Skip to content

Release Notes Firmware

5.3.0.0 - Add partition auth remote management support

2024/09/22

Features

  • add PnAuth remote management support

  • add mod-OATH OCRA support

  • introduce hsm-generated ("local") storage-layer attribute

  • add mod_Blockchain BTC/LTC taproot/P2TR address support

  • throttle local console svc auto-recovery

  • improve local console PnAuth manager

  • add HTTP management mTLS support

  • unlock mod-core OBJ_ATTR_BCHAIN usage

  • add support to extra FIPS 186-5 ECDHE allowed groups

  • improve SVMK matching

  • add mod_Blockchain ed25519/curve25519 private key conversion support

  • improve auth-SA management infrastructure

  • improve RSA key generation

  • limit max Shamir/m-of-n N param

  • add HTTPS X.509 support flag

  • add blockchain sign and verify tools in console

  • add blob filter button in console

Cool

  • unblock local console lcrypt operations

  • set tls-bundle/x509-auth-sa IO handling edge cases

  • fix error when renaming object in console

  • disable maximum login attempts field in RM1 and RM2 in console

  • add optional password validation in PKCS#12 and PKCS#8 import in console

  • remove success alert when clicking cancel in the Ip Filter enablement confirmation dialog

5.2.0.0 - Improve web console layout

2024/07/11

Features

  • improve HSM database reset warning

  • block ds-bind over non-TLS sessions

  • deprecate ERR_CANNOT_GEN_ECC_CURVE

  • deprecate legacy low-level rcodes

  • deprecate legacy "continuous" rcodes

  • deprecate legacy ECC/DER rcodes

  • limit max Shamir/m-of-n N param

  • web console add blob filter button

  • web console layout review

Cool

  • TLM agent empty-binding regression

  • storage-layer tmp-obj creation race condition against replication PTLs

  • web console fix error when renaming object

5.1.1.0 - Validation Program

2024/07/11

  • Validation Program (BR)

5.1.0.0 - Local Crypto

2024/04/29

Features

  • introduce specialized blob listing infrastructure

  • optimize KMIP locate

  • optimize pkcs#11 find

  • optimize mod_SPB certificate/private-key matching

  • optimize pkcs#11 certificate/private-key matching

  • improve local console Partitiion Auth GUI

  • improve local console border breach supervisory circuit err handling

  • improve HSM database reset

  • improve local console audit logging

  • harden authentication paths against brute-forcing

  • improve OEM logs

  • improve usr/obj listing

  • add DNS config backup/restore support

  • deprecate legacy/unapproved NTP keys

  • improve replication live-sync

  • introduce local crypto partitions

  • add mod_XML ECDSA support

Cool

  • mod_Blockchain key opening err handling

  • mod_Pix JWS gen/verify key opening err handling

  • mod_TSP req key opening err handling

  • mod_EFTd LMK opening err handling

  • local console static bond route handling

  • TLM agent memory management regression

  • local console service auto-recovery edge-case handling

  • erase global sec-policy config on HSM db resets

  • local console reset spellings

  • replication-layer connectivity error handling

  • backup ip-filter/policy restore

  • net-config nic/bond setup state resetting

  • backup SNMP restore

  • backup syslog restore

  • backup default-gateway restore

  • backup nics/routes restore

  • ntp restore backup

  • pending backup img restore cleanup

  • add missing ds-agent refresh after live-sync

5.0.38.0 - Validation Program

2024/02/26

Features

  • Validation Program (BR)

5.0.37.0 - New blockchain sigs and add full AEAD support

2024/02/26

Features

  • add mod_Blockchain Stellar support

  • add mod_Blockchain Cardano support

  • add mod_Blockchain Terra Classic support

  • add mod_Blockchain blake2b-224 support

  • add mod_Blockchain SS58 support

  • add mod_Blockchain Polkadot support

  • add mod_Blockchain blake2b-256 support

  • add mod_Blockchain Tezos support

  • add mod_Blockchain Toncoin support

  • add mod_Blockchain Ed25519 SLIP10 key derivation support

  • add mod_Blockchain Ed25519 FPRV1 key derivation support

  • add curve alt_bn128 support

  • add mod_Blockchain Cosmos support

  • improve local console SNMP config editor

  • add "raw" RSA-enc OAEP/sha256 auto-detection support

  • add full AEAD support

  • improve OEM logs

  • optimize syslog usage

  • disable remote SNMP config on DMP builds

  • improve local console remote-management GUI

  • optimize storage/cache layers

Cool

  • local console fault on SVMK mismatches

  • a-token cache invalidation on partition removal

  • erase syslog config on HSM db resets

  • OEM log with duplicated audit msgs

  • locale setup edge-case

  • mod_Blockchain key-type validation

5.0.36.0 - Add new blockchain networks

2023/09/15

Features

  • add mod_Blockchain get-addr BTC P2SH support

  • add mod_Blockchain BIP32-Ed15519 key type support

  • add mod_Blockchain Fireblocks bip32 "fprv" extension support

  • add mod_Blockchain Hathor Network bip32 "htpr/tnpr" extension support

  • add mod_Blockchain bip32 xpub export support

  • add mod_Blockchain XRP Ledger support

  • simplify mod_SafeKeeping model

  • add mod_Blockchain Solana support

  • add mod_Blockchain Litecoin support

  • improve mod_Blockchain bip32-ed25519 xpub encoding

  • add mod_Blockchain "fprv" signing support

Cool

  • mod_SafeKeeping custody type handling

  • Algorand address case-sensitivity handling

  • enforce documented max blob size creation limit

5.0.35.0 - add suppor for Azure BYOK

2023/08/08

Features

  • add mod_Blockchain TRON support

  • optimize mod_Blockchain BIP32 CK handling

  • add mod_Blockchain RFC 6979 (Deterministic ECDSA) support

  • add kek-(un)wrap SP800-38F / RFC5649 KWP support

  • introduce mod_SafeKeeping

Cool

  • add ds-agent to OEM log dep report

  • local console m-of-n generation error handling edge-case

5.0.34.0 - Add remote config support

2023/07/05

Features

  • improve web console layout

  • add SNMP remote config setup support

  • improve cloud TLM binding replication logs

  • add remote NTP config management support

  • add syslog remote config setup support

  • add mod_SPB SOLUTI v5 CIP1 CA auto detection

  • add AAP kek-wrap RSAOAEP-SHA256

  • improve local console and service log integration

  • add local console fatal-faulting log

Cool

  • mod_core hash segment err handling

  • cloud TLM state management

  • missing SP800-57/KMIP AUP/umask emulation

  • missing AUP/pkcs11 virtualization

  • net-tools error msg

  • remote management buffer overflow

5.0.33.0 - EFT ANSI X9.24-2004 AES - Export support

2023/04/10

Features

  • add mod_EFT ANSI X9.24-2004 AES-Export support

  • add remote-management session-list tracking

  • audit log local console remote-management processed cmds

  • log remote-management connection TLS cipher-suite

  • improve RSA raw EMV padding handling

Cool

  • mod_EFT ANSI X9.24-2004 AES-Import HTTP bridge attr handling

  • (legacy) RSA signing core PSS SHA2/SHA3 padding validation

  • missing EdDSA SP800-57/KMIP umask emulation

  • service infinite recursion (full log/SNMP bad interaction)

5.0.32.0 - Key monitor for usage stats

2023/03/18

Features

  • web console keys monitor page

  • enable rsa4k in RM2

  • enable Edwards/Montgomery ECC in RM2

  • obsoleted SNMP privateKeyAccess trap

  • improve storage-layer performance

  • introduce obj usage stats

  • introduce global obj usage stats

  • decrease mod_core m-of-n split/recover usage cap

  • add partition obj count support

  • log sys uptime on local console exit

  • add specialized mod_EFT KCV calculation support

  • add mod_Blockchain Algorand support

Cool

  • rare trail subsystem state corruption

  • SNMP traps' tty corruption

  • global obj usage stats HTTP bridging

  • fix web console certificate import in .cer format

5.0.31.0 - Syslog hot setup

2023/01/18

Features

  • enable rebootless Syslog setup

  • add hot Syslog config support

5.0.30.0 - add pkcs#7 generator

2023/01/10

Features

  • add log authentication code (LAC) support

  • add ScReader to p11-info json

  • improve local console replication domain GUI

  • implement replication subsystem SNMP traps

  • improve local console invalid PIN error messages

  • add replication domain propagation support

  • add pkcs#7 generator in web console (for use in chains of pix apis)

  • improve user OATH interface in web console

Cool

  • set repl-domain on live-syncs

  • cloud TLM agent tampering handling

5.0.29.0 - Pix independent certificate multichain support

2022/11/29

Features

  • change HTTP console listing pages

  • improve HSM info pages on HTTP console

  • add Remote p11-info attribute

  • add DSA support

  • add DH support

  • add Syslog support

  • add Pix independent certificate multichain support

  • increase HTTP bridge PKCS#12 import memory capacity

  • add bonding mode info to HTTP bridge

  • disable backup and upack processing on unacknowledged boots

Cool

  • mod_Blockchain BIP32 XPRV TEST-NET key importing

  • add missing bond net-mask to mod_stat management notification

  • Pix SPB-certificate expiration validation

5.0.28.0 - Add ANSI X9.24-2004 AES-Import support

2022/09/09

Features

  • add mod_EFT ANSI X9.24-2004 AES-Import support

5.0.27.0 - EFTd configuration and opt-in

2022/08/15

Features

  • add mod_SPB raw encode/decode support

  • introduce remote eftd configuration and opt-in

5.0.26.0 - Add ARC5 support

2022/06/27

Features - remove get-info remote permission restrictions - add arc5 support

5.0.25.0 - Introduce module Blockchain

2022/05/10

Features

  • enable legacy RSA op on RM1

  • introduce module Blockchain

Cool

  • HTTP bridge repl-cross-check json generation

5.0.24.0 - Improve TLS setup

2022/04/29

Features

  • improve service TLS setup

  • add Soluti to mod_SPB valid CA list (SecManual v5.03)

Cool

  • add missing KMIP kpair creation SNMP trap

5.0.23.0 - SPB v3 ms 5.01

2022/01/21

Features

  • add mod_EFT TR31 support
  • implement SPB SecV3 GCM IV/Nonce v5.01
  • improve ds-agent policy-manager stats
  • improve mod_PIX certificate/chain/pkcs7 handling

5.0.22.0 - OATH legacy fqn support

2021/12/06

Features

  • workaround module OATH legacy max-obj-id (SC FQN support)

Cool

  • module core HSM mode cache initialization/usage
  • module SPB SecV3 GCM tag handling edge-case

5.0.21.0 - Tune log flushing

2021/11/09

Features

  • tune log flushing

  • increase SBP v3 GCM IV

5.0.20.0 - Fix ICC certificate handling

2021/09/09

Cool

  • EMV Book 2 ICC Public Key Certificate recovered data handling

5.0.19.0 - Improve EMV Book 2 ICC Public Key Certificate support

2021/08/05

Features

  • add RSA-1536 and RSA-1976

Cool

  • EMV Book 2 ICC Public Key Certificate generation

5.0.18.0 - Add EMV Book 2 v4.3 SP #208 support

2021/08/02

Features

  • deprecate MOD_EFT_KEK_EXPORT_LMK operation

  • implement EMV Book 2 v4.3 Specification Bulletin No 208

Cool

  • MOD_EFT_KEK_IMPORT key length calculation regression

5.0.17.0 - Improve RSA Sign PSS handling

2021/07/22

Features

  • add RSA sign PSS salt-len-md support

5.0.16.0 - Add support for SPB v3

2021/07/15

Features

  • implement GEN6R1 certificate auto-updating
  • add mod_SPB SecV3/AES support
  • New GUI layout for web console.
  • improve mod_SPB CIP1 CA detection

Cool

  • master usr ERR_CANNOT_DEMOTE_MASTER sys ACLs handling

5.0.15.0 - Fix JWS check

2021/05/10

Features

  • operate JWS check up to rsa8k

Cool

  • JWS-CHECK base64-url special chars' handling

5.0.14.0 - Add new CIP AKID

2021/05/10

Features

  • add CIP1 AC VALID BRASIL v5 AKID