Release 3.3.1131

Updated: 15 Oct 2019
Release date: 21 Aug 2019
Created: 15 Oct 2019

Contents

Enhancements to existing functions

  1. Support for curves X25519 and ED25519 (Added new options for encrypting keys)
  2. Trusted Certificate Authority (CA) authentication will now check for certificate expiry
  3. Improved workflow when creating new objects
  4. Rotation history for Security Objects
  5. Distinguish Groups with External Roles Mapped

Bug Fixes
Quality of Life improvements

Enhancements to existing functions

Support for curves X25519 and ED25519 (Added new options for encrypting keys)

  • X25519 is an elliptic curve Diffie-Hellman key exchange using Curve25519. It allows two parties to jointly agree on a shared secret using an insecure channel.
  • ED25519 is an elliptic curve signing algorithm using EdDSA and Curve25519.

This release will introduce support for the above algorithms. Users will now be able to select from additional cryptographic algorithms when encrypting security objects. To create a security object encrypted with elliptic curve (X25519 and ED25519),

  1. Go to Security Object page.
  2. Create a Security Object.
  3. Select Generate, choose EC as the type.
  4. In the Curve drop-down, choose either X25519 or ED25519.

ECsupport

Back to top

Trusted Certificate Authority (CA) authentication will now check for certificate expiry

trustedCA
When creating a new App, users will be prompted to choose an Authentication method. One of the methods is via Trusted CA. Following this release, when users upload a trusted CA certificate, a validation check will be triggered to verify that the certificate has not expired. Previously, there was no validation check for expiry. To access this page,

  1. Go to Apps page.
  2. Create a new App.
  3. Under Authentication method, select Trusted CA.

Back to top

Improved workflow when creating new objects

The Create Group workflow has been improved. Now, users can create objects from the group page. From the Group page, create a new Group. The following screen will be displayed. impworkflow
Clicking on any of the Add New Object buttons will bring the user to the create object page. Previously, this workflow was linear and wizard-based, the user would be prompted to create group > create app > create plugin and so on. By eliminating the wizard, the user can choose to skip to create any other object after the group is created. The new object will be automatically assigned to this group.

Back to top

Rotation history for Security Objects

Users will now be able to see the rotation history of a Security Object. When Security Objects are rotated, a new Security Object is created with the same name. An icon is displayed in the table view to indicate that the object has been rotated. The old pre-rotated Security Object is renamed with the following format «security object name»-replaced-by-«new rotated object UUID». rotHistory
For example, SQL_Server_Key3 is the Security Object being rotated.

  1. The first rotation renamed the original object to “SQL_Server_Key3-replaced-by-c3bd5285-0268-4b44-a12c-7ec2d2b36587”. This is the original object before any operation was performed on it. The rotation created a new object with the UUID c3bd5285-0268-4b44-a12c-7ec2d2b36587.
  2. This is the rotated object (UUID c3bd5285-0268-4b44-a12c-7ec2d2b36587) that was created from 1. Another rotate key operation was performed on it. The second operation renamed this object to “SQL_Server_Key3-replaced-by-0e2909f9-39f2-4e6a-a52b-ede14b06b22f”. This rotation created a new object with the UUID 0e2909f9-39f2-4e6a-a52b-ede14b06b22f.
  3. This is the rotated object (UUID 0e2909f9-39f2-4e6a-a52b-ede14b06b22f) created from 2. It is the newest rotated object. It takes the name of the original object – “SQL_Server_Key3”. rotKey
    Clicking on the object will show you the details relating to key rotation such as:
    • Name of Security Object that was rotated to create the current object
    • UUID of current object

Back to top

Distinguish Groups with External Roles Mapped

An icon has been added to Groups table that explicitly shows when external roles have been mapped. grps

Back to top

Bug Fixes

  • Fixed a bug where the Save button was not disabled when there are no changes when editing a security object. The correct behavior should be: when there are no changes, users should not be able to click on the Save button.
  • Fixed a bug where the tool tip for Oauth was not displaying in App info.
  • Removed “Clear” button when trying to Searching/Filtering by Expiry date. This button was non-functional.
  • Fixed an overflow error in Invoke Plugin output.

Back to top

Quality of Life improvements

  • For Log management (under Account Settings), when an integration is disabled, all settings for the integration will be greyed out (no longer editable). This screen can be accessed from Account Settings, select Log Management, if there is an editable integration, click on Edit Configuration.
    ECsupport

  • Under Account Settings > Log Management > Syslog – Add Integration (or Edit Configuration), when Custom CA Certificate is selected, the text area to upload the file will now extend all the way to the right. Previously, the text area only occupied a portion of the screen which is not an efficient use of the screen space.
    ECsupport

Back to top