- 11 Apr 2025
- 2 Minutes to read
- Print
- DarkLight
- PDF
Axiad Conductor for Airgap Deployment 4.20 / 2.15 Release Notes
- Updated on 11 Apr 2025
- 2 Minutes to read
- Print
- DarkLight
- PDF
Release Date: March 27, 2025
IMPORTANT INFORMATION ABOUT THESE RELEASE NOTES
These notes are for the following Axiad Conductor for Airgap Deployment product versions:
UCMS 4.20.x
Unified Portal 2.15.x
If you have any questions about these features or want to request a more in-depth discussion about the best way to leverage them, then reach out to us at productmanagement@axiad.com.
IMPORTANT
In this Axiad Conductor release, and moving forward, Java 17 is required, and Java 11 is no longer supported. Prior to upgrading Axiad, please ensure that you’re using Java 17 and JAVA_HOME is set to reflect the new version.
Database Schema
4.20.2 - Requires upgrade
4.20.3 - Requires upgrade
UCMS
Features
Version | Ref ID | Description |
---|---|---|
4.20.2 | PM-1380 | Axiad Operators can configure an HTML template to use for all outgoing email notifications See the updated settings here
|
PM-10467 | Added support for SafeNet eToken Fusion 5300 | |
PM-10193 | Added support for Gemalto IDPrime MD 930 cards with custom manufacturer key |
Enhancements
Version | Ref ID | Description |
---|---|---|
4.20.2 | PM-10065 | Upgrade to Java 17 and Spring Boot 3 See the note above about the Java upgrade |
PM-9178 | Add SHA256 digest in header to all RPMs | |
PM-10337 | Update logging to show ERROR message instead of WARN when the connection to the HSM Client becomes stale | |
PM-7653 | New option allows a user to replace a device without reissuing certificates that are both escrowed and still valid | |
PM-11431 | Each user project now has a Group attribute included when querying users through the SCIM endpoint | |
4.20.3 | PM-13546 TUTI-12954 | When fetching users, SCIM APIs can now optionally return membership information, i.e what SCIM group(s) the user belongs to. See the updated configuration steps in Create a SCIM User Source
|
Security Fixes
Version | Ref ID | Description |
---|---|---|
4.20.2 | PM-11246 | Addressed vulnerabilities: CVE-2024-38819, CVE-2024-38820 |
PM-9936 | Addressed vulnerabilities: CVE-2024-38809, CVE-2024-38808 | |
PM-9347 | Addressed vulnerabilities: CVE-2024-38816 | |
PM-13182 | Addressed vulnerabilities: CVE-2024-38828 | |
PM-10194 | Addressed vulnerabilities: CVE-2024-38821 | |
PM-13236 PM-13246 | Addressed vulnreabilities: CVE-2025-24813 |
Known Issues
Version | Ref ID | Description | Workaround |
---|---|---|---|
4.20.2 | — | (For PM-7653) In workflow transitions, UCMS pulls the existing encryption certificate, even if it is about to expire, forcing users to come back to update their device again, despite having recently updated them | Planned update in future release; user must update device again |
Unified Portal (UP)
Enhancements
Version | Ref ID | Description |
---|---|---|
2.15.2 | PM-10065 | Upgrade to Java 17 and Spring Boot 3 See the note above about the Java upgrade |
PM-2788 | When an Operator attempts to revoke a user’s device or credential, they are prompted to confirm the action before it is revoked. New UI: | |
PM-9360 | Expanded and clarified the language presented to users when creating a PIN Before: After: | |
PM-10171 | Operators can include custom links in end-of-lifecycle operation messages Learn how to add links to messages here
| |
2.15.3 | PM-13636 | Following the deprecation of the |
Bug Fixes
Version | Ref ID | Description |
---|---|---|
2.15.3 | PM-13537 | Users can now successfully log into the Axiad Unified Portal when federated with Microsoft Entra ID |
Known Issues
Version | Ref ID | Description | Workaround |
---|---|---|---|
2.15.2 | PM-13076 | Revoke confirmation message (PM-2788) does not display for imported service type credentials. | Planned update in future release |
PM-13368 | Logging into UP does not work with Axiad has deprecated this endpoint as of UCMS 4.20 / UP 2.15 | Log in using As of UCMS 4.20.3 / UP 2.15.3, you can use |
Upgrading to UCMS 4.20 / UP 2.15
Check out the upgrade considerations for this new version here
Note: You must be logged in to view this article