SignServer 5.8.2 Release Notes
FEBRUARY 2022
The PrimeKey SignServer team is pleased to announce the release of SignServer 5.8.2.
This minor release is mainly an upgrade of the log4j library to the latest version of Log4j 2. In addition, some error corrections and improvements are included.
Highlights
Log4j Upgrade
As has been stated before, SignServer was never vulnerable to CVE-2021-44228 nor the subsequent findings due to the fact that SignServer handles logging through JBoss EAP/WildFly, merely facilitated by the Log4j API. Log4j version 1 has been included in the source mainly as a building block and not used in the main deployment, and is only ever directly referenced from the CLI, but will hence still trip automatic vulnerability scanners. As we understand that some of our customers need to comply with auditors and other regulatory authorities, we have decided to accelerate the planned upgrade of Log4j to the latest release in order to dissolve any questions about SignServer being vulnerable.
Upgrade Information
Review the SignServer Upgrade Notes for important information about this release. For upgrade instructions, see Upgrade SignServer.
Change Log: Resolved Issues
For full details of fixed bugs and implemented features in SignServer 5.8.2, refer to our JIRA Issue Tracker.
Issues Resolved in 5.8.2
Released February 2022
New Features
DSS-2334 - System tests using already configured Peers connection
Improvements
DSS-2403 - Update documentation for WildFly 24
DSS-2424 - Upgrade log4j library
DSS-2206 - CESeCore Merge: Configure full Azure Key Vault Name which would include the DNS FQDN
DSS-2418 - Upgrade JackNJI11 to include "Keep memory in template" fix
DSS-2427 - Unduplicate P11NG CLI code both in P11NG-Common and P11NG-CLI
DSS-2431 - Upgrade SLF4J
Bug Fixes
DSS-1773 - P11NG CLI - 'oneTimePerformanceTest' action with ShortLived RSA key causes process crash
DSS-2409 - Apache HttpClient not deployed with signserver.ear unless peers module included
DSS-2411 - Public key objects not removed with P11NG removeKey method
DSS-2413 - Key objects created when generating a wrapped key not explicitly removed
DSS-2414 - Unwrapped key not released properly after generating CSR
DSS-2416 - Unit test signature verification not checked properly in CMSSignerUnitTest