- 18 Nov 2024
- 2 Minutes à lire
- SombreLumière
- PDF
Version 5.10 (Upcoming 2025)
- Mis à jour le 18 Nov 2024
- 2 Minutes à lire
- SombreLumière
- PDF
New features and enhancements
AES encryption of sensitive configuration data
DIGIPASS Gateway stores its configuration in a Java properties file. Sensitive configuration data, such as the push notification proxy password, the API keys, the PKCS#12 certificate password, and the Java keystore password, is encrypted.
To improve security, the encryption algorithm has been changed, sensitive configuration data is now encrypted using AES-256 by default. If you upgrade an existing deployment, the sensitive configuration values stored with the old encryption are retained and can still be read. If you change the values after the upgrade, the new values will automatically be encrypted using AES-256.
We recommend that you update the values of all sensitive configuration settings to switch to the new encryption algorithm.
Upgrade path
DIGIPASS Gateway supports direct upgrades from version 5.9 to version 5.10 on the supported operating systems.
Supported platforms, database management systems, and other third-party products
Operating systems
- ###
ODBC databases
- ###
Web browsers
- ###
Web servers
DIGIPASS Gateway can now be run on these web application servers (based on the respective JRE):
Apache Tomcat 9.0–9.0.90 (included)
This version of Apache Tomcat fixes a couple of critical security vulnerabilities, including CVE-2024-34750.
- Oracle Server JRE 11
- Azul Zulu 11 (included)
Software libraries
The software library lists are not exhaustive, but include the most notable and critical updates only. For a complete overview, refer to the third-party dependency files included with the installed product.
This version now includes the following (updated) third-party libraries:
Glassfish Jersey 2.45
Fixes: CWE-776.
Spring Security Web 5.8.14
Fixes: CVE-2024-38809 and CVE-2024-38808
Fixes and other updates
Issue ### (Support case PS‑###): ### (###)
Description: ###
Affects: ### ###–###
Status: {{snippet.Global_RNIssueStatusFixed}}
Deprecated components and features
###
###
Known issues
Issue OAS-7063 (Support case CS0049841): FQDN cannot start with number
Description: DIGIPASS Gateway cannot be installed if the fully qualified domain name (FQDN) of the server starts with a number, e.g. 001234-MYHOST. In that case, the setup will issue an error when it attempts to generate a self-signed certificate for the Apache Tomcat web server.
Status: No fix available. To circumvent this issue ensure that the FQDN meets the naming requirements before you install DIGIPASS Gateway.
Issue OAS-4908 (Support case CS0024103): Certificate must contain IP address when using FQDN
Description: If you use the FQDN to connect to the OneSpan Authentication Server instance, the respective server certificate for SOAP connections must specify the IP address of the OneSpan Authentication Server instance either as common name (CN) or the subject alternative name (SAN).
Otherwise, this can cause a "No subject alternative name matching IP address" error message during the setup, indicating that DIGIPASS Gateway verifies the SAN in the OneSpan Authentication Server certificate but does not find any matching IP address.
Status: No fix available. The OneSpan Authentication Server IP address must be set either as common name (CN) or the subject alternative name (SAN) in the certificate.
For more information, see KB0014260.
SSL certificate selection from network repository
Description: With the current version of the DIGIPASS Gateway installer, it is not possible to select the OneSpan Authentication Server SOAP certificate if it is located on a network drive.
Status: No fix available. To circumvent this issue the certificate must first be copied locally before being selected when installing DIGIPASS Gateway.