Skip to main content
Skip table of contents

SignServer 6.3 Release Notes

MAY 2024

The SignServer team is pleased to announce the release of SignServer 6.3. With this release, the SignServer Container Set is introduced for customer SignServer deployment on Kubernetes using the Helm chart part of the release. The release also brings support for Microsoft SQL database and REST API extensions.

For available deployment options and associated versions, refer to Supported Versions.

Highlights

SignServer Container Set

SignServer introduces the SignServer Container Set, enabling customers to deploy SignServer on Kubernetes using a Helm chart included in this release. 

For Hardware Security Module (HSM) integration in a container-based deployment, the SignServer Container Set includes sidecar containers tailored to each supported HSM type. Alternatively, a SignServer container-based deployment may integrate with HSMs using REST API integrations, which do not require a sidecar container.

Extended SignServer REST API

SignServer 6.3 continues to expand the REST API. It is now possible to list all workers and get the configuration of a given worker. For more information, see REST Interface.

Microsoft SQL Server database support

SignServer now supports Microsoft SQL Server as database in addition to previous support for MariaDB, MySQL, PostgreSQL, and Oracle.

Documentation on Keyfactor Docs

As of SignServer 6.3, the SignServer product documentation is available at docs.keyfactor.com.

Bouncy Castle upgraded to 1.78

Bouncy Castle has been upgraded to 1.78 in SignServer 6.3.

Announcements

Upcoming Technology Stack upgrade in SignServer 7

As a Java application running on an application server, SignServer 6.3 runs on WildFly 24/26 or JBoss EAP 7.4 and supports running on Java 11 or Java 17. Due to changes in recent WildFly versions and JBoss EAP 8 that are not backward compatible with WildFly 26 and JBoss 7.4, the upgrade from SignServer 6 to the upcoming new major version SignServer 7 will require a complete tech stack upgrade. 

Overview of the SignServer 6 and SignServer 7 tech stacks.

SignServer customers with software-based deployments are advised to plan for an upgrade to the SignServer 7 tech stack once SignServer 7 is released during the second half of 2024.

Upgrade Information

Review the SignServer Upgrade Notes for important information about this release. For upgrade instructions, see Upgrade SignServer.

Change Log: Resolved Issues

The following lists fixed bugs and implemented features in SignServer 6.3.

Issues Resolved in 6.3

Released May 2024

New Features

DSS-2658 - JUnit test - Support for SignServer REST interface in SignClient

DSS-2693 - MS SQL Support Part 2

DSS-2713 - Support of Signed Audit Logs on SignServer Container

DSS-2727 - Support for TimeMonitor in SignServer Container

DSS-2730 - Add environment variable support to enable (signed) audit logging

DSS-2735 - As an administrator I would like to use the REST API to be able to List and Get Workers and configuration

DSS-2747 - JUnit test - Support for SignServer HTTP interface in SignClient

DSS-2753 - Create a container for TimeMonitor

DSS-2755 - Documentation for SignServer Container Deployment

DSS-2770 - SBOM for SignServer Container

Improvements

DSS-2575 - Add list/table of deprecated and dropped features to the documentation

DSS-2576 - Upgrade the pending Maven plugin versions

DSS-2586 - Upgrade dnsjava to 3.5.2 and remove dnssecjava

DSS-2596 - Remove dependency: dom4j

DSS-2598 - Add tests for zone file signing using P11NG

DSS-2678 - Reduce overhead for listing keys with P11NG Crypto token

DSS-2702 - Move /openapi to /signserver/openapi

DSS-2703 - Document authorization/role needed for each REST call

DSS-2708 - Add systemtests for SignClient+REST+cert

DSS-2712 - Status Code Messages Mismatches on OpenAPI

DSS-2723 - Upgrade to P11NG 0.5.15

DSS-2750 - Upgrade org.eclipse.jetty:jetty-http to 9.4.52 or later

DSS-2751 - Upgrade org.apache.santuario:xmlsec to 2.2.6 or later

DSS-2764 - Upgrade Bouncy Castle to 1.78

Bug Fixes

DSS-2340 - Signature scheme RSASSA-PSS not working with XAdES-Baseline-T and higher profiles

DSS-2556 - Signature output tests fails on Windows (line-ending issue?)

DSS-2631 - Reproducible build (-DfixedTime) fails with Java 11

DSS-2633 - Performance/stresstest client does not print the results after SignServer 5.8.1

DSS-2670 - Can not install certificates with explicit ECC parameters

DSS-2701 - Dead code outside of source folder

DSS-2706 - SignClient gives full JSON response instead of just response data with protocol REST


JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.