Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Important information added regarding the new EEC feature leading to a possible defect when upgrading.

Version: 6.5.2

Release date: 2024-02-26This release focusses

Excerpt
Note

Important information regarding support for ECC keys

Support for ECC keys (DA-22) was introduced in Digital Access 6.5.1, which caused a new defect in Digital Access that may prevent a successful upgrade. This defect is resolved in DA-1816 and will be included in Digital Access 6.7.0 and higher versions.

The defect can be identified in the logs, see the example log lines below:

2024-04-19 10:46:09 FATAL 1021478 "Could not create server certificate for 0.0.0.0:443"

2024-04-19 10:46:09 INFO 1330301 "Reverting to last saved configuration"

Workaround

If an upgrade needs to be done to a version >= 6.5.1 before 6.7.0, the workaround is to re-upload the encrypted private keys in PEM/Base64 format, for all Server Certificates. Make sure to have this prepared before starting the upgrade.

This release focuses mainly on performance improvements in certain parts of Digital Access.

Info

This release includes a fix for the User certificate vulnerability reported on 13th Feb.

Minor improvements

Jira

Description

DA-1667

Removed unnecessary SQL delete calls for user settings.

DA-1668

Reduced SQL update upon successful authentication, store user once in Authentication Service instead of twice (skip the update in Policy Service).

DA-1689

Removed unnecessary SQL query of fetching users in the XPI User update call.

DA-1659

Utilized the existing "User cache" to improve performance and reduce database (DB) CPU usage by fetching user from DB every 15 min instead of for every authentication request. To add caching to a user, do the following:

  1. Edit the user account (for all delegated admin users).

  2. Add the custom defined attribute ‘reserved-cache-account-on-successful-auth’ and set the value to ‘true’.

Caching should be enabled only for a user that is authenticated frequently like a delegated admin user.

DA-1660

When a customer updates the DA account (via XPI) and the account has no real modifications (for example, using the same phone number as before), the conditional update mechanism will detect this and skip writing to the database.

DA-1688

Added the system property 'com.portwise.mobiletext.sms.async.enabled' to enable asynchronous sending of SMS over the channels. Do the following:

  • Add the system property in the authentication service customize.conf and set it to 'true'.

DA-1728

Added the system property 'com.nexusgroup.user.db.transaction-timeout-sec' to set a transaction timeout with the database with a default value set to 30 seconds which will make sure the services (except admin service) are not waiting

...

for a long time on a response form the database.

Info

Customize .conf property for policy and authentication services only if the value needs to be modified.

DA-1731

...

Added the system property 'com.portwise.xpi.ws.v1.authentication.skip_adding_empty_eid_attrib' to skip adding eid attributes if they are not required at the client side. This reduces the XML which improves network performance and less marshalling of XML in PS service (less CPU). Do the following:

  • Add the system property in the policy service customize.conf and set it to 'true'.

Contact information

For information regarding support, training, and other services in your area, visit http://www.nexusgroup.com/