Changelog
Release notes - Trust1Connector - t1c-api-3.7.13
Bug
T1C-2800 GetReaders does not return a suggested module, it only does it when using GetReaderS
T1C-2827 When DS /download/ssl is not available -> api does not start (panic due to unwrap) :-)
T1C-2846 Prevent REG from running when a local process has been deteced!
Task
T1C-2819 Update the T1C with the new SSL for DNS t1c.t1t.io
Improvement
T1C-2845 Update system crate
Bugfix release and update of SSL certificate and system info crate
Release notes - Trust1Connector - t1c-api-v3.7.11
Bug
T1C-2806 Shared environment - issue with 904300-Signature data does not equal the expected data: reg should not send out the signature in the responses (or verify if the client pub is correctly loaded for REMOTE environments) -> local is not an issue
Task
T1C-2777 Apple al-tool deprecation for signing/notarization
Story
T1C-2560 Direct download of SSL when digest is not equal to the published version on DS
T1C-2808 Add the integration with Local Signing Application
T1C-2809 Sidecar for Certificate check upon start and init
T1C-2810 Add swagger-ui initial set of exposed apis
T1C-2812 Provide an initial openApi spec for LSA module
Improvement
T1C-2638 As an integrator I can ask T1C to digest data before sign for each module
Release notes - Trust1Connector - t1c-api-v3.7.10
Bug
T1C-2710 t1c-sdk-js make excessive failing "pre-flight" requests
T1C-2742 Ds Logs push using CURL has issues -> not sending over the PUT json body
T1C-2747 File exchange list content type on macos sometimes gives read access errors on a just created folder via the API
T1C-2765 SSL certifiicate synchronisation does not happen after first startup
T1C-2804 Update T1C SSL certificates when running binaries from user session, while binaries are located in admin location
Task
T1C-2671 Update notarization in packager, altool being deprecated
T1C-2755 RMCR - Upgrade sentry to latest version
T1C-2760 Document DS Staging
Story
T1C-2380 As a User/Support desk I would like to change the log-level
T1C-2652 As a System I need to keep my transactions between installations
Improvement
T1C-2805 Update Cryptoki on Mac/Win for updated PKCS11 drivers
v3.7.1
Released 03/11/2022
Requires JS SDK 3.7.3
☑️ SSL upgrade
A major security flaw has been discoverd for openSSL. As of november 1 2022 this has been resolved but required updates on all libraries using openssl.
This release provides
✅ Update CORS sync on startup for registry
Previously the cors of the registry wasnt immediatley updated. And in some cases it was empty due to not be able to sync with the DS.
This has been resolved in this version
🔺 Info endpoint causes deadlock on HTTP worker
Due to a bug in the low level compiler mutexes could get in a deadlock state on low powered devices when a significant load was put on use-cases that required mutex read's or writes.
This has been resolved in this version.
v3.7.0
Released 19/10/2022
Requires JS SDK 3.7.2
Release notes
Bug
Registry does not retrieve the base cors list on startup
Tackle the whole Mutex story
When the user has a custom date/time set on his System it causes the API to crash on DS communication
Shared environment/multi user setup makes the Registry and API get in a deadlock state
Vulnerabilities based on Penetration test of Connective
SSL rotation does not function correctly when installation and user folder are different
Admin installer does not copy over information to user folder after new installation
Improvement
Update CORS API for the APN draft W3C (on the request side)
Use separate endpoint for reg to validate if api is registered on the correct user
As an integrator I can ask for all readers and ask to exclude readers by name
Story
As a system I should be able to send the log files to the DS so that support can easily look for issues with a device
As a system I want to use the private and public device key to encrypt and decrypt the response data so that an integrator/SDK can validate that no man in the middle attack has happened
🔺 Mutex
The API and Registry use a feature called Mutexes to have data that can be shared over multiple OS threads. Using this is necessary for some functionality. In previous versions when you have a Shared environment (citrix for example) you could make the API and Registry get into what's called a Deadlock
This caused the Mutex to never be unlocked for use by another OS thread. Causing the connector to be blocked completely.
This has now been solved and has been tested on instances of 1000 concurrent devices.
🔺 System time out of sync
We had a user which Operating system had a custom date set (not synced) which caused issues with DS communication. The DS communication also checks wether the time of request is not in the future or in the past (with some slack ofcourse). So if you use the Connector with a custom date you will not be able to contact the DS because it requires a request within a correct time-zone.
If this is not the case it could be that a malicious user is trying to exploit the DS at which point the DS refuses the request. The issue was that this caused the Connector to crash.
This has been solved so that the Connector does not crash.
System time must be correct, otherwise DS communication can not be done (secrity issue)
✅ Private Network Access
Private Network Access is a new CORS draft. Which prevents remote servers to contact local instances without any extra checks. Chrome has already implemented this draft in a non-blocking manner, the implemenation of chrome is to send 2 pre-flight requests. One which is the normal pre-flight and another one where the PNA implementation has been done.
At this point the pre-flight for the PNA implementation is non-blocking meaning that if the pre-flight fails it will not block the request.
When the PNA Cors draft is final this will become blocking.
In this release we've already started adding some required components to support this in an upcoming release.
☑️ Sync log files with DS
In this release we've implemented a feature where the Connector will send it's log files towards the DS. This is so that support desks can easily get the log files of the device which is requesting support.
☑️ HTTP verify response signature
We've added a feature where you can run the Connector in regualr HTTP mode. To still be secure we've added a signature field to the responses which can be verified to not be tampered with at the client's side. This verification is implemented in the JS SDK.
v3.6.4
Released 20/09/2022
Requires JS SDK 3.6.3
🔺 Proxy not used when PAC file is defined
Specifically in windows in the registry settings you can define proxy settings but also a autoconfiguration file (PAC). The library responsible for detecting proxy settings on windows would not return proxy information when a PAC file was defined.
As the Trust1Connector cannot parse PAC files we still need the windows registry proxy settings to find us the correct proxy URL, which is now fixed in this version.
v3.6.3
Released 19/08/2022
Requires JS SDK 3.6.3
🔺 Different user and installation caused issues
When the user folder and installation folder were not equal it caused issues for the SSL rotation flow. This has been solved in this version
🔺 Synchronisation issue between registry and api
The API and Registry sync between each other and also send the CORS configuration. In some cases the registry did not receive the cors list which caused confusion in web clients as they received CORS errors
☑️ Detect DNS rebind issue
When a user's router has DNS rebind disabled it caused issues to contact the Connector as it could not properly resolve the Domain of the connector to its IP address (127.0.0.1). The Connector will now specifically check on this issue, together with the viewer and the DS we can have an overview of who has this issue.
☑️ Reader API reads usb devices
The reader API now also checks on arbritrary USB devices if they're in fact smartcard readers or tokens
✅ API device key rotation
Device key rotation now also update the local Device key files and force a re-register towards the DS
Release notes
Bug
Fix the cleanup in launcher when user specific folder has been provided on startup when not equal to the installation folder
PKCS11 tokens search for non-rep certificate implicitly when no ID is givin in the request. This search for the certificate does not yield the correct value
Synchronisation issue between registry and API on startup of the Connector
fix the cors sync for registry after registry restarts
Improvement
Update the rotate API endpoint to also refresh the device_xxx files (during renewal) and force re-registration to DS
Implement the first external storage provider for read all-data (generic smart cards) to use the local file system
Update full api/reg code from lock to try_lock avoiding blocking threads
Remove the implicit CORS request from API info endpoint to DS, and provide/expose a public function in JS for application to force a CORS sync
Story
As a dashboard user I want to see when and if there was a DNS rebind issue for a given device, including the resolution (if applicable)
As a user I want to receive a link with online documentation on how to solve the DNS (rebind attack issue)
Optionally dump the card info an a configured location and given format (xml, json)
Reader API read USB devices
v3.6.2
Release 07/06/2022
Requires upgrade to Javacript SDK 3.6.2
Release notes
Bug
Distribution communication error after a couple of reboots/login-logouts
Improvement
Consolidate DS requests from 5 -> 1 using optionals
As a connector instance I need to add randomness after requesting the DS
As an integrator I want to have a new sign method for bytes which needs to be hashed by the RUST API
🔺 Distribution service communication error after a couple of reboots/login-logouts
After a couple of reboots/restarts or installing new versions the public key of the machine would change, now the DS accepts the new public key after validation
✅ Distribution service request consolidation
Previously the DS communication had 5 different calls to do all the needed actions. This has been consolidated to 1 call so that we reduce the stress on the DS.
✅ Distribution service request randomness
Together with the reducing of the requests towards the DS, the connector will now randomise the sync towards the DS after startup and first sync. This is to reduce the amount of devices that start up at the same time to put a high load on the DS. This will reduce peak requests on the DS.
✅ Raw sign method added
The Trust1Connector now has a sign_raw` method that allows to execute the sign operation sending the unhashed raw (base64 encoded) data. Then the Trust1Connector wil hash itself when the requested module needs hashing or not.
The module info endpoint also has an additional property that depicts if the module requires hashed or unhashed data.
v3.6.0
Released 01/04/2022
Requires upgrade to Javacript SDK 3.6.1
Release notes
Bug
As an integrator I want to receive a correct error when requesting a sign operation with a wrong or unknown sign mechanism/algorithm
when Launchagents folder for the user does not exist it fails to start the Trust1Connector
Trust1Connector for multiple clients cause race condition on API port assignment on startup (Windows)
Using unknown algorithm returns error code 111
Trust1Connector creates a folder in the Roaming folder when installed
Improvement
As a user I want to allow only SHA256 for Chambersign token on the sign API
Enable default certificate selection for sign, authenticate on PKCS11 modules
Add Jcop3 ATR
Migrate PKCS11 from sandbox
As a user I want to validate the signed hash from a PKCS11 token, using the validation function of the PKCS11 interface
Add type to TokenInfo object when calling token-info enpdpoint such that eID cards have a different object then the PKCS11 tokens
As the Trust1Connect I want to be able to fetch all the certificates on a token, including their information
Story
As the User when I use the Trust1Connector I want the CORS configuration to be up-to-date
As a user I want to be presented with both M1 and Intel download links when I request them from the DS
Build the Sandbox for linux (debian)
🔺 Consent error code update
The consent error code has been updated in the Javascript library, and t1c-sdk-js clients have no impact on that change.
🔺 Multi-client support and race condition fix
When using different instances of the Trust1Connector (optionally from another partner) on a Windows system, a port collision could be possible due to a race condition in port assignment upon initialization. Ports are now protected with anti-collision and are salted to make a port less guessable.
🔺 Implicit creation of LaunchAgents folder on Mac/OSX
When no LaunchAgents folder was present on the system, the installation procedure creates this folder implicitly.
☑️ Exposed Camerfirma interface
Camerfima is a new PKCS11 token added to the modules of the Trust1Connector. The Camerfirma token pre-requisites the installation of the Carmerfirma middleware.
☑️ Exposed Chambersign interface
Chambersign is a new PKCS11 token added to the modules of the Trust1Connector. The Chambersign token pre-requisites the installation of the Chambersign middleware.
☑️ Token Info endpoint will now returned detailed information when using a PKCS11 token
The token info endpoint has been implemented before only for identity tokens. We have added support for Token Info of the PKCS11 modules. As the response has a different data structure, an additional type has been added for clients to parse the response correctly.
The PKCS11 token info exposes information on the algorithms which can be used for different use cases (digital signature, validation, authentication, ...). In a future release additional functionality will be provided such as: encryption, decryption, key exchange,...
✅ Fetch all the certificates on a token including all their information
For the different notification types, many tokens share multiple certificates for a single type. The original interface supported only a single certificate response. To be backwards compatible, those certification function have been adapted to be behave the same as in v3.5.x.
New functions are available to support multiple certificate reponses, they are called: [certificateType]Extended. For PKCS11 tokens the certificate response also returns, besides the base64 encoded certificate and the certificate id, the following properties:
issuer
subject
serial number
hash sub pub key
hash iss pub key
exponent (payment modules)
remainder (payment modules)
parsed certificate (ASN1 format of the base64 encoded certificate)
✅ Signed hash validation function exposed for PKCS11 tokens
A new function has been added for all PKCS11 modules called the 'validate' endpoint. This endpoint, when available, can be used to validate a signed hash received after calling the 'sign' function. In an next version a variant of the validation function using OpenSSL will be added for all tokens.
✅ PKCS11 migration towards RUST
For the Trust1Connector to support more PKCS11 functionality, the intermediate PKCS11 layer has been removed in preference of a direct PKCS11 LIB integration. FFI is used in RUST to support any library which need to be loaded.
✅ Token Algortihm input validation for signing and authentication
Additional guard has been implemented to prevent empty algorithms for the digital signature and validation endpoints. PKCS11 tokens will verify as well if the provided algortihm is exposed as an allowed mechanism for the targetted use case.
✅ JCOP3 ATR added
The Trust1Connector can now detec Java Card Object Platform 3 typed cards
✅ Select default PKCS11 non-repudation or authentication certificate
When requesting for a signature or an authentication, the correct certificate must be provided. For PKCS11 tokens the certificate id (or reference) can be ommitted. The PKCS11 token will be default pick the first certificate (for the type needed) and use this with the specified mechanism to sign/authenticate.
v3.5.20
Compatible with Javascript SDK v3.5.4
This version and previous versions contains a bug where windows TCP reservation has a race condition between Connectors of different clients which are installed on the same system.
If this occurs you need to restart 1 of the connectors. via the t1c-launch(.exe), with the command t1c-launch(.exe) --env {{environment}} --restart
Bug
Trust1Connector API must accept a JSON body limit of 2MB
Fix registry to start directly after dissapearing on shared environment
Story
As a Integrator I would like to use a central registry hosted on the DS
🔺 Trust1Connector accepts JSON body payload of max 2MB
Some use-cases require JSON payloads which are quite substantial. That is why we increased the maximum payload size to 2MB. This value can be changed to maximum 50MB if a client has a use-case for it.
🔺 Registry restart instantly
When the user where the registry is running on logs out or shuts down its system it will also stop the registry. In the Trust1Connector there is a gossip mechanism so that a new registry starts.
In this version this has been improved so that the registry will now start on a new user almost instantly, preventing any downtime.
🔷 Enabled central registry hosted on DS
Up until now we only had the ability to have a local registry. Altough this is a perfect for almost all use-cases we have some use-cases where having a central registry is needed.
This means that the DS will take on most of the tasks of the local registry.
v3.5.19
Compatible with Javascript SDK v3.5.4
This version and previous versions contains a bug where windows TCP reservation has a race condition between Connectors of different clients which are installed on the same system.
If this occurs you need to restart 1 of the connectors. via the t1c-launch(.exe), with the command t1c-launch(.exe) --env {{environment}} --restart
Overview
Bug
Macos, add uninstall shell script again to the installation
Latest Certigna middleware is not detected
Improvement
New custom PKCS11 implementation
Low level Attribute mapping
Exposing all available token flags
Update to function handler to override PKCS11 config
Additional error handeling for PKCS11
[interface impact] PKCS11 Response object for TokenInfo has been updated to be able to hold all flags
🔺 Certigna middleware is not detected
The latest Certigna middleware gave the error middleware not detected even when it was installed. This was because of a change in the Certigna middleware. This issue was the precursor to do a complete custom PKCS11 implementation which is explained below.
🔺 Uninstall shell script
We've added the uninstall shell script again uninstall.sh in 3.5.18 this was replaced by the .app variant. We've decided to put this back because in certain environments where the MacOS devices are managed by administrators the shell script made it easy to script certain flows.
✅ PKCS11
In this release we have created a custom PKCS11 implementation (CFR issue with Certigna). This implementation is a more robust and faster implementation than the previous one.
The PKCS11 interface has some new error codes and a new response object for TokenInfo. The updated TokenInfo will not work with the generic interface in this release but will be solved in the following one.
The error codes that have been added are;
The final error codes (PKCS11InitException and PKCS11ReaderException) are wrong and will be fixed in the following release
206047
PinChangeNeeded
(user) Pin needs to be updated
206046
PinBlockedError
(user) Pin is blocked
208071
InvalidPin1RetriesRemaining
Only 1 (user) pin try remains
206047
InvalidPinError
(user) Pin was wrong
800101
PKCS11InitException
Could not initialise the PKCS11 library
800101
PKCS11ReaderException
Could not correctly read the reader (PKCS11)
v3.5.18
Compatible with Javascript SDK v3.5.4
This version and previous versions contains a bug where windows TCP reservation has a race condition between Connectors of different clients which are installed on the same system.
If this occurs you need to restart 1 of the connectors. via the t1c-launch(.exe), with the command t1c-launch(.exe) --env {{environment}} --restart
Improvement
As a user, I want an easier way to uninstall T1C on Mac
v3.5.17
Compatible with Javascript SDK v3.5.4
This version and previous versions contains a bug where windows TCP reservation has a race condition between Connectors of different clients which are installed on the same system.
If this occurs you need to restart 1 of the connectors. via the t1c-launch(.exe), with the command t1c-launch(.exe) --env {{environment}} --restart
Improvement
Add proxy functionallity with basic auth to DS client in T1C-api
v3.5.16
Compatible with Javascript SDK v3.5.4
Bug
Pinpad security context error when trying to sign with beid v1.8
v3.5.15
Compatible with Javascript SDK v3.5.4
Improvement
Consent flow, check if /info endpoint user matches the request user, if not new consent is needed, if present, ok
v3.5.14
Compatible with Javascript SDK v3.5.4
Bug
Registry validate endpoint does not update the agent values
When the t1c.zip file is corrupt/not a zip the Trust1Connector gets into a restart launch
Story
As a System I want to have log rotation
As a User I would like to have an universal installer for MacOS
As a Trust1Connector I want to make sure the Digests of my binaries are verified
As a System I would like to prevent CSRF attacks
As a System I would like to synchronise my transactions with the Distribution Service
As the Trust1Connector I want to validate the JWT token provided
Trust1Connector should be able to provide organization context when not requiring application tokens
v3.5.13
Compatible with Javascript SDK v3.5.3
Bug
Cors list with domains including port numbers fail
Story
As a DS admin I can update the DS cycle time to a value in seconds
MacOS pin popup not focused
Migration to Rust Luxtrust
v3.5.12
Compatible with Javascript SDK v3.5.3
Story
Enable the possibility to launch in sillent and non-silent mode on windows
Bug
Trust1Connector tries to catch up for the cycles it could not complete when coming back from sleep for a prolongued time
Trust1Connector API disappears/stops after a couple of seconds without any crash information
v3.5.11
Compatible with Javascript SDK v3.5.3
Story
Launcher have the capability to run in silent and non-silent mode
When updating it should clean-up the old versions files which are not needed anymore
Configure workers through CLI for actix web server
Launcher log its process logging to a log file
As a System I would like to log the panic output to a log-file
Implement NTLM compatibility
As the Trust1Connector I need to have my current time information exposed on the system/info endpoint
Task
Launcher have a dynamic process and launchd configuration based on a per client configuration object
Add the option to enable the cURL functionality in the launcher configuration
Remove the need of a nightly build to enable quote interpolation in the launcher
v3.5.10
Requires upgrade of JS SDK to v3.5.3
Improvement
Consent flow, check if /info endpoint user matches the request user, if not new consent is needed, if present, ok
Story
Support Citrix multi-host session management for consent flow
v3.5.9
Compatible with JavaScript v3.5.1
Bug
Quovadis token does not work with the Safenet Library
Remove the use of TaskList in the launcher
LuxID card not working in Windows
v3.5.8
Compatible with JavaScript v3.5.1
Bug
Cors list should always completely represent what is defined in the DS
Macos CORS sync towards registry is not immediate
Pin values cause validation to trigger when the encrypted value becomes to big
Improvement
input validation on all endpoints of API and REG
Story
Parameterize the range of free ports to run on
As a user I would like to have the possibility to receive a notification for a new version
v3.5.7
Compatible with JavaScript v3.5.1
Bug
Dialogs on OSX should have binary names with ENV prefix/suffix
Story
As a Mac user I would like to have a launcher to better manage the Trust1Connector
As the Trust1Connector I want my SSL certificate to be updated automatically when it has been updated in the DS
v3.5.6
Component
Version
JavaScript
v3.5.0
Bug
Eherkenning middleware does not work properly with M1 hardware
Launcher should only stop component in its own user-context
v3.5.5
Component
Version
JavaScript
v3.5.0
Story
Support for Airbus token
Support for safenet token
Support for Eherkenning token
v3.5.4
Component
Version
JavaScript
v3.5.0
Bug
File-exchange when folder does not exist the open dialog crashes
Story
Migration to Rust Wacom
v3.5.3
Component
Version
JavaScript
v3.5.0
Bug
Fix for Wacom App::data() Mutex issue
Update Error handling to reflect prior version of T1C (and map new once to existing error codes for ease of integration)
Improvement
Added x-xsrf-token to CORS headers
v3.5.2
Component
Version
JavaScript
v3.5.0
Bug
Registry and API Cors syncing does not happen in the first cycle when registration towards DS is done
Pin dialog does not give focus to the input field in Windows
Cors rules do not take into account the protocol
Pin dialog does not display on MacOS
Prepare registry cert does not find the certficates and tries to copy but fails
Story
Provide launcher executable to start and manage the Trust1Connector
Add dialog timeout to CLI (for both win and mac)
v3.5.1
Component
Version
JavaScript
v3.5.0-RC7
Bug
Application launcher does not check current installed files and folders properly
v3.5.0
Component
Version
JavaScript
v3.5.0-RC7
Bug
DS public key should not be needed when no DS config is present
Unavailable DS makes the Trust1Connector crash
CMD.exe /c SET is executed by the sandbox with no apparent use-case
Device key rotation also needs to update the ds-txs.json
Trust1Connector with DS capabilities uses current dir as rootfolder
File exchange download create folders write authorization error
File exchange List Type Content response object is not complete
File exchange dialog and network timeout need to follow the parameter or default
update-type and cancel the browse windows does not return data in the response
File exchange Update Type does not show correct the entity folder in the dialog
File exchange List type response object is not correct
File exchange create type shows dialog when path doesnt exist and modal is false
As a packager I want to provide a specific port for the Registry
API and Registry info endpoint do not return all properties
T1C API uses the readers as an info endpoint
MacOS limited the access towards files for services
Sending unknown filters makes the API crash
rename query param for all_data and all_certs to filter
Standalone mode should not trigger prepare_registry_cert
MacOS logger does not work when the binary is packaged
Airbus selects wrong Non-Repudiation cert
MacOS installer sometimes asks for administrative password
Improvement
RUST support Jcop card
Device key rotation
Bulk reset MUST be a GET as it does not contain any body
Story
As a Integrator I want all dialogs to have an optional timeout property
As a user, I want to be able to use/have a DS for the v3
Migrate to Rust Jcop
Migration to Rust Luxid
Migration to Rust Crelan
Migration to Rust Chambersign
Migration to Rust Certinomis
Migration to Rust Certigna
Migration to Rust airbus
Add timeout and file parameter for MacOS dialogs
Encapsulate MacOS package in an administrative package which always automatically installs in the correct context
As a Packager I would like to run the Trust1Connector via an executable
Safenet rustification
eHerkenning rustification
Use the exe filename instead of env! cargo name
Refactor usize/isize for win/osx
Implement Relo rust module
Implement EMV rust module
Implement new architecture for shared environment, multi session host, single installation, ...
Expose CORS config, to be configurable upon runtime (not compile time)
Rust - File Exchange
Improve the startup of the T1C with the sandbox
V3.5.0-rc020
Component
Version
JavaScript
v3.5.0-RC7
Bug
Not starting due to DS cert loaded, when DS is not needed (upon startup ds client)
DS public key should not be needed when no DS config is present
Story
Add anti caching headers on the response to avoid http caching on the client
Update the license terms for Signid Release
V3.5.0-rc019
Component
Version
JavaScript
v3.5.0-RC6
Bug
Unavailable DS makes the Trust1Connector crash
Device key rotation also needs to update the ds-txs.json
Trust1Connector with DS capabilities uses current dir as rootfolder
V3.5.0-rc018
Component
Version
JavaScript
v3.5.0-RC6
Bug
Cors control of Trust1Connector API and Registry does not allow the CSRF header
V3.5.0-rc017
Component
Version
JavaScript
v3.5.0-RC6
Story
As a user, I want to be able to use/have a DS for the v3
Expose CORS config, to be configurable upon runtime (not compile time)
V3.5.0-rc016
Component
Version
JavaScript
v3.5.0-RC6
Bug
File exchange download fails to move the temporary file to its final location
V3.5.0-rc015
Component
Version
JavaScript
v3.5.0-RC6
Bug
File exchange download create folders write authorization error
V3.5.0-rc014
Component
Version
JavaScript
v3.5.0-RC5
Bug
File exchange List Type Content response object is not complete
File exchange dialog and network timeout need to follow the parameter or default
update-type and cancel the browse windows does not return data in the response
File exchange Update Type does not show correct the entity folder in the dialog
File exchange List type response object is not correct
File exchange create type shows dialog when path doesnt exist and modal is false
API and Registry info endpoint do not return all properties
Story
As a Integrator I want all dialogs to have an optional timeout property
V3.5.0-rc013
Component
Version
JavaScript
v3.5.0-RC2
Bug
As a packager I want to provide a specific port for the Registry
T1C API uses the readers as an info endpoint
V3.5.0-rc012
Component
Version
JavaScript
v3.5.0-RC2
Bug
Airbus selects wrong Non-Repudiation cert
Story
Migrate to Rust Jcop
Migration to Rust Luxid
Migration to Rust Crelan
Migration to Rust Chambersign
Migration to Rust Certinomis
Migration to Rust Certigna
Migration to Rust airbus
Safenet rustification
eHerkenning rustification
V3.5.0-RC10
Component
Version
JavaScript
v3.5.0-RC1
Bug
Trust1Connector API must be able to log when packaged
MacOS installer sometimes asks for administrative password
MacOS limited the access towards files for services
Story
Encapsulate MacOS package in an administrative package which always automatically installs in the correct context
As a Packager I would like to run the Trust1Connector via an executable
Use the exe filename instead of env! cargo name
Refactor usize/isize for win/osx
Rust - File Exchange
The folder restriction from Apple regarding user sensitive folders such as
Documents,
Desktop,
...
has been fixed in this version. More information regarding this restriction can be found in their release notes here under the section Launch Daemons and Agents
V3.5.0-RC9
Component
Version
JavaScript
v3.5.0-RC1
Bug
Spaces in path caused invalid CLI arguments
Sandbox log path caused crashes
V3.5.0-RC8
Component
Version
JavaScript
v3.5.0-RC1
Bug
T1C-sandbox does not automatically restart after crash
V3.5.0-RC7
Component
Version
JavaScript
v3.5.0-RC1
Bug
Sending unknown filters makes the API crash
rename query param for all_data and all_certs to filter
V3.5.0-RC6
Component
Version
JavaScript
v3.5.0-RC1
Bug
MacOS T1C api does not register towards the registry when installed via the packaging
Standalone mode should not trigger prepare_registry_cert
V3.5.0-RC5
Component
Version
JavaScript
v3.5.0-RC1
Bug
MacOS logger does not work when the binary is packaged
Improvement
RUST support Jcop card
Device key rotation
Bulk reset MUST be a GET as it does not contain any body
Story
Implement EMV rust module
Implement new architecture for shared environment, multi session host, single installation, ...
Last updated
Was this helpful?