The PrimeKey SignServer team is pleased to announce the release of SignServer 5.3.0.
This release brings support for APPX and Domain Name System Security Extensions (DNSSEC) signing.
APPX is a Microsoft application distribution file format for Universal Windows Platform (UWP) apps introduced with Microsoft Windows 8.
DNS Security Extensions (DNSSEC) is a valuable tool for improving the trust and integrity of the Domain Name System (DNS), adding security on top of the Domain Name System (DNS).
No database changes are required for this release.
SignServer 5.3 is included in Appliance version 3.4.4. For more information, refer to the PKI Appliance Release Notes.
Change Log: Resolved Issues
For full details of fixed bugs and implemented features in SignServer 5.3, refer to our JIRA Issue Tracker.
DSS-2065 - Implement APPX Signing
DSS-2030 - Initial SignClient support for Zone signing
DSS-2032 - Initial Zone File server-side signer
DSS-2028 - Implement resigning avoidance algorithm in ZoneZipFile server-side signer
DSS-2026 - Releasable Zone File server-side signer
DSS-2046 - Fix issue in DNS Java library when PKCS#11 is used
DSS-2078 - Option to specify min remaining validity time for zone file signing with SignClient
DSS-2029 - Basic Zone Hash Signer
DSS-2027 - Basic ZoneZipFile server-side signer
DSS-2068 - Initial support for sending a pre-request in the SignClient file-specific handler SPI
DSS-2107 - Update copyright year for 2020
DSS-2038 - Add the DNSSEC library
DSS-2036 - Create new module: SignServer-DNSSEC-Signer
DSS-2035 - Create new module: SignServer-DNSSEC-Common
DSS-2037 - Create new skeleton signer: ZoneFileServerSideSigner
DSS-2031 - Test resigning avoidance algorithm with SignClient client-side
DSS-2025 - Improved bulk key generation in Admin Web
DSS-2053 - Remove hardcoded TTL values from ZoneFileServerSideSigner
DSS-2054 - Different output from SignServer vs. dnssec-signzone for customer provided zone file
DSS-2057 - Refactor out duplicated code from ZoneZipFileServerSideSigner & ZoneFileServerSideSigner
DSS-2063 - Fix OOM error when running ZoneFileSigner with large input
DSS-2066 - Implement tests for APPX
DSS-2070 - Cleanup and refactor the inital SignClient support for Zone signing
DSS-2071 - Proper Zone Hash Signer
DSS-2080 - Document zone signing options in SignClient with client-side hashing
DSS-2086 - Set path to WildFly 14 as default for running system tests from within the IDE
DSS-2088 - Implement test code helper for APPX verification
DSS-2091 - AppxCMSSigner should fail if FILE_TYPE request metadata property is not the expected
DSS-2101 - Security Hardening
DSS-2103 - Print KSK DNSKEY entries in status output
DSS-2106 - Build SignClient dist as part of release target
DSS-2111 - Keep publishing the previous ZSK
DSS-2052 - Different output from SignServer vs. dnssec-signzone for one entry
DSS-2067 - BaseZoneFileSignerServerSideSigner has fields changed during processing
DSS-2069 - ZoneZipSigningAlgorithmTest does not verify the signature at 'fixed time' causing test failure
DSS-2072 - Expired certificate in junit tests causes test failures
DSS-2090 - Zone file signing test failures with NoClassDefFoundError after merge to trunk
DSS-2092 - Getting NegativeArrayIndexException with large APPX package