This patch release contains a security fix related to the ACME External Account Binding feature, introduced in EJBCA 7.5.0.
Deployment options include EJBCA Hardware Appliance, EJBCA Software Appliance, and EJBCA Cloud.
Encrypt ACME EAB Symmetric Key
ACME External Account Bindings (EAB), which is a new feature in EJBCA 7.5.0, uses a symmetric key, shared between the CA and the client. In order to protect this key it can be encrypted using a Crypto Token configured for the ACME alias in EJBCA. This encryption feature was added in EJBCA 7.5.0.1.
As a patch release, the upgrade procedure is the same as for EJBCA 7.5.0. See the EJBCA 7.5 Upgrade Notes for important information about this release. For upgrade instructions and information on upgrade paths, see Upgrading EJBCA. Customers upgrading from EJBCA 7.5.0 to 7.5.0.1 are recommended to replace symmetric keys already in use for ACME EAB after upgrading.
Change Log: Resolved Issues
For full details of fixed bugs and implemented features in EJBCA 7.5.0.1, refer to our JIRA Issue Tracker.
Issues Resolved in 7.5.0.1
Released May 2021
Tasks
ECA-10038 - Fix class path issue in CryptoToolsTest
Improvements
ECA-9729 - Encrypt ACME EAB symmetric key