Changelog

Release notes - Trust1Connector - t1c-api-3.7.13

Bug

T1C-2800 GetReaders does not return a suggested module, it only does it when using GetReaderS

T1C-2827 When DS /download/ssl is not available -> api does not start (panic due to unwrap) :-)

T1C-2846 Prevent REG from running when a local process has been deteced!

Task

T1C-2819 Update the T1C with the new SSL for DNS t1c.t1t.io

Improvement

T1C-2845 Update system crate

Bugfix release and update of SSL certificate and system info crate

Release notes - Trust1Connector - t1c-api-v3.7.11

Bug

T1C-2806 Shared environment - issue with 904300-Signature data does not equal the expected data: reg should not send out the signature in the responses (or verify if the client pub is correctly loaded for REMOTE environments) -> local is not an issue

Task

T1C-2777 Apple al-tool deprecation for signing/notarization

Story

T1C-2560 Direct download of SSL when digest is not equal to the published version on DS

T1C-2808 Add the integration with Local Signing Application

T1C-2809 Sidecar for Certificate check upon start and init

T1C-2810 Add swagger-ui initial set of exposed apis

T1C-2812 Provide an initial openApi spec for LSA module

Improvement

T1C-2638 As an integrator I can ask T1C to digest data before sign for each module

Release notes - Trust1Connector - t1c-api-v3.7.10

Bug

T1C-2710 t1c-sdk-js make excessive failing "pre-flight" requests

T1C-2742 Ds Logs push using CURL has issues -> not sending over the PUT json body

T1C-2747 File exchange list content type on macos sometimes gives read access errors on a just created folder via the API

T1C-2765 SSL certifiicate synchronisation does not happen after first startup

T1C-2804 Update T1C SSL certificates when running binaries from user session, while binaries are located in admin location

Task

T1C-2671 Update notarization in packager, altool being deprecated

T1C-2755 RMCR - Upgrade sentry to latest version

T1C-2760 Document DS Staging

Story

T1C-2380 As a User/Support desk I would like to change the log-level

T1C-2652 As a System I need to keep my transactions between installations

Improvement

T1C-2805 Update Cryptoki on Mac/Win for updated PKCS11 drivers

v3.7.1

Released 03/11/2022

Requires JS SDK 3.7.3

Release notes

Bug

  • Info endpoint causes deadlock on HTTP worker

Task

  • Upgrade to SSL 3.0.7 to mitigate security issue

Story

  • Update CORS sync on startup for registry

A major security flaw has been discoverd for openSSL. As of november 1 2022 this has been resolved but required updates on all libraries using openssl.

This release provides

Previously the cors of the registry wasnt immediatley updated. And in some cases it was empty due to not be able to sync with the DS.

This has been resolved in this version

Due to a bug in the low level compiler mutexes could get in a deadlock state on low powered devices when a significant load was put on use-cases that required mutex read's or writes.

This has been resolved in this version.

v3.7.0

Released 19/10/2022

Requires JS SDK 3.7.2

Release notes

Bug

  • Registry does not retrieve the base cors list on startup

  • Tackle the whole Mutex story

  • When the user has a custom date/time set on his System it causes the API to crash on DS communication

  • Shared environment/multi user setup makes the Registry and API get in a deadlock state

  • Vulnerabilities based on Penetration test of Connective

  • SSL rotation does not function correctly when installation and user folder are different

  • Admin installer does not copy over information to user folder after new installation

Improvement

  • Update CORS API for the APN draft W3C (on the request side)

  • Use separate endpoint for reg to validate if api is registered on the correct user

  • As an integrator I can ask for all readers and ask to exclude readers by name

Story

  • As a system I should be able to send the log files to the DS so that support can easily look for issues with a device

  • As a system I want to use the private and public device key to encrypt and decrypt the response data so that an integrator/SDK can validate that no man in the middle attack has happened

The API and Registry use a feature called Mutexes to have data that can be shared over multiple OS threads. Using this is necessary for some functionality. In previous versions when you have a Shared environment (citrix for example) you could make the API and Registry get into what's called a Deadlock

This caused the Mutex to never be unlocked for use by another OS thread. Causing the connector to be blocked completely.

This has now been solved and has been tested on instances of 1000 concurrent devices.

We had a user which Operating system had a custom date set (not synced) which caused issues with DS communication. The DS communication also checks wether the time of request is not in the future or in the past (with some slack ofcourse). So if you use the Connector with a custom date you will not be able to contact the DS because it requires a request within a correct time-zone.

If this is not the case it could be that a malicious user is trying to exploit the DS at which point the DS refuses the request. The issue was that this caused the Connector to crash.

This has been solved so that the Connector does not crash.

System time must be correct, otherwise DS communication can not be done (secrity issue)

Private Network Access is a new CORS draft. Which prevents remote servers to contact local instances without any extra checks. Chrome has already implemented this draft in a non-blocking manner, the implemenation of chrome is to send 2 pre-flight requests. One which is the normal pre-flight and another one where the PNA implementation has been done.

At this point the pre-flight for the PNA implementation is non-blocking meaning that if the pre-flight fails it will not block the request.

When the PNA Cors draft is final this will become blocking.

In this release we've already started adding some required components to support this in an upcoming release.

In this release we've implemented a feature where the Connector will send it's log files towards the DS. This is so that support desks can easily get the log files of the device which is requesting support.

We've added a feature where you can run the Connector in regualr HTTP mode. To still be secure we've added a signature field to the responses which can be verified to not be tampered with at the client's side. This verification is implemented in the JS SDK.

v3.6.4

Released 20/09/2022

Requires JS SDK 3.6.3

Release notes

Bug

  • Proxy is not used when PAC file is defined in registry

Specifically in windows in the registry settings you can define proxy settings but also a autoconfiguration file (PAC). The library responsible for detecting proxy settings on windows would not return proxy information when a PAC file was defined.

As the Trust1Connector cannot parse PAC files we still need the windows registry proxy settings to find us the correct proxy URL, which is now fixed in this version.

v3.6.3

Released 19/08/2022

Requires JS SDK 3.6.3

When the user folder and installation folder were not equal it caused issues for the SSL rotation flow. This has been solved in this version

The API and Registry sync between each other and also send the CORS configuration. In some cases the registry did not receive the cors list which caused confusion in web clients as they received CORS errors

When a user's router has DNS rebind disabled it caused issues to contact the Connector as it could not properly resolve the Domain of the connector to its IP address (127.0.0.1). The Connector will now specifically check on this issue, together with the viewer and the DS we can have an overview of who has this issue.

The reader API now also checks on arbritrary USB devices if they're in fact smartcard readers or tokens

Device key rotation now also update the local Device key files and force a re-register towards the DS

Release notes

Bug

  • Fix the cleanup in launcher when user specific folder has been provided on startup when not equal to the installation folder

  • PKCS11 tokens search for non-rep certificate implicitly when no ID is givin in the request. This search for the certificate does not yield the correct value

  • Synchronisation issue between registry and API on startup of the Connector

  • fix the cors sync for registry after registry restarts

Improvement

  • Update the rotate API endpoint to also refresh the device_xxx files (during renewal) and force re-registration to DS

  • Implement the first external storage provider for read all-data (generic smart cards) to use the local file system

  • Update full api/reg code from lock to try_lock avoiding blocking threads

  • Remove the implicit CORS request from API info endpoint to DS, and provide/expose a public function in JS for application to force a CORS sync

Story

  • As a dashboard user I want to see when and if there was a DNS rebind issue for a given device, including the resolution (if applicable)

  • As a user I want to receive a link with online documentation on how to solve the DNS (rebind attack issue)

  • Optionally dump the card info an a configured location and given format (xml, json)

  • Reader API read USB devices

v3.6.2

Release 07/06/2022

Requires upgrade to Javacript SDK 3.6.2

Release notes

Bug

  • Distribution communication error after a couple of reboots/login-logouts

Improvement

  • Consolidate DS requests from 5 -> 1 using optionals

  • As a connector instance I need to add randomness after requesting the DS

  • As an integrator I want to have a new sign method for bytes which needs to be hashed by the RUST API

After a couple of reboots/restarts or installing new versions the public key of the machine would change, now the DS accepts the new public key after validation

Previously the DS communication had 5 different calls to do all the needed actions. This has been consolidated to 1 call so that we reduce the stress on the DS.

Together with the reducing of the requests towards the DS, the connector will now randomise the sync towards the DS after startup and first sync. This is to reduce the amount of devices that start up at the same time to put a high load on the DS. This will reduce peak requests on the DS.

The Trust1Connector now has a sign_raw` method that allows to execute the sign operation sending the unhashed raw (base64 encoded) data. Then the Trust1Connector wil hash itself when the requested module needs hashing or not.

The module info endpoint also has an additional property that depicts if the module requires hashed or unhashed data.

v3.6.0

Released 01/04/2022

Requires upgrade to Javacript SDK 3.6.1

Release notes

Bug

  • As an integrator I want to receive a correct error when requesting a sign operation with a wrong or unknown sign mechanism/algorithm

  • when Launchagents folder for the user does not exist it fails to start the Trust1Connector

  • Trust1Connector for multiple clients cause race condition on API port assignment on startup (Windows)

  • Using unknown algorithm returns error code 111

  • Trust1Connector creates a folder in the Roaming folder when installed

Improvement

  • As a user I want to allow only SHA256 for Chambersign token on the sign API

  • Enable default certificate selection for sign, authenticate on PKCS11 modules

  • Add Jcop3 ATR

  • Migrate PKCS11 from sandbox

  • As a user I want to validate the signed hash from a PKCS11 token, using the validation function of the PKCS11 interface

  • Add type to TokenInfo object when calling token-info enpdpoint such that eID cards have a different object then the PKCS11 tokens

  • As the Trust1Connect I want to be able to fetch all the certificates on a token, including their information

Story

  • As the User when I use the Trust1Connector I want the CORS configuration to be up-to-date

  • As a user I want to be presented with both M1 and Intel download links when I request them from the DS

  • Build the Sandbox for linux (debian)

The consent error code has been updated in the Javascript library, and t1c-sdk-js clients have no impact on that change.

When using different instances of the Trust1Connector (optionally from another partner) on a Windows system, a port collision could be possible due to a race condition in port assignment upon initialization. Ports are now protected with anti-collision and are salted to make a port less guessable.

When no LaunchAgents folder was present on the system, the installation procedure creates this folder implicitly.

Camerfima is a new PKCS11 token added to the modules of the Trust1Connector. The Camerfirma token pre-requisites the installation of the Carmerfirma middleware.

Chambersign is a new PKCS11 token added to the modules of the Trust1Connector. The Chambersign token pre-requisites the installation of the Chambersign middleware.

The token info endpoint has been implemented before only for identity tokens. We have added support for Token Info of the PKCS11 modules. As the response has a different data structure, an additional type has been added for clients to parse the response correctly.

The PKCS11 token info exposes information on the algorithms which can be used for different use cases (digital signature, validation, authentication, ...). In a future release additional functionality will be provided such as: encryption, decryption, key exchange,...

For the different notification types, many tokens share multiple certificates for a single type. The original interface supported only a single certificate response. To be backwards compatible, those certification function have been adapted to be behave the same as in v3.5.x.

New functions are available to support multiple certificate reponses, they are called: [certificateType]Extended. For PKCS11 tokens the certificate response also returns, besides the base64 encoded certificate and the certificate id, the following properties:

  • issuer

  • subject

  • serial number

  • hash sub pub key

  • hash iss pub key

  • exponent (payment modules)

  • remainder (payment modules)

  • parsed certificate (ASN1 format of the base64 encoded certificate)

A new function has been added for all PKCS11 modules called the 'validate' endpoint. This endpoint, when available, can be used to validate a signed hash received after calling the 'sign' function. In an next version a variant of the validation function using OpenSSL will be added for all tokens.

For the Trust1Connector to support more PKCS11 functionality, the intermediate PKCS11 layer has been removed in preference of a direct PKCS11 LIB integration. FFI is used in RUST to support any library which need to be loaded.

Additional guard has been implemented to prevent empty algorithms for the digital signature and validation endpoints. PKCS11 tokens will verify as well if the provided algortihm is exposed as an allowed mechanism for the targetted use case.

The Trust1Connector can now detec Java Card Object Platform 3 typed cards

When requesting for a signature or an authentication, the correct certificate must be provided. For PKCS11 tokens the certificate id (or reference) can be ommitted. The PKCS11 token will be default pick the first certificate (for the type needed) and use this with the specified mechanism to sign/authenticate.

v3.5.20

Compatible with Javascript SDK v3.5.4

This version and previous versions contains a bug where windows TCP reservation has a race condition between Connectors of different clients which are installed on the same system.

If this occurs you need to restart 1 of the connectors. via the t1c-launch(.exe), with the command t1c-launch(.exe) --env {{environment}} --restart

Bug

  • Trust1Connector API must accept a JSON body limit of 2MB

  • Fix registry to start directly after dissapearing on shared environment

Story

  • As a Integrator I would like to use a central registry hosted on the DS

Some use-cases require JSON payloads which are quite substantial. That is why we increased the maximum payload size to 2MB. This value can be changed to maximum 50MB if a client has a use-case for it.

When the user where the registry is running on logs out or shuts down its system it will also stop the registry. In the Trust1Connector there is a gossip mechanism so that a new registry starts.

In this version this has been improved so that the registry will now start on a new user almost instantly, preventing any downtime.

Up until now we only had the ability to have a local registry. Altough this is a perfect for almost all use-cases we have some use-cases where having a central registry is needed.

This means that the DS will take on most of the tasks of the local registry.

v3.5.19

Compatible with Javascript SDK v3.5.4

This version and previous versions contains a bug where windows TCP reservation has a race condition between Connectors of different clients which are installed on the same system.

If this occurs you need to restart 1 of the connectors. via the t1c-launch(.exe), with the command t1c-launch(.exe) --env {{environment}} --restart

Overview

Bug

  • Macos, add uninstall shell script again to the installation

  • Latest Certigna middleware is not detected

Improvement

  • New custom PKCS11 implementation

    • Low level Attribute mapping

    • Exposing all available token flags

    • Update to function handler to override PKCS11 config

    • Additional error handeling for PKCS11

  • [interface impact] PKCS11 Response object for TokenInfo has been updated to be able to hold all flags

The latest Certigna middleware gave the error middleware not detected even when it was installed. This was because of a change in the Certigna middleware. This issue was the precursor to do a complete custom PKCS11 implementation which is explained below.

We've added the uninstall shell script again uninstall.sh in 3.5.18 this was replaced by the .app variant. We've decided to put this back because in certain environments where the MacOS devices are managed by administrators the shell script made it easy to script certain flows.

In this release we have created a custom PKCS11 implementation (CFR issue with Certigna). This implementation is a more robust and faster implementation than the previous one.

The PKCS11 interface has some new error codes and a new response object for TokenInfo. The updated TokenInfo will not work with the generic interface in this release but will be solved in the following one.

The error codes that have been added are;

The final error codes (PKCS11InitException and PKCS11ReaderException) are wrong and will be fixed in the following release

206047

PinChangeNeeded

(user) Pin needs to be updated

206046

PinBlockedError

(user) Pin is blocked

208071

InvalidPin1RetriesRemaining

Only 1 (user) pin try remains

206047

InvalidPinError

(user) Pin was wrong

800101

PKCS11InitException

Could not initialise the PKCS11 library

800101

PKCS11ReaderException

Could not correctly read the reader (PKCS11)

v3.5.18

Compatible with Javascript SDK v3.5.4

This version and previous versions contains a bug where windows TCP reservation has a race condition between Connectors of different clients which are installed on the same system.

If this occurs you need to restart 1 of the connectors. via the t1c-launch(.exe), with the command t1c-launch(.exe) --env {{environment}} --restart

Improvement

  • As a user, I want an easier way to uninstall T1C on Mac

v3.5.17

Compatible with Javascript SDK v3.5.4

This version and previous versions contains a bug where windows TCP reservation has a race condition between Connectors of different clients which are installed on the same system.

If this occurs you need to restart 1 of the connectors. via the t1c-launch(.exe), with the command t1c-launch(.exe) --env {{environment}} --restart

Improvement

  • Add proxy functionallity with basic auth to DS client in T1C-api

v3.5.16

Compatible with Javascript SDK v3.5.4

Bug

  • Pinpad security context error when trying to sign with beid v1.8

v3.5.15

Compatible with Javascript SDK v3.5.4

Improvement

  • Consent flow, check if /info endpoint user matches the request user, if not new consent is needed, if present, ok

v3.5.14

Compatible with Javascript SDK v3.5.4

Bug

  • Registry validate endpoint does not update the agent values

  • When the t1c.zip file is corrupt/not a zip the Trust1Connector gets into a restart launch

Story

  • As a System I want to have log rotation

  • As a User I would like to have an universal installer for MacOS

  • As a Trust1Connector I want to make sure the Digests of my binaries are verified

  • As a System I would like to prevent CSRF attacks

  • As a System I would like to synchronise my transactions with the Distribution Service

  • As the Trust1Connector I want to validate the JWT token provided

  • Trust1Connector should be able to provide organization context when not requiring application tokens

v3.5.13

Compatible with Javascript SDK v3.5.3

Bug

  • Cors list with domains including port numbers fail

Story

  • As a DS admin I can update the DS cycle time to a value in seconds

  • MacOS pin popup not focused

  • Migration to Rust Luxtrust

v3.5.12

Compatible with Javascript SDK v3.5.3

Story

  • Enable the possibility to launch in sillent and non-silent mode on windows

Bug

  • Trust1Connector tries to catch up for the cycles it could not complete when coming back from sleep for a prolongued time

  • Trust1Connector API disappears/stops after a couple of seconds without any crash information

v3.5.11

Compatible with Javascript SDK v3.5.3

Story

  • Launcher have the capability to run in silent and non-silent mode

  • When updating it should clean-up the old versions files which are not needed anymore

  • Configure workers through CLI for actix web server

  • Launcher log its process logging to a log file

  • As a System I would like to log the panic output to a log-file

  • Implement NTLM compatibility

  • As the Trust1Connector I need to have my current time information exposed on the system/info endpoint

Task

  • Launcher have a dynamic process and launchd configuration based on a per client configuration object

  • Add the option to enable the cURL functionality in the launcher configuration

  • Remove the need of a nightly build to enable quote interpolation in the launcher

v3.5.10

Requires upgrade of JS SDK to v3.5.3

Improvement

  • Consent flow, check if /info endpoint user matches the request user, if not new consent is needed, if present, ok

Story

  • Support Citrix multi-host session management for consent flow

v3.5.9

Compatible with JavaScript v3.5.1

Bug

  • Quovadis token does not work with the Safenet Library

  • Remove the use of TaskList in the launcher

  • LuxID card not working in Windows

v3.5.8

Compatible with JavaScript v3.5.1

Bug

  • Cors list should always completely represent what is defined in the DS

  • Macos CORS sync towards registry is not immediate

  • Pin values cause validation to trigger when the encrypted value becomes to big

Improvement

  • input validation on all endpoints of API and REG

Story

  • Parameterize the range of free ports to run on

  • As a user I would like to have the possibility to receive a notification for a new version

v3.5.7

Compatible with JavaScript v3.5.1

Bug

  • Dialogs on OSX should have binary names with ENV prefix/suffix

Story

  • As a Mac user I would like to have a launcher to better manage the Trust1Connector

  • As the Trust1Connector I want my SSL certificate to be updated automatically when it has been updated in the DS

v3.5.6

Component

Version

JavaScript

v3.5.0

Bug

  • Eherkenning middleware does not work properly with M1 hardware

  • Launcher should only stop component in its own user-context

v3.5.5

Component

Version

JavaScript

v3.5.0

Story

  • Support for Airbus token

  • Support for safenet token

  • Support for Eherkenning token

v3.5.4

Component

Version

JavaScript

v3.5.0

Bug

  • File-exchange when folder does not exist the open dialog crashes

Story

  • Migration to Rust Wacom

v3.5.3

Component

Version

JavaScript

v3.5.0

Bug

  • Fix for Wacom App::data() Mutex issue

  • Update Error handling to reflect prior version of T1C (and map new once to existing error codes for ease of integration)

Improvement

  • Added x-xsrf-token to CORS headers

v3.5.2

Component

Version

JavaScript

v3.5.0

Bug

  • Registry and API Cors syncing does not happen in the first cycle when registration towards DS is done

  • Pin dialog does not give focus to the input field in Windows

  • Cors rules do not take into account the protocol

  • Pin dialog does not display on MacOS

  • Prepare registry cert does not find the certficates and tries to copy but fails

Story

  • Provide launcher executable to start and manage the Trust1Connector

  • Add dialog timeout to CLI (for both win and mac)

v3.5.1

Component

Version

JavaScript

v3.5.0-RC7

Bug

  • Application launcher does not check current installed files and folders properly

v3.5.0

Component

Version

JavaScript

v3.5.0-RC7

Bug

  • DS public key should not be needed when no DS config is present

  • Unavailable DS makes the Trust1Connector crash

  • CMD.exe /c SET is executed by the sandbox with no apparent use-case

  • Device key rotation also needs to update the ds-txs.json

  • Trust1Connector with DS capabilities uses current dir as rootfolder

  • File exchange download create folders write authorization error

  • File exchange List Type Content response object is not complete

  • File exchange dialog and network timeout need to follow the parameter or default

  • update-type and cancel the browse windows does not return data in the response

  • File exchange Update Type does not show correct the entity folder in the dialog

  • File exchange List type response object is not correct

  • File exchange create type shows dialog when path doesnt exist and modal is false

  • As a packager I want to provide a specific port for the Registry

  • API and Registry info endpoint do not return all properties

  • T1C API uses the readers as an info endpoint

  • MacOS limited the access towards files for services

  • Sending unknown filters makes the API crash

  • rename query param for all_data and all_certs to filter

  • Standalone mode should not trigger prepare_registry_cert

  • MacOS logger does not work when the binary is packaged

  • Airbus selects wrong Non-Repudiation cert

  • MacOS installer sometimes asks for administrative password

Improvement

  • RUST support Jcop card

  • Device key rotation

  • Bulk reset MUST be a GET as it does not contain any body

Story

  • As a Integrator I want all dialogs to have an optional timeout property

  • As a user, I want to be able to use/have a DS for the v3

  • Migrate to Rust Jcop

  • Migration to Rust Luxid

  • Migration to Rust Crelan

  • Migration to Rust Chambersign

  • Migration to Rust Certinomis

  • Migration to Rust Certigna

  • Migration to Rust airbus

  • Add timeout and file parameter for MacOS dialogs

  • Encapsulate MacOS package in an administrative package which always automatically installs in the correct context

  • As a Packager I would like to run the Trust1Connector via an executable

  • Safenet rustification

  • eHerkenning rustification

  • Use the exe filename instead of env! cargo name

  • Refactor usize/isize for win/osx

  • Implement Relo rust module

  • Implement EMV rust module

  • Implement new architecture for shared environment, multi session host, single installation, ...

  • Expose CORS config, to be configurable upon runtime (not compile time)

  • Rust - File Exchange

  • Improve the startup of the T1C with the sandbox

V3.5.0-rc020

Component

Version

JavaScript

v3.5.0-RC7

Bug

  • Not starting due to DS cert loaded, when DS is not needed (upon startup ds client)

  • DS public key should not be needed when no DS config is present

Story

  • Add anti caching headers on the response to avoid http caching on the client

  • Update the license terms for Signid Release

V3.5.0-rc019

Component

Version

JavaScript

v3.5.0-RC6

Bug

  • Unavailable DS makes the Trust1Connector crash

  • Device key rotation also needs to update the ds-txs.json

  • Trust1Connector with DS capabilities uses current dir as rootfolder

V3.5.0-rc018

Component

Version

JavaScript

v3.5.0-RC6

Bug

  • Cors control of Trust1Connector API and Registry does not allow the CSRF header

V3.5.0-rc017

Component

Version

JavaScript

v3.5.0-RC6

Story

  • As a user, I want to be able to use/have a DS for the v3

  • Expose CORS config, to be configurable upon runtime (not compile time)

V3.5.0-rc016

Component

Version

JavaScript

v3.5.0-RC6

Bug

  • File exchange download fails to move the temporary file to its final location

V3.5.0-rc015

Component

Version

JavaScript

v3.5.0-RC6

Bug

  • File exchange download create folders write authorization error

V3.5.0-rc014

Component

Version

JavaScript

v3.5.0-RC5

Bug

  • File exchange List Type Content response object is not complete

  • File exchange dialog and network timeout need to follow the parameter or default

  • update-type and cancel the browse windows does not return data in the response

  • File exchange Update Type does not show correct the entity folder in the dialog

  • File exchange List type response object is not correct

  • File exchange create type shows dialog when path doesnt exist and modal is false

  • API and Registry info endpoint do not return all properties

Story

  • As a Integrator I want all dialogs to have an optional timeout property

V3.5.0-rc013

Component

Version

JavaScript

v3.5.0-RC2

Bug

  • As a packager I want to provide a specific port for the Registry

  • T1C API uses the readers as an info endpoint

V3.5.0-rc012

Component

Version

JavaScript

v3.5.0-RC2

Bug

  • Airbus selects wrong Non-Repudiation cert

Story

  • Migrate to Rust Jcop

  • Migration to Rust Luxid

  • Migration to Rust Crelan

  • Migration to Rust Chambersign

  • Migration to Rust Certinomis

  • Migration to Rust Certigna

  • Migration to Rust airbus

  • Safenet rustification

  • eHerkenning rustification

V3.5.0-RC10

Component

Version

JavaScript

v3.5.0-RC1

Bug

  • Trust1Connector API must be able to log when packaged

  • MacOS installer sometimes asks for administrative password

  • MacOS limited the access towards files for services

Story

  • Encapsulate MacOS package in an administrative package which always automatically installs in the correct context

  • As a Packager I would like to run the Trust1Connector via an executable

  • Use the exe filename instead of env! cargo name

  • Refactor usize/isize for win/osx

  • Rust - File Exchange

The folder restriction from Apple regarding user sensitive folders such as

  • Documents,

  • Desktop,

  • ...

has been fixed in this version. More information regarding this restriction can be found in their release notes here under the section Launch Daemons and Agents

V3.5.0-RC9

Component

Version

JavaScript

v3.5.0-RC1

Bug

  • Spaces in path caused invalid CLI arguments

  • Sandbox log path caused crashes

V3.5.0-RC8

Component

Version

JavaScript

v3.5.0-RC1

Bug

  • T1C-sandbox does not automatically restart after crash

V3.5.0-RC7

Component

Version

JavaScript

v3.5.0-RC1

Bug

  • Sending unknown filters makes the API crash

  • rename query param for all_data and all_certs to filter

V3.5.0-RC6

Component

Version

JavaScript

v3.5.0-RC1

Bug

  • MacOS T1C api does not register towards the registry when installed via the packaging

  • Standalone mode should not trigger prepare_registry_cert

V3.5.0-RC5

Component

Version

JavaScript

v3.5.0-RC1

Bug

  • MacOS logger does not work when the binary is packaged

Improvement

  • RUST support Jcop card

  • Device key rotation

  • Bulk reset MUST be a GET as it does not contain any body

Story

  • Implement EMV rust module

  • Implement new architecture for shared environment, multi session host, single installation, ...

Last updated