Login
    Contents x
    Version 5.7 (July 2023)
    • 27 Sep 2024
    • 1 Minute to read
    • Dark
      Light
    • PDF
    Contents

    Version 5.7 (July 2023)

    • Updated on 27 Sep 2024
    • 1 Minute to read
    • Dark
      Light
    • PDF
    Article summary

    DIGIPASS Gateway 5.7 (July 2023)

    New features and enhancements

    Upgrade path

    DIGIPASS Gateway supports direct upgrades from version 5.1 or 5.6 to version 5.7 on the supported operating systems.

    Supported platforms, data management systems, and other third-party products

    Web servers

    • Apache Tomcat 9.0.73 (included)

      • Azul Zulu 11 (included)

    Fixes and other updates

    Issue OAS-14148 (Support case CS0095435): Correlation ID not included in trace messages

    Description: Beginning with version 3.21, OneSpan Authentication Server forwards the correlation ID to the Message Delivery Component (MDC) service when a push notification is requested. MDC forwards the correlation ID to the OneSpan Notification Gateway.

    In an on-prem-only deployment, where MDC forwards the request to the on-premises DIGIPASS Gateway instance, the correlation ID is received by DIGIPASS Gateway, but not processed or included in the trace file. This makes it difficult to troubleshoot issues in the push notification workflow.

    Affects: DIGIPASS Gateway 5.4–5.6

    Status: This issue has been fixed. DIGIPASS Gateway now provides a servlet filter (LogCorrelationIdFilter) to retrieve the correlation ID from a request and write it to the trace log file. By default, the filter is disabled and must be enabled via the deployment descriptor file (web.xml).

    Issue OAS-9592 (Support case CS0067508): Sensitive data in the property file is stored in plain text

    Description: DIGIPASS Gateway uses a Java property file to store configuration settings, including sensitive data, such as passwords to access proxy servers and API keys used for HTTP authentication. The values in the property file are stored in plain text.

    Furthermore, the password and user name for proxy servers are incorrectly stored using the inverted property names, i.e. the user name is stored in the password property and vice versa.

    Affects: DIGIPASS Gateway 5.0–5.6

    Status: This issue has been fixed. The value of sensitive properties are now encrypted using a static software-level key by default. The property names are now used correctly. The OneSpan Web Configuration Tool that is used to maintain these property files only indicates whether those properties are set without displaying the actual values.

    Since the default value encryption provides only basic protection, we recommend that you additionally restrict file access to the property file.

    Deprecated components and features, architectural changes

    Supported platforms and other third-party products

    DIGIPASS Gateway no longer supports the following products:

    Web servers

    • IBM WebSphere 9.0

    • IBM WebSphere 8.5.5

    Was this article helpful?
    What's Next
    Change password!
    Changing your password will log you out immediately. Use the new password to log back in.
    Change profile
    Success!
    First name must have atleast 2 characters. Numbers and special characters are not allowed.
    Last name must have atleast 1 characters. Numbers and special characters are not allowed.
    Enter a valid email
    Enter a valid password
    Your profile has been successfully updated.
    Logout
    ESC

    Ozzy, our interactive help assistant