Release note Smart ID 22.10.2
Version: 22.10.2
Release date: 2023-02-21
The Smart ID 22.10.2 release provides updates, improvements, and bug fixes for the components included to ensure high quality and security.
Upgrade Smart ID
See Upgrade Smart ID with general information regarding upgrading Smart ID. See also specific information regarding upgrade from 22.04 to 22.10: Upgrade Smart ID Identity Manager from 22.04 to 22.10 and 22.10 to 22.10.2: Upgrade Smart ID Identity Manager from 22.04.4 to 22.04.5 and 22.10 to 22.10.2.Â
Smart ID compatibility
Detailed feature list
Features
Jira ticket no | Description | Digital Access | Identity Manager & Self-Service | Physical Access | Messaging |
---|---|---|---|---|---|
CRED-13703 | Extended keyboard navigation in Self-Service It is now possible to switch between different sub areas in Smart ID Self-Service, for example "What do you want to do?" and "Open Tasks", by using the Tab key. See Smart ID Self-Service for more information. | X | |||
CRED-13841 | Support for cards with signature slot Added support for cards with signature slot. See Use Signature slot in Identity Manager for more information. Also see section "Support for cards with signature slot" in Encoding using Gemalto/SafeNet/Thales middleware in Identity Manager and Encodings using Personal Desktop Client middleware in Identity Manager for more information. | X | |||
CRED-13989 | Minidriver admin keys on TCOS cards Management of Minidriver admin keys and corresponding challenge-response mechanisms for TCOS3 and TCOS4 cards, in combination with TCOS middleware, is now supported. | X | |||
CRED-14069 | Delete mobile ID profile A new service task called "Mobile App: Delete Profile" is implemented in Identity Manager to be able to delete a Mobile ID profile. See section "Mobile App: Delete Profile" in Smart ID Messaging - Standard service tasks in Identity Manager for more information. | X | |||
CRED-14151 | Batik libraries removed All Batik libraries are removed for Smart ID 22.10.2 to mitigate CVE-2022-40146, CVE-2022-38648 and CVE-2022-38398. | X | |||
CRED-14380 | SignPIN instead of PIN2 In encoding encryptions both "signPIN" and "PIN2" were used to represent the signature PIN. Now only "SignPIN" should be used for consistency. However, PIN2 still works for backwards compatibility. | X | |||
CRED-14770 | Smart ID version 22.10.2 comes with Tomcat v9.0.71 Addressing the vulnerability CVE-2022-45143: The latest available Tomcat version is always used in the Docker images for Smart ID. | X | |||
DA-470 | Added a third option (None) for the auto-linking accounts notifications section. Selecting None will not send any notifications when the user accounts are auto-linked by Digital Access. | X | |||
DA-911 | UX improvements while publishing the changes to services in Digital Access. It is now possible to see the status of each service while it is waiting to connect and the updates once it gets successfully published. The Publish button will change color to gray during the publish progress. | X | |||
DA-1149 | Added support to bridge network for Smart ID deployment in case of distributed or High Availability (HA) setup. For more information about configuring high availability or distributed architecture, see Set up high availability for Digital Access deployment (bridge network).  | X | |||
DA-940 | Ability to add LoA translation groups. LoA translation groups define the conditions when to convert the AuthNContextClassRef in the SAML response to a new value. For more information, see Set up SAML authentication context in Digital Access. | X | |||
DA-1156 | Added a Listen on all Interfaces checkbox for administration service to support bridge network. This checkbox should be selected only while using the bridge network. | X |
Corrected bugsÂ
Jira ticket no | Description | Digital Access | Identity Manager & Self-Service | Physical Access | Messaging |
---|---|---|---|---|---|
CRED-13224 | There was an issue where search configurations over more than one level could not be filtered on the target datapool. This has been fixed. | X | |||
CRED-13862 | There was an issue when trying to load a Nexus GO Cards layout when the server had been running for a while, and a "401 unauthorized" error was shown. This has been fixed. | X | |||
CRED-13983 | On a search added to a form you can optionally apply a mapping. There was an issue where the whole object was added to the map instead of only the mapped data. This has been fixed. | X | |||
CRED-14086 | There was an issue where initialization values for hidden fields were not written into the process map. This has been fixed. | X | |||
CRED-14093 | "Batch sync" was renamed to "Scheduled Jobs" in Smart ID 22.10. This change is now also reflected in the Smart ID Workforce modules overview. | X | |||
CRED-14166 | There was a typo in one of the parameters in the "Core Objects: Check Relation" service task (delegate expression "checkObjectRelationParametrizedTask") where " Upgrade instructions from older versions to 22.10.2 or higher If you use the service task "Core Objects: Check Relation" you need to rename the parameter "destionationDataPoolName" to "destinationDataPoolName". See also "Upgrade Smart ID" above. | X | |||
CRED-14287 | There is a new error type for BPMN for the service task Execute PKCS10 Request. See section "Cert: Execute Modified PKCS10 Request" in  Certificates - Standard service tasks in Identity Manager. | X | |||
CRED-14311 | There was an issue where searches in data sources like Card History Entries, Identity History Entries, Certificate History Entries etc. did not work as expected. This has been fixed. | X | |||
CRED-14347 | There was an issue where jobs that were not enabled were not shown in the Admin page in Identity Manager Operator. This has been fixed. | X | |||
CRED-14444 | In Smart ID Self-Service, some error messages were not shown in the language selected by the user. This has been fixed. | X | |||
CRED-14470 | There was an issue in Identity Manager Admin with selecting an LDAP Object from a form search. After selecting the object and clicking Next, an error message occurred. This has been fixed. | X | |||
DA-716 | Upgraded SMTP plugin to javax.mail 1.6.2Â to support TLS 1.2. | X | |||
DA-913 | There was an issue where an unintentional authentication-loop occurred when Nexus Digital Access acted as IDP-proxy for two federations. This has been fixed. | X | |||
DA-923 | There was an issue where an incorrect content-type for JPG caused Internet Explorer (and Intune for Linux) to prevent loading Personal mobile authentication images. This has been fixed. | X | |||
DA-930 | Upgraded some libraries to fix a few detected vulnerabilities. | X | |||
DA-1027 | There was an issue where the user accounts selection was not retained after saving roles in the delegate management. This has been fixed. | X | |||
DA-1127 | Added documentation around Personal desktop in the help section for the authentication method. | X | |||
IDC-1860 | Fixed critical vulnerabilities in the libpcre2-8-0, libssl1.1, and zlib1g libraries. | X | |||
IDC-2182 | Enhanced support to run multiple instances of maintenance service on the same RabbitMQ server for different deployments, for example, running maintenance service for QA and UAT on the same RabbitMQ server. | X | |||
IDC-2210 | Improved the overall performance of RabbitMQ and PACS connector services by refactoring the RabbitMQ library. | X | |||
IDC-2249 | Fixed issues in the data migration process for the KabaExos connector service. | X |
Release announcement
For details on the updated Smart ID configurations and deployment configurations, see here:Â
Contact
Contact Information
For information regarding support, training and other services in your area, please visit our website at www.nexusgroup.com/.Â
Support
Nexus offers maintenance and support services for Smart ID components to customers and partners. For more information, please refer to the Nexus Technical Support at www.nexusgroup.com/support/, or contact your local sales representative.
Copyright 2024 Technology Nexus Secured Business Solutions AB. All rights reserved.
Contact Nexus | https://www.nexusgroup.com | Disclaimer | Terms & Conditions