SignServer 6.3 Release Notes
MAY 2024
The SignServer team is pleased to announce the release of SignServer 6.3. With this release, the SignServer Container Set is introduced for customer SignServer deployment on Kubernetes using the Helm chart part of the release. The release also brings support for Microsoft SQL database and REST API extensions.
For available deployment options and associated versions, refer to Supported Versions.
Highlights
SignServer Container Set
SignServer introduces the SignServer Container Set, enabling customers to deploy SignServer on Kubernetes using a Helm chart included in this release.
For Hardware Security Module (HSM) integration in a container-based deployment, the SignServer Container Set includes sidecar containers tailored to each supported HSM type. Alternatively, a SignServer container-based deployment may integrate with HSMs using REST API integrations, which do not require a sidecar container.
Extended SignServer REST API
SignServer 6.3 continues to expand the REST API. It is now possible to list all workers and get the configuration of a given worker. For more information, see REST Interface.
Microsoft SQL Server database support
SignServer now supports Microsoft SQL Server as a database in addition to previous support for MariaDB, MySQL, PostgreSQL, and Oracle.
Documentation on docs.keyfactor.com
As of SignServer 6.3, the SignServer product documentation is available at docs.keyfactor.com.
Bouncy Castle upgraded to 1.78
Bouncy Castle has been upgraded to 1.78 in SignServer 6.3.
Announcements
Upcoming Technology Stack upgrade in SignServer 7
As a Java application running on an application server, SignServer 6.3 runs on WildFly 24/26 or JBoss EAP 7.4 and supports running on Java 11 or Java 17. Due to changes in recent WildFly versions and JBoss EAP 8 that are not backward compatible with WildFly 26 and JBoss 7.4, the upgrade from SignServer 6 to the upcoming new major version SignServer 7 will require a complete tech stack upgrade.
Overview of the SignServer 6 and SignServer 7 tech stacks.
SignServer customers with software-based deployments are advised to plan for an upgrade to the SignServer 7 tech stack once SignServer 7 is released during the second half of 2024.
Upgrade Information
Review the SignServer Upgrade Notes for important information about this release. For upgrade instructions, see Upgrade SignServer.
Change Log: Resolved Issues
The following lists fixed bugs and implemented features in SignServer 6.3.
Issues Resolved in 6.3.0
Released May 2024 DSS-2658 - JUnit test - Support for SignServer REST interface in SignClient DSS-2693 - MS SQL Support Part 2 DSS-2713 - Support of Signed Audit Logs on SignServer Container DSS-2727 - Support for TimeMonitor in SignServer Container DSS-2730 - Add environment variable support to enable (signed) audit logging DSS-2735 - As an administrator I would like to use the REST API to be able to List and Get Workers and configuration DSS-2747 - JUnit test - Support for SignServer HTTP interface in SignClient DSS-2753 - Create a container for TimeMonitor DSS-2755 - Documentation for SignServer Container Deployment DSS-2770 - SBOM for SignServer Container DSS-2575 - Add list/table of deprecated and dropped features to the documentation DSS-2576 - Upgrade the pending Maven plugin versions DSS-2586 - Upgrade dnsjava to 3.5.2 and remove dnssecjava DSS-2596 - Remove dependency: dom4j DSS-2598 - Add tests for zone file signing using P11NG DSS-2678 - Reduce overhead for listing keys with P11NG Crypto token DSS-2702 - Move /openapi to /signserver/openapi DSS-2703 - Document authorization/role needed for each REST call DSS-2708 - Add systemtests for SignClient+REST+cert DSS-2712 - Status Code Messages Mismatches on OpenAPI DSS-2723 - Upgrade to P11NG 0.5.15 DSS-2750 - Upgrade org.eclipse.jetty:jetty-http to 9.4.52 or later DSS-2751 - Upgrade org.apache.santuario:xmlsec to 2.2.6 or later DSS-2764 - Upgrade Bouncy Castle to 1.78 DSS-2340 - Signature scheme RSASSA-PSS not working with XAdES-Baseline-T and higher profiles DSS-2556 - Signature output tests fails on Windows (line-ending issue?) DSS-2631 - Reproducible build (-DfixedTime) fails with Java 11 DSS-2633 - Performance/stresstest client does not print the results after SignServer 5.8.1 DSS-2670 - Can not install certificates with explicit ECC parameters DSS-2701 - Dead code outside of source folder DSS-2706 - SignClient gives full JSON response instead of just response data with protocol RESTNew Features
Improvements
Bug Fixes