cbca8130beeed11b5c13b423f402a6fefec2098a22289898ed641b200a4449
xroad-signer_6.21.0-1.ubuntu14.04_amd64.deb	f93866d8a44fd1ac9a5d756a6aea64824580bfa179d7a118c8ec904caecdaf4e

RHEL 7

Package	SHA256 checksum
xroad-addon-messagelog-6.21.0-1.el7.x86_64.rpm	64909d8b1a1fb26101128ef5323a11550a80c9f49e650206de47733828f28ef0
xroad-addon-metaservices-6.21.0-1.el7.x86_64.rpm	ca5cabd82877afe1a0ad0c9e2db2120b18e15afef6b5048be5d964d8db8baf4e
xroad-addon-opmonitoring-6.21.0-1.el7.x86_64.rpm	37ae7eba02cb868bb978c07957e15d10d0d611619ae500f35ba377b78dd215d0
xroad-addon-proxymonitor-6.21.0-1.el7.x86_64.rpm	bf095245dbce5af6e49779f765560b9a84cb7a84bae8534a2c926a32817d76ae
xroad-addon-wsdlvalidator-6.21.0-1.el7.x86_64.rpm	016e7a8cf5248f679396ebfbcc93f83acf6d40810b0e8c8d68abc6d7af4c753d
xroad-autologin-6.21.0-1.el7.noarch.rpm	3b532c014adc671b138ba30d683b7806366a82d9ff32de5a8efcb0abf4bf7f99
xroad-base-6.21.0-1.el7.x86_64.rpm	bf90399c0a59516444cd5263e3159e8eac0ab1b14166b1515dfdb1908357cadb
xroad-common-6.21.0-1.el7.x86_64.rpm	36918875e4566042baa3c7c72e5ff4fa5c34cf8bf5a6db48970dc317495989e5
xroad-confclient-6.21.0-1.el7.x86_64.rpm	c478f9b757eb3f8ce91679fd21fb7dda4a3017652d25d90fbd9bf3e5764ca794
xroad-jetty9-6.21.0-1.el7.x86_64.rpm	0cc9fe25be9969ce14db5772748c68fcdab5d23efd19ccfaf01e59d414959813
xroad-monitor-6.21.0-1.el7.x86_64.rpm	f8b1278cc47fe4fb00939aac0484ac5e899f187aeacb921a685ff7f9636a5d6c
xroad-nginx-6.21.0-1.el7.x86_64.rpm	7f58ff98edcfc9067e8486eaaad2e77f66ee51220fe06b76459676a69cbe7e36
xroad-opmonitor-6.21.0-1.el7.x86_64.rpm	800c3ddca0473e51d75c79dc4b0a8ae5567260c2398ad7704f7177e3cccbbe44
xroad-proxy-6.21.0-1.el7.x86_64.rpm	aba294d614931dfb643b2ff89892e7df986e40ae524a6cf24d70cb8fa27a76a4
xroad-securityserver-6.21.0-1.el7.noarch.rpm	9025ab8c125a45b8d579ea3ec8a10b960bcdd8e1fbda35778520e85e32006e86
xroad-securityserver-fi-6.21.0-1.el7.noarch.rpm	3129fa06b04133346f885e213922aedbc627adeb91e170b08f8bb49c6aa30919
xroad-signer-6.21.0-1.el7.x86_64.rpm	414af45b339d6a34e96541209704caca0f3347a541210d9eeda3b5c5b9c5987ae