Electronic Signature 2.10.0 Release Notes Save PDF Selected topic Selected topic and subtopics All content Axway Electronic Signature 2.10.0 Release Notes Document version: 3 February 2021 New features and enhancements Fixed issues Known issues Documentation Support services New features and enhancements New architecture to remove the use of Java applet technology The treasurer's signature is performed on the workstation of the treasurer where the token carrying their certificate(s) is plugged. Hence the signing service must be executed on the treasurer's workstation. Before this release of Electronic Signature, this service was provided by a Java applet. Today, the Java applet technology is perceived as a potential vulnerability. The editors of web browsers have started to forbid by default the use of this technology in the latest versions of their products. To take into account this evolution, version 2.10 does not use the Java applet technology. It is replaced by a new architecture where the signature service is provided by an agent downloaded from the Electronic Signature server, installed outside of the scope of the browser and interacting with the treasurer's Web UI through a REST API. New SSO model based on SAML This new SSO allows transparent login to other Axway products. It allows users to integrate with external SAML based Identity Providers such as Okta, Keycloak, Giga, and ForgeRock. Simplification of the installation and configuration The way the product is installed has been enhanced with a new installer and a clearer separation between installation and configuration phases. The configuration phase is managed by a new Configuration tool. Thanks to this new method, Java version management is simplified and the upgrade to new releases will be easier. The new installer is lighter and provides three modes of installation: graphic mode (via wizard), console mode (via command line), and silent mode (via response file). The Configuration tool also provides three modes of configuring the product: graphic mode (via wizard), console mode (via command line) and silent mode (via response file). The simplification is also brought by a new and clearer directory architecture. Integration with the latest version of Secure Relay Electronic Signature 2.10 integrates the latest version of Axway Secure Relay (2.6.x). Secure Connection to database Electronic Signature 2.10 is now able to connect to the database in TLS for both Oracle and MySQL. Secure Connection to Sentinel Electronic Signature 2.10 is now able to connect to Sentinel in TLS. Fixed issues This section lists issues specifically resolved in this release. For details of corrections included in a service pack or patch, refer to the corresponding Readme file available from the Axway Support website. Fixed security vulnerabilities Case ID Internal ID CVE ID Description – – – Issue: Default admin user is not forced to change the password at first login. Resolution: Now the admin default user is forced to change the default password at first login. – RDESIGN-918 CVE-2014-0114 Issue: The commons-beanutils library 1.7.0 version contains security vulnerabilities. Resolution: The commons-beanutils is updated to version 1.9.3. – RDESIGN-499, RDESIGN-488, RDESIGN-494, RDESIGN-495, RDESIGN-496 CVE-2014-0054, CVE-2013-6429, CVE-2013-4152, CVE-2013-7315 Issue: The spring framework version 3.0.6 contains security vulnerabilities. Resolution: The spring framework is updated to version 3.2.8. Other fixed issues Case ID Internal ID Description 00858537 RDESIGN-563 Issue: Incorrect default path of the Secure Relay certificates inside the configuration file. Resolution: Now Secure Relay must be configured through a Configuration tool which will set the correct values for the default certificates. 00859225 RDESIGN-594 Issue: Internet Explorer 11 always redirects to Oracle for downloading Java. Resolution: Now Electronic Signature does not require Java to be installed and activated in the browser. 00873571 RDESIGN-920 Issue: A transport user is deleted if an initialization is done for a Transport and Signature user with identical name. Resolution: Now the error is correctly handled and the initial user will not be deleted. 00876088 RDESIGN-974 Issue: The action of updating the customer orderID in the command line has a misleading help message. Resolution: Now the help message for this action has been improved. 00877883 RDESIGN-993 Issue: Oracle partitioning was missing in the Installation Guide as an Oracle prerequisite. Resolution: Oracle partitioning is now documented in the section "Oracle database prerequisites > Partitioning". – – Issue: The modification of the Oracle Database URL is not taken into account when using the installer's Configure function. Resolution: The Configuration tool can update the database URL properly. – – Issue: PassPort installed on AIX does not support TLSv1.2 in SSO mode. Resolution: Now the connection between PassPort and Electronic Signature can be restricted to TLS 1.2 on AIX. – RDESIGN-165 Issue: On Solaris, the MFT scripts may not correctly resolve the EBICS install directory. Resolution: Now the MFT scripts work correctly on Solaris. – RDESIGN-458 Issue: Performance issue when storing user certificates in the database that could lead to an out of memory error. Resolution: Now issue is resolved and the initialization of multiple users will not lead to an out of memory error. – RDESIGN-78 Issue: The logs cannot show the correct level of service pack or path. Resolution: Now the logs will always show the correct level of product version. Known issues Case ID Internal ID Description – D-101855 The default TLS cipher suite names are not compatible with the IBM JRE on AIX After installation, the TLS cipher suites present in the configuration.properties file must be modified to replace TLS with SSL. This affects both the server.ssl.supportedCipherSuites and conf.supportedCipherSuites options. For example: NOT AIX Compliant: <prefix>.supportedCipherSuites=TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA AIX Compliant: <prefix>.supportedCipherSuites=SSL_RSA_WITH_AES_256_CBC_SHA256,SSL_RSA_WITH_AES_128_CBC_SHA256,SSL_RSA_WITH_AES_256_CBC_SHA,SSL_RSA_WITH_AES_128_CBC_SHA 00895521 RDESIGN-1250 Whenever the Configuration tool is used, any manual changes that had been made in the Secure Relay configuration file are lost. This issue is fixed in version 2.10.1. Adobe Flash Player end of life On 31 December 2020, Adobe stopped the support and distribution of Flash Player. New versions of web browsers no longer support Flash Player from this date. Electronic Signature 2.10.0 however still requires Flash. Recommended solution Upgrade to Electronic Signature version 2.13. This new version uses an HTML5-based interface and does not require Flash Player. Alternative, temporary solutions As a temporary solution, you can use one of the following workarounds to continue to use Electronic Signature 2.10.0: Make sure your web browser allows you to run Flash Player after 31 December 2020 and block automatic updates.Check the version of the Flash Player plugin that you are currently using. The highest version you should use is 32.0.0.371. Later versions will no longer work after 31 December 2020.If you are running a higher version, downgrade to 32.0.0.371. Freeze your configurations and environments to avoid any accidental update of the Flash Player plugin and the associated web browsers. Use the Axway Desktop Client packaged solution, that links to your pepflashplayer.dll (version 32.0.0.371 or below). This will allow you to continue to use Electronic Signature. For details, refer to the Axway Desktop Client User Guide (restricted content — login required). Purchase your own Flash Player license from Harman. If in any doubt, contact Axway Support for advice. Documentation This section describes documentation enhancements and related documentation. Documentation enhancements This release of Electronic Signature includes the following documentation changes: Installation Guide: Updated to reflect the change to the new installer. All configuration information has been moved to the Administrator Guide. Upgrade Guide: This is a new guide that explains how to upgrade Electronic Signature to the latest version. Administrator Guide: This guide now includes all configuration information, both for initial installation after installing Electronic Signature and for changing the configuration at a later stage. Security Guide: Updated to include new security information relating to connections secured by TLS. Electronic Signature documentation set The Electronic Signature 2.10.0 documentation set includes the following documents: Release Notes Administrator Guide Installation Guide Upgrade Guide User Guide Security Guide (restricted content — login required) All these documents, including PDF versions, are available on the Axway Documentation portal. Quickly find all manuals Go to the Product Manuals page. Under Filters, select your product version. Related documentation The following reference documents are available on the Axway Documentation portal at https://docs.axway.com Axway Supported Platforms Lists the different operating systems, databases, browsers, and thick client platforms supported by each Axway product. Axway Interoperability Matrix Provides product version and interoperability information for Axway products. Support services The Axway Global Support team provides worldwide 24 x 7 support for customers with active support agreements. Email support@axway.com or visit Axway Support at https://support.axway.com. Related Links
Axway Electronic Signature 2.10.0 Release Notes Document version: 3 February 2021 New features and enhancements Fixed issues Known issues Documentation Support services New features and enhancements New architecture to remove the use of Java applet technology The treasurer's signature is performed on the workstation of the treasurer where the token carrying their certificate(s) is plugged. Hence the signing service must be executed on the treasurer's workstation. Before this release of Electronic Signature, this service was provided by a Java applet. Today, the Java applet technology is perceived as a potential vulnerability. The editors of web browsers have started to forbid by default the use of this technology in the latest versions of their products. To take into account this evolution, version 2.10 does not use the Java applet technology. It is replaced by a new architecture where the signature service is provided by an agent downloaded from the Electronic Signature server, installed outside of the scope of the browser and interacting with the treasurer's Web UI through a REST API. New SSO model based on SAML This new SSO allows transparent login to other Axway products. It allows users to integrate with external SAML based Identity Providers such as Okta, Keycloak, Giga, and ForgeRock. Simplification of the installation and configuration The way the product is installed has been enhanced with a new installer and a clearer separation between installation and configuration phases. The configuration phase is managed by a new Configuration tool. Thanks to this new method, Java version management is simplified and the upgrade to new releases will be easier. The new installer is lighter and provides three modes of installation: graphic mode (via wizard), console mode (via command line), and silent mode (via response file). The Configuration tool also provides three modes of configuring the product: graphic mode (via wizard), console mode (via command line) and silent mode (via response file). The simplification is also brought by a new and clearer directory architecture. Integration with the latest version of Secure Relay Electronic Signature 2.10 integrates the latest version of Axway Secure Relay (2.6.x). Secure Connection to database Electronic Signature 2.10 is now able to connect to the database in TLS for both Oracle and MySQL. Secure Connection to Sentinel Electronic Signature 2.10 is now able to connect to Sentinel in TLS. Fixed issues This section lists issues specifically resolved in this release. For details of corrections included in a service pack or patch, refer to the corresponding Readme file available from the Axway Support website. Fixed security vulnerabilities Case ID Internal ID CVE ID Description – – – Issue: Default admin user is not forced to change the password at first login. Resolution: Now the admin default user is forced to change the default password at first login. – RDESIGN-918 CVE-2014-0114 Issue: The commons-beanutils library 1.7.0 version contains security vulnerabilities. Resolution: The commons-beanutils is updated to version 1.9.3. – RDESIGN-499, RDESIGN-488, RDESIGN-494, RDESIGN-495, RDESIGN-496 CVE-2014-0054, CVE-2013-6429, CVE-2013-4152, CVE-2013-7315 Issue: The spring framework version 3.0.6 contains security vulnerabilities. Resolution: The spring framework is updated to version 3.2.8. Other fixed issues Case ID Internal ID Description 00858537 RDESIGN-563 Issue: Incorrect default path of the Secure Relay certificates inside the configuration file. Resolution: Now Secure Relay must be configured through a Configuration tool which will set the correct values for the default certificates. 00859225 RDESIGN-594 Issue: Internet Explorer 11 always redirects to Oracle for downloading Java. Resolution: Now Electronic Signature does not require Java to be installed and activated in the browser. 00873571 RDESIGN-920 Issue: A transport user is deleted if an initialization is done for a Transport and Signature user with identical name. Resolution: Now the error is correctly handled and the initial user will not be deleted. 00876088 RDESIGN-974 Issue: The action of updating the customer orderID in the command line has a misleading help message. Resolution: Now the help message for this action has been improved. 00877883 RDESIGN-993 Issue: Oracle partitioning was missing in the Installation Guide as an Oracle prerequisite. Resolution: Oracle partitioning is now documented in the section "Oracle database prerequisites > Partitioning". – – Issue: The modification of the Oracle Database URL is not taken into account when using the installer's Configure function. Resolution: The Configuration tool can update the database URL properly. – – Issue: PassPort installed on AIX does not support TLSv1.2 in SSO mode. Resolution: Now the connection between PassPort and Electronic Signature can be restricted to TLS 1.2 on AIX. – RDESIGN-165 Issue: On Solaris, the MFT scripts may not correctly resolve the EBICS install directory. Resolution: Now the MFT scripts work correctly on Solaris. – RDESIGN-458 Issue: Performance issue when storing user certificates in the database that could lead to an out of memory error. Resolution: Now issue is resolved and the initialization of multiple users will not lead to an out of memory error. – RDESIGN-78 Issue: The logs cannot show the correct level of service pack or path. Resolution: Now the logs will always show the correct level of product version. Known issues Case ID Internal ID Description – D-101855 The default TLS cipher suite names are not compatible with the IBM JRE on AIX After installation, the TLS cipher suites present in the configuration.properties file must be modified to replace TLS with SSL. This affects both the server.ssl.supportedCipherSuites and conf.supportedCipherSuites options. For example: NOT AIX Compliant: <prefix>.supportedCipherSuites=TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA AIX Compliant: <prefix>.supportedCipherSuites=SSL_RSA_WITH_AES_256_CBC_SHA256,SSL_RSA_WITH_AES_128_CBC_SHA256,SSL_RSA_WITH_AES_256_CBC_SHA,SSL_RSA_WITH_AES_128_CBC_SHA 00895521 RDESIGN-1250 Whenever the Configuration tool is used, any manual changes that had been made in the Secure Relay configuration file are lost. This issue is fixed in version 2.10.1. Adobe Flash Player end of life On 31 December 2020, Adobe stopped the support and distribution of Flash Player. New versions of web browsers no longer support Flash Player from this date. Electronic Signature 2.10.0 however still requires Flash. Recommended solution Upgrade to Electronic Signature version 2.13. This new version uses an HTML5-based interface and does not require Flash Player. Alternative, temporary solutions As a temporary solution, you can use one of the following workarounds to continue to use Electronic Signature 2.10.0: Make sure your web browser allows you to run Flash Player after 31 December 2020 and block automatic updates.Check the version of the Flash Player plugin that you are currently using. The highest version you should use is 32.0.0.371. Later versions will no longer work after 31 December 2020.If you are running a higher version, downgrade to 32.0.0.371. Freeze your configurations and environments to avoid any accidental update of the Flash Player plugin and the associated web browsers. Use the Axway Desktop Client packaged solution, that links to your pepflashplayer.dll (version 32.0.0.371 or below). This will allow you to continue to use Electronic Signature. For details, refer to the Axway Desktop Client User Guide (restricted content — login required). Purchase your own Flash Player license from Harman. If in any doubt, contact Axway Support for advice. Documentation This section describes documentation enhancements and related documentation. Documentation enhancements This release of Electronic Signature includes the following documentation changes: Installation Guide: Updated to reflect the change to the new installer. All configuration information has been moved to the Administrator Guide. Upgrade Guide: This is a new guide that explains how to upgrade Electronic Signature to the latest version. Administrator Guide: This guide now includes all configuration information, both for initial installation after installing Electronic Signature and for changing the configuration at a later stage. Security Guide: Updated to include new security information relating to connections secured by TLS. Electronic Signature documentation set The Electronic Signature 2.10.0 documentation set includes the following documents: Release Notes Administrator Guide Installation Guide Upgrade Guide User Guide Security Guide (restricted content — login required) All these documents, including PDF versions, are available on the Axway Documentation portal. Quickly find all manuals Go to the Product Manuals page. Under Filters, select your product version. Related documentation The following reference documents are available on the Axway Documentation portal at https://docs.axway.com Axway Supported Platforms Lists the different operating systems, databases, browsers, and thick client platforms supported by each Axway product. Axway Interoperability Matrix Provides product version and interoperability information for Axway products. Support services The Axway Global Support team provides worldwide 24 x 7 support for customers with active support agreements. Email support@axway.com or visit Axway Support at https://support.axway.com.