Skip to main content
Skip table of contents

EJBCA 9.3.3 Release Notes

JULY 2025

The EJBCA team is pleased to announce the release of EJBCA 9.3.3.

This maintenance release contains corrections and improvements in various areas, including CMP, CVC certificates, database connections, LDAPS with MSAE, and OAuth. 

EJBCA 9.3.3 release is available for software and container-based deployments. For available deployment options and associated versions, refer to Supported Versions

Announcements

Security Issue

EJBCA 9.3.3 resolves a security issue affecting EJBCA versions 9.3.2 or lower, deployed in a distributed environment. The issue does not affect Single-node EJBCA installations, or EJBCA installations where each CA node uses a separate database. 

Keyfactor rates the issue as having a severity level of medium as the circumstances under which this vulnerability can occur are unlikely as well as time limited.

Once EJBCA 9.3.3 has been generally available across all platforms for at least two weeks, a CVE with the identifier CVE-2025-49602 will be published.

Upgrade Information

Review the EJBCA Upgrade Notes for important information about this release. For upgrade instructions and information on upgrade paths, see Upgrading EJBCA.

Change Log: Resolved Issues

The following lists implemented features and fixed issues in EJBCA 9.3.3.

Issues Resolved in 9.3.3

Released July 2025

New Features

ECA-13526 MSAE - LDAPS through RA (SocketFactory for CA certificate based trust)

Improvements

ECA-13040 Allow customers to import trusted CA certificates in container

ECA-13075 MSAE - LDAPS through RA (UI)

ECA-13486 Improve oAuth key upload from url logging

ECA-13527 MSAE - LDAPS through RA (Backend)

ECA-13582 Upgrade commons-fileupload2 to 2.0.0-M4

Bug Fixes

ECA-9062 ejbca-db-cli leaks memory

ECA-12780 A second SAN DNS name is not inserted into the certificate if Use entity CN field is enabled

ECA-13294 Allow revocation reason for issuance to be set from end entity profile for non-RA Web methods

ECA-13328 Regression: REST response format is null

ECA-13346 VA Peer Sync Failure for SSH certificates

ECA-13370 RA Web fails to populare UI altName field of type DirectoryName

ECA-13375 MSSQL Deadlocks during UserData update

ECA-13395 Certificate gets partition 0 when imported to EJBCA

ECA-13427 Fix misleading role claim

ECA-13428 Make PKIMessage.PKIHeader.senderKID optional for PBE/PBMAC1

ECA-13432 Regression: Admin web add/edit end entity page name constraints and extension data fields don't show as expected

ECA-13442 CMP message signature verification fails when PSS is used

ECA-13456 Cached authentication tokens can remain in use even after role member change on different node

ECA-13480 Missing Url Encoding in username for admin UI

ECA-13513 CVC issuance via REST API doesn't allow alphanumeric sequenceNr

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close