Skip to main content
Skip table of contents

SignServer Software Appliance 2.8 Release Notes

JUNE 2025

We are pleased to announce the release of SignServer Software Appliance 2.8.0.

This release includes core updates to SignServer, support for additional HSM integrations, enhanced configurability for data disk sizes, and several system improvements and bug fixes.

Highlights

New Version of SignServer Enterprise

SignServer Enterprise has been updated to version 7.3.2. For more information, see the SignServer Release Notes.

Support for n/k OCS Cards and High Availability Mode for nShield HSMs

The Software Appliance now supports n-out-of-k One-Time Card Sets (OCS) with preload functionality. This enhancement meets regulatory requirements for dual-control processes and improves security during key loading and activation of high-privilege operations.

Additionally, we have introduced High Availability (HA) functionality for nShield modules using preloaded 1/n card sets. In this mode, at least one card from the set must always remain inserted in the card reader of the connected modules. The key advantage over traditional load balancing is that modules automatically rejoin the HA group when they become available again, eliminating the need to restart the appliance application for reconnection.

Customizable Data Disk Capacity

Version 2.8.0 introduces full support for dynamic resizing of the data disk via WebConf. The appliance now ships with a smaller default disk size (10 GB instead of 2 TB) to reduce initial storage footprint.

A new Storage Management section has been added to WebConf, enabling users to view disk information and, if applicable, extend the data partition to its maximum allowed size with a single click. This functionality includes:

⚠️ Note: Disk shrinking is not supported. This is due to technical limitations in most hypervisors (e.g., ESXi, KVM), which do not allow reliable partition downsizing on active virtual disks. Manual shrink operations carry a high risk of data loss and are intentionally excluded.

Improvements and Corrections

The following lists other improvements and corrections included in the release.

  • Updated the DPoD driver for compatibility with the latest firmware versions

  • Fixed an issue where Syslog messages were missing the PRI field when using RFC 5424 formatting

  • Resolved a bug where the Syslog format migration script was triggered multiple times unnecessarily

  • Updated Thales TCT Luna Client to 7.13.2 – Replaced version 7.12.1 due to a critical bug affecting HA Group reconnection. The new version resolves the issue; a migration step ensures a safe transition.

  • Increased flexibility for file uploads. The new configuration ensures that large file uploads (e.g. for signing) no longer fail due to the previous 20-second hard limit. Clients now gain extra seconds based on upload rate, allowing more stable transfer conditions.

  • Network interfaces can now be assigned one or more alias names via WebConf. This allows more precise control over which names or addresses can be used to access the user interface. It significantly enhances security and offers better protection against certain types of attacks. Additionally, when logging in via OIDC, the correct network connection is now automatically used — especially useful when multiple network interfaces are active.

Upgrade Information

For information on the required steps to update the SignServer Software Appliance, see Update Software Appliance.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close