UCMS 4.19 / UP 2.14 Release Notes

4.18.0

PM-8312

Support for YubiKey Firmware 5.7.1

The YubiKey firmware version 5.7.1 brings a number of significant changes and improvements that are now supported by the personalization process that Axiad Conductor / UCMS uses to enable secure lifecycle management of the devices. Axiad continues to support older YubiKey versions alongside the newer versions and this does not bring any breaking changes to your YubiKey experience.

Configuration Change

To support the new YubiKey version along with the older versions, you must change to YK Version parameter to 5.7.1. View more information about this parameter here.

4.19.0

PM-7033

Add session identifier in logger extension for easier log traceability. To enable this, you must update the Log4j2.xml configuration file.

PM-8768

Support for Luna HSM 10.5.0+

Backward Compatibility

UCMS 4.19 is NOT backwards compatible with older versions of the client Luna HSM versions and requires a minimum version of 10.5.0-470 for the Commercial version, and 7.13.2 for the government version.

View installation changes here

PM-8538

New API endpoints added

Prerequisite for 4.19+

For versions 4.19+, you must add privileges for the following APIs for the Role to which a bearer token (for UP) was generated:

• GET /api/v2/devices/start/<process>/<key>

• POST /api/v2/devices/next

PM-6737

UCMS will now enforce that the Certificate Server Name is unique in each configuration

When upgrading UCMS, any duplicate names are automatically updated with a counter following the name, e.g. ServerName, ServerName1, ServerName2, etc.

PM-6754

Removed the private key alias and private key password fields from IdenTrust Credential Server configuration as they are not used by this connector.

PM-6755

Removed the signer certificate alias, signer certificate password, and wrapping certificate alias fields from IDnomic ID-PKI Credential Server configuration as they are not used by this connector.

PM-8314

New Authority ID field added to the PrimeKey EJBCA Credential Server configuration to capture the necessary value. When upgrading UCMS, the field will automatically populate with the CA name. New configurations will require setting this value before saving the configuration.

4.19.0

PM-6613

User search in Operator Portal now works properly when searching for users previously imported through the migration tool

PM-7567

CA connects successfully when configured with FIPS LunaHSM with updated Java version.

See specific requirements for the fips.mode parameter here

2.14.0

PM-8580

Local Logout from Unified Portal

Operators can choose whether users log out from only the Axiad Unified Portal or out of their entire IdP (SAML) session. View the setting and additional information here

2.14.0

PM-7697

On the Helpdesk > Users page, when opening the user Details, the field Username (UPN) is changed to Username

PM-8115

Detailed login and logout events added to the audit log

2.14.1

PM-10346

Local logout setting respected when portal.timeout.idle is hit

PM-10154

User is able to reauthenticate with UP after session times out

PM-9858

Users are no longer presented with a spinning wheel when accessing UP without using the login URL first

PM-8081

"Unassign" option appears only once for imported devices

2.14.0

PM-8125

Error message updated when issuance fails due to unsupported device or invalid PIN to be more helpful

PM-7813

Updated notification verbiage if one of the credentials on an enrolled device has expired:

• Previous message: "Your device has expired, please renew now."

• New message: "One of the credentials mapped to device is expired, please renew now."

PM-8544

Enrolling a virtual smart card when there are no existing devices enrolled no longer leads to a loading loop

2.14.1

PM-10375

Addressed vulnerabilities: CVE-2023-44487, CWE-79, CVE-2024-4067, CVE-2024-52316