Copyright

Copyright © 2019 Balasys IT Ltd.. All rights reserved. This document is protected by copyright and is distributed under licenses restricting its use, copying, distribution, and decompilation. No part of this document may be reproduced in any form by any means without prior written authorization of Balasys.

This documentation and the product it describes are considered protected by copyright according to the applicable laws.

This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.openssl.org/). This product includes cryptographic software written by Eric Young (eay@cryptsoft.com)

Linux™ is a registered trademark of Linus Torvalds.

Windows™ 10 is registered trademarks of Microsoft Corporation.

The Balasys™ name and the Balasys™ logo are registered trademarks of Balasys IT Ltd.

The Zorp™ name and the Zorp™ logo are registered trademarks of Balasys IT Ltd.

The Proxedo™ name and the Proxedo™ logo are registered trademarks of Balasys IT Ltd.

AMD Ryzen™ and AMD EPYC™ are registered trademarks of Advanced Micro Devices, Inc.

Intel® Core™ and Intel® Xeon™ are trademarks of Intel Corporation or its subsidiaries in the U.S. and/or other countries.

All other product names mentioned herein are the trademarks of their respective owners.

DISCLAIMER

Balasys is not responsible for any third-party websites mentioned in this document. Balasys does not endorse and is not responsible or liable for any content, advertising, products, or other material on or available from such sites or resources. Balasys will not be responsible or liable for any damage or loss caused or alleged to be caused by or in connection with use of or reliance on any such content, goods, or services that are available on or through any such sites or resources.

2023-02-03 .Copyright

The following new features, bug fixes and improvements have been completed for Release 4.3.0 Proxedo API Security.

Features

  • CA File bricks are now validated
    The contents of CA File bricks are now validated to be flat ZIP files, that only contain PEM formatted CA certificate and CRL (Certificate Revocation List) files, and possibly their hashed counterparts.

  • Hashed files are now automatically generated for CA File bricks
    CA certificate and CRL files require hashed versions of themselves to be present in the same File brick. These hashed files are now automatically added to the uploaded ZIP file, if not present.

  • Certificates File bricks are now validated
    The contents of Certificates File bricks are now validated to be flat ZIP files, that only contain PEM formatted certificate files with IP numbers as names.

  • Harden Additional Properties Defaults option for OpenAPI 3.0 Enforcer plugins
    A new field, Harden Additional Properties Defaults has been added to the OpenAPI 3.0 Enforcer plugins. According to the OpenAPI 3.0 specification, any additional values in the message body not specified by the schema still count as valid, unless an additionalProperties field with the False value is added to certain parts of the schema. By setting the Harden Additional Properties Defaults field to True, the Enforcer will parse messages as if this additionalProperties would be set to False everywhere unless it is set explicitly by the schema, and make OpenAPI 3.0 processing stricter without changing the schema.

Bug Fixes

  • Superfluous field in URI Query Selector brick configuration
    There was a required Query Param field present in the configuration of the URI Query Selector brick, that was not in use. The field has been removed.

  • Storage restart success depended on restart order in multi node setup
    In a multi node setup, it was important which storage instance was restarted first. If this order was not kept, storage remained dysfunctional. Now storage can be restarted in any order of management and core, but now it is also necessary to define join hosts for consul on the management node.

  • Miscellaneous fixes

    • The configuration API returned HTTP 500 when operations referred to non-existent component types. This has been corrected.

    • It was possible to set an administrator password during installation that did not conform to the requirements, depending on the values of the LC_* environment variables. Now it must conform the requirements in the C.UTF-8 context.

    • After installation, the core component waits for a valid running configuration before starting. This behaviour was intentional and documented, but now a notification is visible at the end of the core component installation that warns about this.

    • Sometimes an error message was visible about certificate generation while the pas-mgmt-checkconfig command was running. This had no effect on the end result, and has been corrected.

    • Required fields were marked differently in docker-compose.conf files and config.yml files. This has been unified, now required fields are marked with FILL.

    • LDAP configuration examples in the Administrator Guide have been corrected.

    • The help message of the pas-*-login commands have been corrected.

    • Various typos and display name issues have been corrected.

Improvements

  • Key input search on dropdown lists
    Dropdown lists can now be searched and filtered by typing parts of the desired input.

  • Configuration Apply status window
    Visual enhancements to the Configuration Apply operation status and service status details.

  • Naming corrections
    Two fields on the Log service have been renamed: Log level to Verbosity, and Log specification to Message Filter Expression.

  • Clean containers
    PAS will ensure that containers are always clean on startup, which means that manual changes to the containers will not persist after a restart.