We are pleased to announce the release of EJBCA Software Appliance version 2.1.2.
This maintenance release includes several bug fixes and improvements.
CVE-2022-0778 has been reported for OpenSSL. The BN_mod_sqrt() function, which computes a modular square root in OpenSSL, contains a bug that can cause it to loop forever for non-prime moduli.
All Software Appliance components that use OpenSSL have been updated to prevent that bug.
Luna7 Driver Update
The Luna7 driver has been updated to version 10.4.0, which allows performing automatic RSA keygen mechanism remapping if using a Luna HSM 7.7.1 in non-FIPS mode.
Support Package Improvement
An issue with creating and downloading very large support packages has been resolved. We resolved the issue by changing the implementation of data handling.
For information on the required steps to update the version of the EJBCA Software Appliance, see Update.