Version 5.10 (Upcoming 2025)
  • 18 Nov 2024
  • 2 Minutes à lire
  • Sombre
    Lumière
  • PDF

Version 5.10 (Upcoming 2025)

  • Sombre
    Lumière
  • PDF

The content is currently unavailable in French. You are viewing the default English version.
Résumé de l’article

New features and enhancements

AES encryption of sensitive configuration data

DIGIPASS Gateway stores its configuration in a Java properties file. Sensitive configuration data, such as the push notification proxy password, the API keys, the PKCS#12 certificate password, and the Java keystore password, is encrypted.

To improve security, the encryption algorithm has been changed, sensitive configuration data is now encrypted using AES-256 by default. If you upgrade an existing deployment, the sensitive configuration values stored with the old encryption are retained and can still be read. If you change the values after the upgrade, the new values will automatically be encrypted using AES-256.

We recommend that you update the values of all sensitive configuration settings to switch to the new encryption algorithm.

Upgrade path

DIGIPASS Gateway supports direct upgrades from version 5.9 to version 5.10 on the supported operating systems.

Supported platforms, database management systems, and other third-party products

Operating systems

  • ###

ODBC databases

  • ###

Web browsers

  • ###

Web servers

DIGIPASS Gateway can now be run on these web application servers (based on the respective JRE):

  • Apache Tomcat 9.0–9.0.90 (included)

    This version of Apache Tomcat fixes a couple of critical security vulnerabilities, including CVE-2024-34750.

    • Oracle Server JRE 11
    • Azul Zulu 11 (included)

Software libraries

The software library lists are not exhaustive, but include the most notable and critical updates only. For a complete overview, refer to the third-party dependency files included with the installed product.

This version now includes the following (updated) third-party libraries:

Fixes and other updates

Issue ### (Support case PS‑###): ### (###)

Description: ###

Affects: ### ###–###

Status: {{snippet.Global_RNIssueStatusFixed}}

Deprecated components and features

###

###

Known issues

Issue OAS-7063 (Support case CS0049841): FQDN cannot start with number

Description: DIGIPASS Gateway cannot be installed if the fully qualified domain name (FQDN) of the server starts with a number, e.g. 001234-MYHOST. In that case, the setup will issue an error when it attempts to generate a self-signed certificate for the Apache Tomcat web server.

Status: No fix available. To circumvent this issue ensure that the FQDN meets the naming requirements before you install DIGIPASS Gateway.

Issue OAS-4908 (Support case CS0024103): Certificate must contain IP address when using FQDN

Description: If you use the FQDN to connect to the OneSpan Authentication Server instance, the respective server certificate for SOAP connections must specify the IP address of the OneSpan Authentication Server instance either as common name (CN) or the subject alternative name (SAN).

Otherwise, this can cause a "No subject alternative name matching IP address" error message during the setup, indicating that DIGIPASS Gateway verifies the SAN in the OneSpan Authentication Server certificate but does not find any matching IP address.

Status: No fix available. The OneSpan Authentication Server IP address must be set either as common name (CN) or the subject alternative name (SAN) in the certificate.

For more information, see KB0014260.

SSL certificate selection from network repository

Description: With the current version of the DIGIPASS Gateway installer, it is not possible to select the OneSpan Authentication Server SOAP certificate if it is located on a network drive.

Status: No fix available. To circumvent this issue the certificate must first be copied locally before being selected when installing DIGIPASS Gateway.


Cet article vous a-t-il été utile ?

Changing your password will log you out immediately. Use the new password to log back in.
First name must have atleast 2 characters. Numbers and special characters are not allowed.
Last name must have atleast 1 characters. Numbers and special characters are not allowed.
Enter a valid email
Enter a valid password
Your profile has been successfully updated.
ESC

Ozzy, facilitant la découverte de connaissances grâce à l’intelligence conversationnelle