EJBCA 6.15.2.5 Upgrade Notes

EJBCA 6.15.2.5 is a maintenance release resolving a potential security issue when using SCEP in RA mode.

Below are important changes and requirements to be aware of when upgrading from EJBCA 6.15.x to EJBCA 6.15.2.5.

For general upgrade instructions and information on upgrade paths, see Upgrading EJBCA.

Database Changes

Being a patch release, EJBCA 6.15.2.5 includes no database changes.

Behavioral Changes

SCEP Security Fix - More Restrictive CA Access

In earlier versions of EJBCA, the CA for SCEP enrollment was only restricted by the configured End Entity Profile and Certificate Profile. The RA CA Name option was used as a the default CA, if no CA was specified in the request.

As of EJBCA 6.15.2.5 (as well as versions 7.3.1.1 and 7.4.0), a SCEP alias will only allow issuance using the CA selected as RA CA Name. Note that this CA must still be selected in the configured End Entity Profile and the Certificate Profile.