Difference between revisions of "PKI Open Source History 2016"

From Dogtag
Jump to: navigation, search
(Dogtag Certificate Server 10.3.3                      [06/21/2016])
(Dogtag Certificate Server 10.3.0 (Alpha 1)       [03/07/2016])
Line 48: Line 48:
 
      
 
      
 
     and compose the following list.
 
     and compose the following list.
 +
 +
<font size="+1"><b>Server Platforms:</b></font>
 +
    <table border=1>
 +
    <tr>
 +
    <th>Platform</th>
 +
    <th>10.3.0.a1</th>
 +
    </tr>
 +
    <tr>
 +
    <td>32-bit Fedora 24 (i686)</td>
 +
    <td><center>X</center></td>
 +
    </tr>
 +
    <tr>
 +
    <td>64-bit Fedora 24 (x86_64)</td>
 +
    <td><center>X</center></td>
 +
    </tr>
 +
    <tr>
 +
    <td>32-bit Fedora 25 (i686)</td>
 +
    <td><center>X</center></td>
 +
    </tr>
 +
    <tr>
 +
    <td>64-bit Fedora 25 (x86_64)</td>
 +
    <td><center>X</center></td>
 +
    </tr>
 +
    </table>
  
 
== Dogtag Certificate Server 10.3.0 (Alpha 2) &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;[04/07/2016] ==
 
== Dogtag Certificate Server 10.3.0 (Alpha 2) &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;[04/07/2016] ==

Revision as of 05:17, 23 June 2016

Open Source History (2016)

Dogtag Certificate Server 10.3.0 (Alpha 1)       [03/07/2016]

Dogtag Certificate System 10.3.0.a1 represents the first alpha of Dogtag 10.3, and is associated with Fedora 24.

Project Name:

  • Dogtag Certificate System 10.3.0.a1

Releases:

  • [03/07/2016] Dogtag Certificate Server 10.3.0.a1 [32-bit & 64-bit Fedora 24]

Packages

  • Fedora 24
    • dogtag-pki-10.3.0.a1-1.fc24 [2016-03-08]
    • dogtag-pki-theme-10.3.0.a1-1.fc24 [2016-03-07]
    • pki-core-10.3.0.a1-2.fc24 [2016-03-23]
    • pki-console-10.3.0.a1-1.fc24 [2016-03-08]
  • Fedora 25
    • dogtag-pki-10.3.0.a1-1.fc25 [2016-03-08]
    • dogtag-pki-theme-10.3.0.a1-1.fc25 [2016-03-07]
    • pki-core-10.3.0.a1-2.fc25 [2016-03-23]
    • pki-console-10.3.0.a1-1.fc25 [2016-03-08]

Upgrade Notes:

After running fedup, simply use dnf (as necessary) to update existing packages.

PKI Instance updates from 10.2 to 10.3.0.a1 are not supported.

Highlights since Dogtag 10.2.6

The primary purpose of Dogtag 10.3 was to continue adding features and stream-lining the java Tomcat-based TPS process that was created in Dogtag 10.2.

The numerous tickets fixed during this particular phase can be found in the specified milestones of the PKI TRAC Ticket Instance:

  • 10.3.0.a1 - page 12 (15 tickets)
  • 10.3 - page 12 (64 tickets)

Detailed Changes since Dogtag 10.2.6

The following list of dependencies was gleaned from the following procedure (which includes tickets from the 10.3 and 10.3.0.a1 milestones):

   Dogtag 10_3:      [08/08/2015[ (master --> 10.3.0-0.1)
   Dogtag 10.3.0.a1: [03/07/2016] (master --> end of 10.3.0.a1)
   
   Run the following commands on the "master" branch:
   
       # git --no-pager log --since "08/08/2015" --until "03/07/2016" > ../history_10.3.0.a1
   
   and compose the following list.

Server Platforms:

Platform 10.3.0.a1
32-bit Fedora 24 (i686)
X
64-bit Fedora 24 (x86_64)
X
32-bit Fedora 25 (i686)
X
64-bit Fedora 25 (x86_64)
X

Dogtag Certificate Server 10.3.0 (Alpha 2)       [04/07/2016]

Dogtag Certificate System 10.3.0.a2 represents the second alpha of Dogtag 10.3, and is associated with Fedora 24.

Project Name:

  • Dogtag Certificate System 10.3.0.a2

Releases:

  • [04/07/2016] Dogtag Certificate Server 10.3.0.a2 [32-bit & 64-bit Fedora 24]

Packages

  • Fedora 24
    • dogtag-pki-10.3.0.a2-1.fc24 [2016-04-07]
    • dogtag-pki-theme-10.3.0.a2-1.fc24 [2016-04-07]
    • pki-core-10.3.0.a2-2.fc24 [2016-04-09]
    • pki-console-10.3.0.a2-1.fc24 [2016-04-08]
  • Fedora 25
    • dogtag-pki-10.3.0.a2-1.fc25 [2016-04-07]
    • dogtag-pki-theme-10.3.0.a2-1.fc25 [2016-04-07]
    • pki-core-10.3.0.a2-2.fc25 [2016-04-09]
    • pki-console-10.3.0.a2-1.fc25 [2016-04-08]

Upgrade Notes:

After running fedup, simply use dnf (as necessary) to update existing packages.

PKI Instance updates from 10.2 or 10.3.0.a1 to 10.3.0.a2 are not supported.

Highlights since Dogtag 10.3.0.a1

The primary purpose of Dogtag 10.3 was to continue adding features and stream-lining the java Tomcat-based TPS process that was created in Dogtag 10.2.

The numerous tickets fixed during this particular phase can be found in the specified milestones of the PKI TRAC Ticket Instance:

  • 10.3.0.a2 - pages 11-12 (16 tickets)

Detailed Changes since Dogtag 10.3.0.a1

The following list of dependencies was gleaned from the following procedure:

   Dogtag 10.3.0.a2: [03/08/2016] (master --> beginning of 10.3.0.a2)
                     [04/07/2016] (master --> end of 10.3.0.a2)
   
   Run the following commands on the "master" branch:
   
       # git --no-pager log --since "03/08/2016" --until "04/07/2016" > ../history_10.3.0.a2
   
   and compose the following list.

Dogtag Certificate Server 10.3.0 (Beta 1)        [04/19/2016]

Dogtag Certificate System 10.3.0.b1 represents the first beta of Dogtag 10.3, and is associated with Fedora 24.

Project Name:

  • Dogtag Certificate System 10.3.0.b1

Releases:

  • [04/19/2016] Dogtag Certificate Server 10.3.0.b1 [32-bit & 64-bit Fedora 24]

Packages

  • Fedora 24
    • dogtag-pki-10.3.0.b1-1.fc24 [2016-04-18]
    • dogtag-pki-theme-10.3.0.b1-1.fc24 [2016-04-18]
    • pki-core-10.3.0.b1-1.fc24 [2016-04-19]
    • pki-console-10.3.0.b1-1.fc24 [2016-04-19]
  • Fedora 25
    • dogtag-pki-10.3.0.b1-1.fc25 [2016-04-18]
    • dogtag-pki-theme-10.3.0.b1-1.fc25 [2016-04-18]
    • pki-core-10.3.0.b1-1.fc25 [2016-04-19]
    • pki-console-10.3.0.b1-1.fc25 [2016-04-19]

Upgrade Notes:

After running fedup, simply use dnf (as necessary) to update existing packages.

PKI Instance updates from 10.2, 10.3.0.a1, or 10.3.0.a2 to 10.3.0.b1 are not supported.

Highlights since Dogtag 10.2.6

The primary purpose of Dogtag 10.3 was to continue adding features and stream-lining the java Tomcat-based TPS process that was created in Dogtag 10.2.

The numerous tickets fixed during this particular phase can be found in the specified milestones of the PKI TRAC Ticket Instance:

  • 10.3.0.b1 - page 11 (7 tickets)

Detailed Changes since Dogtag 10.3.0.a2

The following list of dependencies was gleaned from the following procedure:

   Dogtag 10.3.0.b1: [04/08/2016] (master --> start of 10.3.0.b1)
                     [04/19/2016] (master --> end of 10.3.0.b1)
   
   Run the following commands on the "master" branch:
   
       # git --no-pager log --since "04/08/2016" --until "04/19/2016" > ../history_10.3.0.b1
   
   and compose the following list.

Dogtag Certificate Server 10.3.1                      [05/17/2016]

Dogtag Certificate System 10.3.1 represents the first release of Dogtag 10.3, and is associated with Fedora 24.

Project Name:

  • Dogtag Certificate System 10.3.1

Releases:

  • [05/17/2016] Dogtag Certificate Server 10.3.1 [32-bit & 64-bit Fedora 24]

Packages

  • Fedora 24
    • dogtag-pki-10.3.1-1.fc24 [2016-05-17]
    • dogtag-pki-theme-10.3.1-2.fc24 [2016-05-17]
    • pki-core-10.3.1-1.fc24 [2016-05-17]
    • pki-console-10.3.1-1.fc24 [2016-05-17]
  • Fedora 25
    • dogtag-pki-10.3.1-1.fc25 [2016-05-17]
    • dogtag-pki-theme-10.3.1-2.fc25 [2016-05-17]
    • pki-core-10.3.1-1.fc25 [2016-05-17]
    • pki-console-10.3.1-1.fc25 [2016-05-17]

Upgrade Notes:

After running fedup, simply use dnf (as necessary) to update existing packages.

PKI Instance updates from 10.3.0.a1, 10.3.0.a2, or 10.3.0.b1 to 10.3.1 are not supported.

Highlights since Dogtag 10.3.0.b1

The primary purpose of Dogtag 10.3 was to continue adding features and stream-lining the java Tomcat-based TPS process that was created in Dogtag 10.2.

The numerous tickets fixed during this particular phase can be found in the specified milestones of the PKI TRAC Ticket Instance:

  • 10.3.1 - page 11 (51 tickets)

Detailed Changes since Dogtag 10.3.0.b1

The following list of dependencies was gleaned from the following procedure:

   Dogtag 10.3.1:    [04/20/2016] (master --> start of 10.3.1)
                     [05/17/2016] (master --> end of 10.3.1)
   
   Run the following commands on the "master" branch:
   
       # cd pki
       
       # git --no-pager log --since "04/20/2016" --until "05/17/2016" > ../history_10.3.1
       
       # cd ..
       
       # grep "Author:" history_10.3.1 | sort -u
       Author: Ade Lee <alee@redhat.com>
       Author: Christina Fu <cfu@redhat.com>
       Author: Endi S. Dewata <edewata@redhat.com>
       Author: Fraser Tweedale <ftweedal@redhat.com>
       Author: Jack Magne <jmagne@dhcp-16-206.sjc.redhat.com>
       Author: Matthew Harmsen <mharmsen@pki.usersys.redhat.com>
       Author: Matthew Harmsen <mharmsen@redhat.com>
       
       # vi 10.3.1.log
         * alee
         * cfu
         * edewata
         * ftweedal
         * jmagne
         * mharmsen
       
   From history_10.3.1, manually add tickets/check-ins per user to 10.3.1.log to compose the following list.
  • alee (7)
    • 1247 - Fix error output when request is rejected
    • 2041 - Add authz realm check for cert enrollment
    • 2041 - Add migration script for realm changes in registry.cfg
    • 2043 - Add CLI to check system certificate status
    • 2043 - Add validity check for the signing certificate in pkispawn
    • Fix existing ca setup to work with HSM
    • Fix problem in creating certificate requests
  • cfu (2)
    • 1508 - Missing token prefix for connectors in TPS Installation with HSM
    • 2303 - Key recovery fails with KRA on lunaSA
  • edewata (29)
    • 1290 - Updated default TPS token state transitions.
    • 1654 - Added log messages for pre-op mode.
    • 1667 - Renamed pki-server ca-db-upgrade to db-upgrade.
    • 1736 - Removed unused code for existing CA installation.
    • 2043 - Fixed pki-server subsystem-cert-validate command.
    • 2261 - Fixed TPS UI navigation.
    • 2262 - Fixed TPS UI navigation.
    • 2264 - Removed unused TPS user fields and group.
    • 2265 - Removed unused TPS user fields and group.
    • 2266 - Removed unused TPS user fields and group.
    • 2268 - Replaced TPS OP_DO_TOKEN activity.
    • 2278 - Renamed CS.cfg.in to CS.cfg.
               - Simplified slot substitution.
               - Added deployment parameters for number ranges.
    • 2286 - Refactored TokenStatus enumeration.
               - Renamed token status TEMP_LOST to SUSPENDED.
    • 2287 - Added token status UNFORMATTED.
               - Added warning message for token reuse.
    • 2288 - Renamed token status READY to FORMATTED.
               - Renamed token status UNINITIALIZED to READY.
    • 2296 - Fixed token status search filter.
    • 2304 - Removed default certificate validity delay.
    • 2312 - Fixed missing CSR extensions for external CA case.
    • Added TPSCertRecord.getSerialNumberInBigInteger().
    • Moved TPSTokendb.tdbGetTokenEntry() invocations.
    • Added TPSTokendb.revokeCert() and unrevokeCert().
    • Fixed activity logs for certificate revocations.
    • Updated TPS UI version number.
    • Removed unused variables in deployment scriptlets.
    • Fixed build issue with apache-commons-codec 1.8.
    • Fixed problem uninstalling standalone KRA.
    • Fixed duplicate executions of finalization scriptlet.
    • Fixed install-only message in external CA case.
    • Fixed error handling ConfigurationUtils.handleCertRequest().
  • ftweedal (8)
    • 1618 - Lightweight CAs: add issuer DN and serial to AuthorityData
    • 1625 - Lightweight CAs: fix bad import in key retriever script
               - Lightweight CAs: accept "host-authority" as valid parent
               - Lightweight CAs: allow specifying authority via ProfileSubmitServlet
               - Lightweight CAs: add IPACustodiaKeyRetriever
               - Lightweight CAs: add key retrieval framework
               - Add ca-authority-key-export command
               - Add method CryptoUtil.importPKIArchiveOptions
               - Lightweight CAs: authority schema changes
    • 1667 - Add pki-server ca-db-upgrade command
    • 2301 - Fix NSSDB certificate search method
    • 2317 - Reject cert request if resultant subject DN is invalid
    • 2321 - Support certificate search by issuer DN.
    • 2322 - Include issuer DN in CertDataInfo
    • Lightweight CAs: add missing authoritySerial attr to default schema
  • jmagne (3)
    • 1636 - TPS auth special characters fix.
    • 1921 - Update default values of connectionTimeout to format smart cards
    • Enhance tkstool for capabilities and security
  • mharmsen (6)
    • 856 - Fixed incorrect clone installation summary
    • 1669 - Fixed adminEnroll servlet browser import issue
    • 2248 - Removed pkidaemon support of apache instances
    • 2249 - fix bashisms
    • 2306 - Detect inability to submit ECC CSR on Chrome
    • 2323 - Added Chrome keygen warning

Dogtag Certificate Server 10.3.2                      [06/07/2016]

Dogtag Certificate System 10.3.2 represents the second release of Dogtag 10.3, and is associated with Fedora 24.

Project Name:

  • Dogtag Certificate System 10.3.2

Releases:

  • [06/07/2016] Dogtag Certificate Server 10.3.2 [32-bit & 64-bit Fedora 24]

Packages

  • Fedora 24
    • dogtag-pki-10.3.2-1.fc24 [2016-06-07]
    • dogtag-pki-theme-10.3.2-2.fc24 [2016-06-08]
    • pki-core-10.3.2-4.fc24 [2016-06-13]
    • pki-console-10.3.2-2.fc24 [2016-06-08]
  • Fedora 25
    • dogtag-pki-10.3.2-1.fc25 [2016-06-07]
    • dogtag-pki-theme-10.3.2-2.fc25 [2016-06-08]
    • pki-core-10.3.2-4.fc25 [2016-06-13]
    • pki-console-10.3.2-2.fc25 [2016-06-08]

Upgrade Notes:

After running fedup, simply use dnf (as necessary) to update existing packages.

PKI Instance updates from 10.3.0.a1, 10.3.0.a2, or 10.3.0.b1, to 10.3.2 are not supported.

Highlights since Dogtag 10.3.1

The primary purpose of Dogtag 10.3 was to continue adding features and stream-lining the java Tomcat-based TPS process that was created in Dogtag 10.2.

The numerous tickets fixed during this particular phase can be found in the specified milestones of the PKI TRAC Ticket Instance:

  • 10.3.2 - page 11 (43 tickets)

Detailed Changes since Dogtag 10.3.2

The following list of dependencies was gleaned from the following procedure:

   Dogtag 10.3.2:    [05/18/2016] (master --> start of 10.3.2)
                     [06/05/2016] (master --> end of 10.3.2)
   
   Run the following commands on the "master" branch:
   
       # cd pki
       
       # git --no-pager log --since "05/18/2016" --until "06/05/2016" > ../history_10.3.2
       
       # cd ..
       
       # grep "Author:" history_10.3.2 | sort -u
       Author: Ade Lee <alee@redhat.com>
       Author: Christina Fu <cfu@redhat.com>
       Author: Endi S. Dewata <edewata@redhat.com>
       Author: Fraser Tweedale <ftweedal@redhat.com>
       Author: Jack Magne <jmagne@dhcp-16-206.sjc.redhat.com>
       Author: Matthew Harmsen <mharmsen@pki.usersys.redhat.com>
       Author: Matthew Harmsen <mharmsen@redhat.com>
       
       # vi 10.3.2.log
         * alee
         * cfu
         * edewata
         * ftweedal
         * jmagne
         * mharmsen
       
   From history_10.3.2, manually add tickets/check-ins per user to 10.3.2.log to compose the following list.
  • alee (7)
    • 1053 - Allow cert-find using revocation reasons
    • 1055 - Add revocation information to pki CLI output.
    • 1717 - Add option to modify ajp_host to pkispawn
    • 2254 - Add parameters to purge old published files
    • 2275 - Add parameters to disable cert or crl publishing
    • 2319 - Added pki-server kra-db-vlv-add, kra-db-vlv-del, kra-db-vlv-reindex
    • 2320 - Add commands to db-server to help with DB related changes
               - Added pki-server db-schema-upgrade
               - New VLV indexes for KRA including realm
               - Fix legacy servlets to check realm when requesting recovery
               - Change legacy requests servlet to check realm
               - Fix old KRA servlets to check realm
  • cfu (4)
    • 1665 - Cert Revocation Reasons not being updated when on-hold
               - In the CA, when revokeCert is called, make it possible to move from
                 on_hold to revoke.
               - In the servlet that handles TPS revoke (DoRevokeTPS), make sure it
                 allows the on_hold cert to be put in the bucket to be revoked.
               - there are a few minor fixes such as typos and one have to do with
                 the populate method in SubjectDNInput.java needs better handling of
                 subject in case it's null.
               - Note: This patch does not make attempt to allow agents to revoke
                 certs that are on_hold from agent interface. The search
                 filter needs to be modified to allow that.
    • 2352 - This patch allows KRA agent to list netkeyKeyRecovery requests
    • 2271 - Part2:TMS:removing/reducing debug log printout of data
               - Fields are zeroed out before being deleted in KRA request records
    • 2298 - [non-TMS] for key archival/recovery, not to record certain data in
                 ldap and logs
  • edewata (12)
    •  850 - Updated system certificate selftests.
    •  999 - Fixed problem submitting renewal request.
               - Fixed error reporting in RenewalProcessor.getSerialNumberFromCert().
    • 1434 - Added TPS UI for managing user certificates.
    • 2267 - Added TPS UI for managing user roles.
    • 2299 - Fixed truncated token activity message in TPS UI.
    • 2308 - Fixed cert enrollment problem with empty rangeUnit in profile.
    • 2312 - Fixed support for generic CSR extensions.
    • 2314 - Ignoring blank and comment lines in configuration files.
    • 2326 - Fixed error handling in ProxyRealm.
    • 2334 - Added TPS token state transition validation.
    • 2342 - Fixed invalid TPS VLV indexes.
               - Fixed hard-coded database name for TPS VLV indexes.
    • 2344 - Removed selftest interface from TPS UI.
  • ftweedal (9)
    • 1073 - Include serial of revoked cert in CertRequestInfo
    • 1625 - Lightweight CAs: remove pki-ipa-retrieve-key script
               - Lightweight CAs: generalise subprocess-based key retrieval
    • 1640 - Lightweight CAs: remove redundant deletePrivateKey invocation
    • 2293 - Retry failed key retrieval with backoff
               - Don't update obsolete CertificateAuthority after key retrieval
               - Limit key retrieval to a single thread per CA
    • 2327 - Lightweight CAs: add method to renew certificate
               - Lightweight CAs: renew certs with same issuer
    • 2328 - Lightweight CAs: remove NSSDB material when processing deletion
    • 2332 - Return 410 Gone if target CA of request has been deleted
    • 2343 - Fix LDAP schema violation when instance name contains '_'
    • 2351 - Modify ExternalProcessKeyRetriever to read JSON
  • jmagne (2)
    • 1512 - Show KeyOwner info when viewing recovery requests.
    •  801 - Port symkey JNI to Java classes.
               - Merge pki-symkey into jss
  • mharmsen (1)
    • 1677 - Fix unknown TKS host and port connector error during TPS removal

Dogtag Certificate Server 10.3.3                      [06/21/2016]

Dogtag Certificate System 10.3.3 represents the third release of Dogtag 10.3, and is associated with Fedora 24.

Project Name:

  • Dogtag Certificate System 10.3.3

Releases:

  • [06/21/2016] Dogtag Certificate Server 10.3.3 [32-bit & 64-bit Fedora 24]

Packages

Upgrade Notes:

After running fedup, simply use dnf (as necessary) to update existing packages.

PKI Instance updates from 10.3.0.a1, 10.3.0.a2, or 10.3.0.b1, to 10.3.3 are not supported.

Highlights since Dogtag 10.3.2

The primary purpose of Dogtag 10.3 was to continue adding features and stream-lining the java Tomcat-based TPS process that was created in Dogtag 10.2.

The numerous tickets fixed during this particular phase can be found in the specified milestones of the PKI TRAC Ticket Instance:

  • 10.3.3 - page 10-11 (27 tickets)

Detailed Changes since Dogtag 10.3.2

The following list of dependencies was gleaned from the following procedure:

   Dogtag 10.3.3:    [06/06/2016] (master --> start of 10.3.3)
                     [06/21/2016] (master --> end of 10.3.3)
   
   Run the following commands on the "master" branch:
   
       # cd pki
       
       # git --no-pager log --since "06/06/2016" --until "06/21/2016" > ../history_10.3.3
       
       # cd ..
       
       # grep "Author:" history_10.3.3 | sort -u
       Author: Ade Lee <alee@redhat.com>
       Author: Amol Kahat <akahat@redhat.com>
       Author: Asha Akkiangady <aakkiang@redhat.com>
       Author: Christina Fu <cfu@redhat.com>
       Author: Endi S. Dewata <edewata@redhat.com>
       Author: Fraser Tweedale <ftweedal@redhat.com>
       Author: Jack Magne <jmagne@dhcp-16-206.sjc.redhat.com>
       Author: Matthew Harmsen <mharmsen@pki.usersys.redhat.com>
       Author: Matthew Harmsen <mharmsen@redhat.com>
       
       # vi 10.3.3.log
         * alee
         * akahat
         * aakkiang
         * cfu
         * edewata
         * ftweedal
         * jmagne
         * mharmsen
       
   From history_10.3.3, manually add tickets/check-ins per user to 10.3.3.log to compose the following list.
  • alee (4)
    • 1563 - Fix name fields in man pages for correct man -k output
    • 2318 - Add man page info for number range parameters
    • 2339 - Add man page entry for pki-server instance-cert-export command
    • Add man page and clarify CLI for kra-connector
  • akahat (3)
    • BZ 1339263 - Fixed --help option for instance-show, instance-start, instance-stop, instance-migrate, instance-nuxwdog-enable, instance-nuxwdog-disable.
    • BZ 1341953 - Fixed pki-server instance-start <instance> command. Fixed pki-server instance-stop <instance> command.
    • Added entry of pki-server instance-cert command in man page.
  • aakkiang (1)
    • 1579 - Removed test cases for authentication plugin UdnPwdDirAuth since this plugin will be removed from dogtag
  • cfu (3)
    • 2298 - Part 2 - exclude some ldap record attributes with key archival
    •          - Part 3 - trim down debug log in non-TMS crmf enrollments
    • 2346 - add patch to support SHA384withRSA signing algorithm
  • edewata (12)
    • 1276 - Fixed REST response format.
    • 2263 - Added TPS VLV management CLI.
    •          - Fixed TPS VLV sort orders.
    • 2269 - Added TPS VLV management CLI.
    •          - Fixed TPS VLV sort orders.
    • 2300 - Updated instructions to customize TPS token lifecycle.
    • 2342 - Fixed VLV usage in TPS token and activity services.
    • 2354 - Added TPS VLV management CLI.
    •          - Updated KRA VLV management CLI.
    •          - Fixed TPS VLV filters.
    • 2363 - Fixed Java dependency.
    •          - Added upgrade script to fix JAVA_HOME.
    • Added debugging log in ClientCertImportCLI.
    • Added pki pkcs12-cert-mod command.
    • Fixed problem with headerless PKCS #7 data.
    • Refactored SystemConfigService.processCerts().
    • Removed unused Tomcat 6 files.
  • ftweedal (1)
    • 2359 - Do not attempt cert update unless signing key is present
  • jmagne (4)
    • 1199 - Fix coverity warnings for 'tkstool'
    • 1579 - UdnPwdDirAuth authentication plugin instance is not working.
    • 2340 - Revocation failure causes AUDIT_PRIVATE_KEY_ARCHIVE_REQUEST
    • Comment server.xml about Enableocsp checking on KRA with CA's secure port shows self test failure.
  • mharmsen (1)
    • Spec file changes:
    • - Updated tomcat version dependencies
    • - Updated 'java', 'java-headless', and 'java-devel' dependencies to 1:1.8.0.
    • - Updated 'tomcatjss' dependencies
    • - Provided cleaner runtime dependency separation
    • - Updated resteasy packages for Fedora 25 and later