SignServer 6.3 Release Notes
MAY 2024
The SignServer team is pleased to announce the release of SignServer 6.3. With this release, the SignServer Container Set is introduced for customer SignServer deployment on Kubernetes using the Helm chart part of the release. The release also brings support for Microsoft SQL database and REST API extensions.
For available deployment options and associated versions, refer to Supported Versions.
Highlights
SignServer Container Set
SignServer introduces the SignServer Container Set, enabling customers to deploy SignServer on Kubernetes using a Helm chart included in this release.
For Hardware Security Module (HSM) integration in a container-based deployment, the SignServer Container Set includes sidecar containers tailored to each supported HSM type. Alternatively, a SignServer container-based deployment may integrate with HSMs using REST API integrations, which do not require a sidecar container.
Extended SignServer REST API
SignServer 6.3 continues to expand the REST API. It is now possible to list all workers and get the configuration of a given worker. For more information, see REST Interface.
Microsoft SQL Server database support
SignServer now supports Microsoft SQL Server as database in addition to previous support for MariaDB, MySQL, PostgreSQL, and Oracle.
Documentation on Keyfactor Docs
As of SignServer 6.3, the SignServer product documentation is available at docs.keyfactor.com.
Bouncy Castle upgraded to 1.78
Bouncy Castle has been upgraded to 1.78 in SignServer 6.3.
Announcements
Upcoming Technology Stack upgrade in SignServer 7
As a Java application running on an application server, SignServer 6.3 runs on WildFly 24/26 or JBoss EAP 7.4 and supports running on Java 11 or Java 17. Due to changes in recent WildFly versions and JBoss EAP 8 that are not backward compatible with WildFly 26 and JBoss 7.4, the upgrade from SignServer 6 to the upcoming new major version SignServer 7 will require a complete tech stack upgrade.
Overview of the SignServer 6 and SignServer 7 tech stacks.
SignServer customers with software-based deployments are advised to plan for an upgrade to the SignServer 7 tech stack once SignServer 7 is released during the second half of 2024.
Upgrade Information
Review the SignServer Upgrade Notes for important information about this release. For upgrade instructions, see Upgrade SignServer.
Change Log: Resolved Issues
The following lists fixed bugs and implemented features in SignServer 6.3.
Issues Resolved in 6.3
Released May 2024
New Features
DSS-2658 - JUnit test - Support for SignServer REST interface in SignClient
DSS-2693 - MS SQL Support Part 2
DSS-2713 - Support of Signed Audit Logs on SignServer Container
DSS-2727 - Support for TimeMonitor in SignServer Container
DSS-2730 - Add environment variable support to enable (signed) audit logging
DSS-2735 - As an administrator I would like to use the REST API to be able to List and Get Workers and configuration
DSS-2747 - JUnit test - Support for SignServer HTTP interface in SignClient
DSS-2753 - Create a container for TimeMonitor
DSS-2755 - Documentation for SignServer Container Deployment
DSS-2770 - SBOM for SignServer Container
Improvements
DSS-2575 - Add list/table of deprecated and dropped features to the documentation
DSS-2576 - Upgrade the pending Maven plugin versions
DSS-2586 - Upgrade dnsjava to 3.5.2 and remove dnssecjava
DSS-2596 - Remove dependency: dom4j
DSS-2598 - Add tests for zone file signing using P11NG
DSS-2678 - Reduce overhead for listing keys with P11NG Crypto token
DSS-2702 - Move /openapi to /signserver/openapi
DSS-2703 - Document authorization/role needed for each REST call
DSS-2708 - Add systemtests for SignClient+REST+cert
DSS-2712 - Status Code Messages Mismatches on OpenAPI
DSS-2723 - Upgrade to P11NG 0.5.15
DSS-2750 - Upgrade org.eclipse.jetty:jetty-http to 9.4.52 or later
DSS-2751 - Upgrade org.apache.santuario:xmlsec to 2.2.6 or later
DSS-2764 - Upgrade Bouncy Castle to 1.78
Bug Fixes
DSS-2340 - Signature scheme RSASSA-PSS not working with XAdES-Baseline-T and higher profiles
DSS-2556 - Signature output tests fails on Windows (line-ending issue?)
DSS-2631 - Reproducible build (-DfixedTime) fails with Java 11
DSS-2633 - Performance/stresstest client does not print the results after SignServer 5.8.1
DSS-2670 - Can not install certificates with explicit ECC parameters
DSS-2701 - Dead code outside of source folder
DSS-2706 - SignClient gives full JSON response instead of just response data with protocol REST