Current release

Version 7.5.1

Summary of changes included in version 7.5.1:

  • Fix various issues related to database configuration, the Security Server Sidecar Docker image, ACME support and WSDL validation.

  • Fix an issue in the data exchange, which caused hash chain verification errors in certain cases.

Version 7.5.1 release notes.

Next releases

Version 7.6.0

Summary of changes included in version 7.6.0:

  • Support for automatic renewal of authentication and sign certificates issued through ACME on the Security Server.

  • Support for sending e-mail notifications to Security Server administrators on automatic certificate renewals and failures.

  • Support for Elliptic Curve Cryptography (ECC) in data exchange and global configuration distribution.

  • Support for getting operational metrics on a REST service endpoint level, not just on a service level.

  • Add support for multiple languages in the Central Server and Security Server UIs.

  • Introduce improvements to various Security Server application logging outputs.

  • Remove support for Ubuntu 20.04 LTS and Red Hat Enterprise Linux (RHEL) 7 operating systems.

  • Minor enhancements and bug fixes based on user feedback.

Version 7.7.0

Summary of changes included in version 7.7.0:

  • Support for removing HSM tokens using the Security Server UI and REST management API.

  • Streamline customising the Security Server configuration during the installation.

  • Support for defining a full name for subsystems.

  • Support for automatically activating authentication and sign certificate on the Security Server when they have been automatically renewed using ACME.

  • Support for disabling all subsystems of a Security Server together and putting a Security Server in a maintenance mode.

  • Support for automatically adjusting the memory allocation of the proxy component during Security Server initialization.

  • Visualize subsystem and service usage metrics in the Security Server UI.

  • Minor enhancements and bug fixes based on user feedback.

Version 7.8.0

Summary of changes included in version 7.8.0:

  • Support for synchronising service access permissions between non-clustered Security Servers.

  • Support for selecting between free and paid OCSP and timestamping services on the Security Server.

  • Support for automatically picking up the supported Certificate Signing Request (CSR) format (pem / der) for the selected CA when generating a CSR for authentication or sign certificate on the Security Server.

  • Support for sending e-mail notifications about technical issues on the Security Server.

  • Support for versioning the Central Server and Security Server backup files to prevent restoring an incompatible backup file.

  • Make the Security Server health check interface more reliable.

  • Minor enhancements and bug fixes based on user feedback.

Previous releases

Version 7.5.0

Summary of changes included in version 7.5.0:

  • Support for automated certificate management on the Security Server through ACME.

  • Support for adding / removing Central Server cluster nodes without having to distribute a new version of the configuration anchor.

  • Support for Ubuntu 24.04 LTS.

    • Central Server, Security Server and Configuration Proxy can be migrated from Ubuntu 22.04 LTS to the latest Ubuntu 24.04 LTS version.

    • Ubuntu 24.04 LTS support includes installation packages, and instructions for fresh install and migration from Ubuntu 22.04 LTS.

  • Support for Red Hat Enterprise Linux 9 (RHEL9).

    • Security Server can be migrated from RHEL8 to the latest RHEL9 version.

    • RHEL9 support includes installation packages, and instructions for fresh install and migration from RHEL8.

  • Minor enhancements and bug fixes based on user feedback.

Version 7.5.0 release notes.

Version 7.4.2

Summary of changes included in version 7.4.2:

  • This release contains various fixes for the Central Server and Security Server related to the signer module fault tolerance and global configuration generation.

Version 7.4.2 release notes.

Version 7.4.1

Summary of changes included in version 7.4.1:

  • This release contains various fixes for the Central Server, Security Server and Configuration Proxy.

Version 7.4.1 release notes.

Version 7.4.0

Summary of changes included in version 7.4.0:

  • Support for distributing global configuration over HTTPS.

  • Support for rotating global configuration sign keys on the Central Server without having to distribute a new version of the configuration anchor.

  • Support for changing the Security Server address in the Security Server web interface.

  • Make it possible to disable a subsystem temporarily on the Security Server.

  • Support for mapping LDAP groups to X-Road roles so that the Central Server and Security Server web interface users can be centrally managed via LDAP.

  • Configurable minimum supported communication partner Security Server version.

  • Support for enforcing new key creation when generating a certificate sign request (CSR) for authentication and signing keys on the Security Server.

  • Support for managing the registration and management service TLS key and certificate using the Central Server UI and management REST API.

  • Replace Akka with gRPC for inter-process communication between Security Server and Central Server components.

  • Replace the SHA-1 hashing algorithm with SHA-256.

  • Minimum supported JAVA version bumped to version 17.

  • Minimum supported PostgreSQL version bumped to version 12.

  • Minor enhancements and bug fixes based on user feedback.

Version 7.4.0 release notes.

Version 7.3.2

Summary of changes included in version 7.3.2:

  • Fix an issue that caused the Security Server to create excess backups with the default automatic backup configuration.

  • Add a workaround for a JDK 11 issue on RHEL based Security Servers.

  • Revert an unintended change to the operational monitoring database data on the Security Server.

  • Multiple smaller fixes to the Central Server global groups views.

Version 7.3.2 release notes.

Version 7.3.1

Summary of changes included in version 7.3.1:

  • Fix an issue that caused X-Road components not starting after version upgrade to version 7.3.0.

Version 7.3.1 release notes.

Version 7.3.0

Summary of changes included in version 7.3.0:

  • New user interface provides improved user experience (UX) for Central Server administrators.

  • Common maintenance and configuration tasks can be automated using the Central Server administrator API.

Version 7.3.0 release notes.

Version 7.2.2

Summary of changes included in version 7.2.2:

  • Fix issue with database migrations failing to run on RHEL 7/8.

Version 7.2.2 release notes.

Version 7.1.3

Summary of changes included in version 7.1.3:

  • Fix issue with database migrations failing to run on RHEL 7/8.

Version 7.1.3 release notes.

Version 7.2.1

Summary of changes included in version 7.2.1:

  • Update the Security Server to always use the ocspFreshnessSeconds value of its own instance.

  • Fix an issue with the Security Server dependencies not including GPG.

  • Security updates to dependencies.

Version 7.2.1 release notes.

Version 7.1.2

Summary of changes included in version 7.1.2:

  • Update the Security Server to always use the ocspFreshnessSeconds value of its own instance.

  • Fix an issue with the Security Server dependencies not including GPG.

  • Security updates to dependencies.

Version 7.1.2 release notes.

Version 7.2.0

Summary of changes included in version 7.2.0:

  • Support for Ubuntu 22.04 LTS.

    • Central Server, Security Server and Configuration Proxy can be migrated from Ubuntu 20.04 LTS to the latest Ubuntu 22.04 LTS version.

    • Ubuntu 22.04 LTS support includes installation packages, and instructions for fresh install and migration from Ubuntu 20.

  • Remove support for Ubuntu 18.04 LTS.

    • Ubuntu 18.04 versions of previous releases (v7.0, v7.1) are supported until the end of the release's official support period.

  • Experimental support for ARM64 processor architecture.

    • Publish a snapshot version of X-Road ARM64 packages that can be used for testing purposes.

  • Support for transferring data to object storages, e.g., AWS S3.

  • Minor enhancements and bug fixes based on user feedback.

Version 7.2.0 release notes.

Version 7.1.1

Summary of changes included in version 7.1.1:

  • Fix problems with database migrations during a fresh Security Server install on RHEL8.

  • Update 3rd party dependencies with known vulnerabilities.

Version 7.1.1 release notes.

Version 7.0.4

Summary of changes included in version 7.0.4:

  • Fix problems with database migrations during a fresh Security Server install on RHEL8.

  • Update 3rd party dependencies with known vulnerabilities.

Version 7.0.4 release notes.

Migration guide from X-Road 6 to X-Road 7.

Version 7.1.0

Summary of changes included in version 7.1.0:

  • Show statuses of different encryption configuration options in the Security Server UI.

  • Make the Security Server UI more modular so that elements that are not needed are inactive.

  • Minor enhancements and bug fixes based on user feedback.

Version 7.1.0 release notes.

Migration guide from X-Road 6 to X-Road 7.

Version 6.26.3

Summary of changes included in version 6.26.3:

  • This patch release fixes problems with database migrations during a fresh Security Server install on RHEL8.

Version 6.26.3 release notes.

Version 7.0.3

Summary of changes included in version 7.0.3:

  • This patch release includes a security fix for 3rd party dependencies.

Version 7.0.3 release notes.

Migration guide from X-Road 6 to X-Road 7.

Version 7.0.2

Summary of changes included in version 7.0.2:

  • This patch release includes fixes to application-level bugs.

Version 7.0.2 release notes.

Version 6.26.2

Summary of changes included in version 6.26.2:

  • This patch release includes a security fix for 3rd party dependencies.

Version 6.26.2 release notes.

Version 6.25.2

Summary of changes included in version 6.25.2:

  • This patch release includes a security fix for 3rd party dependencies.

Version 6.25.2 release notes.

Version 7.0.1

Summary of changes included in version 7.0.1:

  • This patch release includes a security fix for 3rd party dependencies.

Version 7.0.1 release notes.

Version 6.26.1

Summary of changes included in version 6.26.1:

  • This patch release includes a security fix for 3rd party dependencies.

Version 6.26.1 release notes.

Version 6.25.1

Summary of changes included in version 6.25.1:

  • This patch release includes a security fix for 3rd party dependencies.

Version 6.25.1 release notes.

Version 7.0.0

Summary of changes included in version 7.0.0:

  • The Security Server UI has a new visual style which implements the X-Road 7 visual style guide.

  • Security improvements:

    • Support for encrypting backup files.

    • Verify integrity of backup files before they can be restored.

    • Remove executable files from backups.

  • Enhancements to message logs:

    • Support for encrypted message payload in message log database.

    • Support for encrypting message log archive files.

    • Support for grouping message log archive files by subsystem.

    • Support for fully disabling message logging.

  • Add support for changing the soft token PIN code on the Security Server.

  • Return REST API type (OPENAPI3 / REST) and API endpoints in REST metaservice responses.

  • Run the Security Server on Java 11 by default.

  • Make Security Server more modular by enabling installation without a local Postgres server.

  • Show Java version information in the diagnostics view on the Security Server.

  • Production level Docker support for the Security Server.

  • Other enhancements and bug fixes.

Version 7.0.0 release notes.

Migration guide from X-Road 6 to X-Road 7.

Version 6.26.0

Summary of changes included in version 6.26.0:

  • Support for replacing OpenJDK8 with another Java 8 distribution on Ubuntu 18.04 LTS and Ubuntu 20.04 LTS.

  • Security improvements.

    • Write special characters to audit log in encoded format on Central Server and Security Server.

    • Add CSRF protection to Security Server's management API's "API keys" endpoint.

  • Minor enhancements and bug fixes based on user feedback.

Version 6.26.0 release notes.

Version 7.0.0-beta

Summary of changes included in version 7.0.0-beta.

  • Visually enhanced version of X-Road 6 which implements X-Road 7 visual style guide.

  • Provides the same features than X-Road 6.

This version is available only in Docker Hub as a Security Server Standalone image.

Version 6.25.0

Summary of changes included in version 6.25.0.

  • Support for Ubuntu 20.04 LTS.

    • Central Server, Security Server and Configuration Proxy can be migrated from Ubuntu 18.04 LTS to the latest Ubuntu 20.04 LTS version.

    • Ubuntu 20.04 LTS support includes installation packages, and instructions for fresh install and migration from Ubuntu 18.

  • Minor enhancements and bug fixes based on user feedback.

Version 6.25.0 release notes

Version 6.24.0

Summary of changes included in version 6.24.0.

  • New user interface provides improved user experience (UX) for Security Server administrators.

    • New intuitive user interface makes taking care of administrative tasks easier and supports streamlining the onboarding process of new X-Road members.

  • Common maintenance and configuration tasks can be automated using the administrator API.

    • Maintaining and operating multiple Security Servers can be done more efficiently as configuration and maintenance tasks require less manual work.

  • Support for Red Hat Enterprise Linux 8 (RHEL8)

    • Security Server can be migrated from RHEL7 to the latest RHEL8 version.

    • RHEL8 support includes installation packages, and instructions for fresh install and migration from RHEL7.

  • Technology updates and decreased technical debt.

  • Minor enhancements and bug fixes based on user feedback.

Version 6.24.0 release notes.

Version 6.23.0

Summary of changes included in version 6.23.0.

  • Solution agnostic high availability (HA) support for Central Server.

    • More flexibility and alternatives how Central Server high availability can be implemented – X-Road operators may choose the preferred solution.

    • The support includes configuration instructions for the most common alternatives.

    • Support does not include automated out-of-the-box setup of a highly available Central Server cluster.

Version 6.23.0 release notes.

Version 6.22.0

Summary of changes included in version 6.22.0.

  • Support for publishing REST services to X-Road using API descriptions and support for more fine-grained access rights managements of REST services.

    • Additional improvements based on user feedback received from version 6.21.0.

  • New user interface provides improved user experience (UX) for Central Server and Security Server administrators. (not implemented in v6.22.0)

    • New intuitive user interface makes taking care of administrative tasks easier and supports streamlining the onboarding process of new X-Road members. (not implemented in v6.22.0)

  • Common maintenance and configuration tasks can be automated using the administrator API. (not implemented in v6.22.0)

    • Maintaining and operating multiple Security Servers can be done more efficiently as configuration and maintenance tasks require less manual work. (not implemented in v6.22.0)

  • Better support for running Security Server on cloud platforms enables use of different cloud services together with Security Server, e.g. cloud HSMs and auto scaling.

    • Cloud services can be used to reduce administrative tasks of operating Security Server, optimise infrastructure costs and increase availability.

  • Security Server administrators can define preferred order for OCSP and TSA services. (not implemented in v6.22.0)

    • Free or low cost service providers can be defined as primary service providers which are used by default. (not implemented in v6.22.0)

    • Service providers with lower priority are used only if primary services are not available. In case OCSP and/or TSA are paid services this helps to lower Security Server operational costs. (not implemented in v6.22.0)

  • Support for enhanced security configuration in clustered time-stamping services is added. (not implemented in v6.22.0)

    • A cluster may contain multiple time-stamping service instances that do not use shared a certificate and a private key which increases the security of the service. (not implemented in v6.22.0)

  • Support for changing the Security Server owner member after the initial configuration of the Security Server is added. (new)

    • In case the member code of an X-Road member changes, it is possible to change the owner of the existing Security Servers owned by the member without downtime or service breaks. (new)

Version 6.22.0 release notes

Version 6.21.0

Summary of changes included in version 6.21.0.

  • Security Server provides support for consuming and producing both SOAP and REST services.

    • REST-based systems can be integrated to X-Road without technical changes and an additional adapter service component.

    • REST support is not limited to just JSON and XML messages as Security Server does not set any restrictions to the content type of the payload that is transferred between a service consumer and a service provider.

    • Consuming and producing SOAP services remains supported and no changes are required to existing SOAP based service consumers and producers.

  • X-Road onboarding process is streamlined enabling automatic approval of registration requests of new X-Road member organizations and information systems.

    • X-Road operator may choose between automatic and manual approval of registration requests within an X-Road ecosystem.

    • Automatic approval speeds up the registration process and reduces the daily management tasks of the X-Road operator.

  • Security Server performance is optimised to make message processing faster. (not implemented in v6.21.0)

    • Optimisation speeds up messagelog archival process and optimises Security Server's resource usage. (not implemented in v6.21.0)

    • Security Server is able to automatically adjust the amount of hardware resources allocated to it. (not implemented in v6.21.0)

  • Standalone Security Server is a special version of Security Server that is ready-to-use in minutes without the normal Security Server installation, configuration and registration process.

    • Standalone Security Server is meant for testing purposes in X-Road service development and it cannot communicate with other Security Servers.

    • Standalone Security Server is targeted especially to developers and organizations that are developing services to be published via X-Road.

Version 6.21.0 release notes

Version 6.20.0

Summary of changes included in version 6.20.0.

  • Support for Ubuntu 18.04 LTS.

    • Central Server, Security Server and Configuration Proxy can be migrated from Ubuntu 14.04 LTS to the latest Ubuntu 18.04 LTS version.

    • Ubuntu 14.04 LTS will quit receiving maintenance updates in Q2/2019 which is why migration is required.

    • Ubuntu 18.04 LTS support includes installation packages, and instructions for fresh install and migration from Ubuntu 14.

  • Security Server provides built-in support for Finnish data classification system level ST IV.

    • The default security configuration has been updated according to the Finnish Communications Regulatory Authority's requirements.

  • Messagelog time-stamping has been improved so that messagelog records are always verifiable regardless of the number of processed messages and Security Server’s load.

  • Security Server's security and maintainability is improved replacing customised and outdated 3rd party components with the latest off-the-shelf versions of the components.

    • In addition, maintainability is improved removing unsupported features and dead code from the codebase.

Version 6.20.0 release notes