This patch release contains a security fix related to the ACME External Account Binding feature, introduced in EJBCA 7.5.0.


Deployment options include EJBCA Hardware ApplianceEJBCA Software Appliance, and EJBCA Cloud.

Encrypt ACME EAB Symmetric Key

ACME External Account Bindings (EAB), which is a new feature in EJBCA 7.5.0, uses a symmetric key, shared between the CA and the client. In order to protect this key it can be encrypted using a Crypto Token configured for the ACME alias in EJBCA. This encryption feature was added in EJBCA 7.5.0.1.

Upgrade Information

As a patch release, the upgrade procedure is the same as for EJBCA 7.5.0. See the EJBCA 7.5 Upgrade Notes for important information about this release. For upgrade instructions and information on upgrade paths, see Upgrading EJBCA. Customers upgrading from EJBCA 7.5.0 to 7.5.0.1 are recommended to replace symmetric keys already in use for ACME EAB after upgrading.

Change Log: Resolved Issues

For full details of fixed bugs and implemented features in EJBCA 7.5.0.1, refer to our JIRA Issue Tracker.

Issues Resolved in 7.5.0.1

Released May 2021

Tasks

ECA-10038 - Fix class path issue in CryptoToolsTest

Improvements

ECA-9729 - Encrypt ACME EAB symmetric key