New Release: 1.192.0

Bug fixes:

• Fixed a bug that prevented details view for signing requests submitted from a Trusted Build System without origin information.

• Fixed a certificate import issue for PFX files generated by OpenSSL.

New Release: 3.2.0

Improvements:

• Improved the performance and logging.

New Release: 0.4.0

Bug fixes:

• Fixed a bug that prevented the use of API tokens of interactive users.

New Release: 1.7.0

Bug fixes:

• Fixed a bug that prevented the use of API tokens of interactive users.

New Release: 0.4.0

Bug fixes:

• Fixed a bug that prevented the use of API tokens of interactive users.

New Release: 0.2.0

Improvements:

• Improved performance and logging.

New Release: 1.191.0

New features:

• REST API: New signing request submission APIs, which allow to separate metadata submission from artifact upload:

  • POST /v1/{organizationId}/SigningRequests/SubmitWithoutArtifact creates a signing request in a “waiting for artifact upload” status.
  • POST /v1/{organizationId}/SigningRequests/{id}/UploadUnsignedArtifact (afterwards) uploads the artifact.
  • For details see API definition of the new routes.

• Added subject and author <msi-file> metadata restrictions.

New Release: 1.191.0

Improvements:

• Improved performance for the signing policy-filtered signing request list as well as the “waiting for your approval” list on the dashboard UI.

New Release: 1.6.0

Bug fixes:

• Fixed a bug that considered skipped GitHub jobs as violations of the allowed runner groups policy.

New Release: 5.3.0

Improvements:

• Cryptoki/PKCS#11: project and signing policy can now be specified via environment variables or config file.

  • GPG: this removes the need to provide a dedicated CI user for each signing policy. GPG signing samples now use these parameters.
  • GPG: the InitializeSignPathCryptoProviderGpgSigning helper function now fully configures GPG; no more need to run ImportSignPathGpgPublicKey.
  • Configuration: see Crypto Provider configuration.

• Improved the default logging locations for GPG signing, see GPG docs.

New Release: 1.190.1

New features:

• Added a dedicated Verifications panel on the signing request page to provide a comprehensive overview of all the checks that were performed by SignPath.

New Release: 1.190.1

Breaking changes:

• signpath-application chart: moved smtpServerOptions section from appSecrets/appSettings.notificationsProcessorService to appSecrets/appSettings.shared.

Improvements:

• Improved general database query performance when using multiple organizations with uneven signing request data distribution.

Bug fixes:

• Fixed Fortanix HSM SignService connections to Fortanix DSM clusters with in-house PKI TLS certificates.

New Release: 1.189.0

Improvements:

• Changed the GET /v1/{organizationId}/SigningRequests/{id} REST API to always return a signedArtifactLink. Note that the returned URL will respond with status 400 while the signing request is being processed.

Bug fixes:

• Fixed processing errors for specific MSI files when performing deep signing.

• Fixed that “Resubmit with current settings” button was visible for users without submission privileges (which later led to an “not allowed” error message).

• Fixed error handling of invalid input of POST /v1/{organizationId}/TrustedBuildSystems/AddCustom REST API (now the correct status code 400 instead of 500 is returned).

New Release: 1.189.0

Upgrade information:

• Additional migration steps happen in final application migration phase. Expect longer downtime than usual (exact downtime depends on number of total signing requests and database performance; contact support for details).

Breaking changes:

• signpath-application chart: renamed appSecrets.setupDb.connectionStrings.reportModelDatabaseDdl to signingRequestDatabaseDdl and appSecrets.shared.connectionStrings.reportModelDatabase to signingRequestDatabase. Note: only the values’ paths have changed; keep the values as they are.

New Release: 3.1.0

Improvements:

• Added support for subscriptions without the origin verification feature.’

New Release: 1.5.0

Improvements:

• Improved the matching algorithm of users during the initial synchronization

Bug fixes:

• Fixed a potential inconsistent state bug for group synchronization (not relevant for supported scenarios).

New Release: 0.2.0

Improvements:

• Processing now aborts immediately when client aborts HTTP connection.

New Release: 1.4.0

Improvements:

• Processing now aborts immediately when client aborts HTTP connection.

Bug fixes:

• Fixed incorrect group name evaluation for GitHub runners due to unannounced GitHub API change.

New Release: 0.2.0

Improvements:

• Processing now aborts immediately when client aborts HTTP connection.

New Release: 0.1.1

Bug fixes:

• Fixed a bug where the root cause of certain error cases was not properly displayed.

New Release: 1.188.0

Improvements:

• Support user-defined parameters for hash-algorithm attribute of <create-raw-signature>.

Changes:

• Removed the “user feedback” button (rationale: was mainly used for support requests).

New Release: 1.188.0

Breaking changes:

• Changed recommended Kubernetes version to 1.31 and signpathio/kubectl image tag to 1.31.

New Release: 1.187.0

Improvements:

• Certificate chains are now always embedded in Authenticode, ClickOnce, CMS and XML signatures. (Previously only chains from public CAs were embedeed.)

• Improved the user experience by removing unused Trusted Build System Link details.

• Email notifications for accepted invitations now state whether a SSO or personal user account was used.

Bug fixes:

• Changes of the purpose property of certificates and signing policies are now included in the history view.

• Proper error messages are now displayed when invalid certificate files are uploaded.

• The following REST APIs now return the correct error codes when no artifact is available:

  • GET /SigningRequests/{signingRequestId}/UnsignedArtifact
  • GET /SigningRequests/{signingRequestId}/SignedArtifact

New Release: 1.187.0

Upgrade information:

• Minimum required version to upgrade from is 1.140. In case you have an older version, you first need to upgrade to a previous version (e.g. 1.186, contact support). [Updated 2025-05-19]

Improvements:

• All configuration settings of each container instance are now dumped into a file at startup for easier troubleshooting (except secrets).

New Release: 1.2

Improvements:

• The output-artifact-directory path now also supports absolute paths.

New Release: 1.186.1

New features:

• X.509 certificate chains:

  • Certificates are now displayed with their full chain of issuers (root and intermediate certificates). This works automatically for certificate chains from public Certificate Authorities and if the chain was uploaded.
  • The GET /v1/{organizationId}/Certificates/{slug} REST API contains a new x509CertificateChain property (contains the available full chain).

Improvements:

• PFX import now also supports uploading X.509 certificate chains.

• REST API additions:

  • New POST /v1/{organizationId}/Projects/{projectSlug}/ArtifactConfigurations/{artifactConfigurationSlug}/EditXml route.
  • New GET /v1/Meta/SystemInfo route to retrieve the application version and UI base URL.

Bug fixes:

• Fixed caching issue that prevented project configurators from editing recently created artifact configurations.

New Release: 1.3.2

Bug fixes:

• Fixed a bug in branch ruleset policy evaluation (potential skipping of rules; evaluation of system logs confirmed that this codepath was not executed in production)

New Release: 0.1.0

New features:

• Initial release: TeamCity Plugin is now supported as a Trusted Build System.

New Release: 0.1.0

New features:

• Initial release: TeamCity Plugin is now supported as a Trusted Build System.

New Release: 4.0.1

New features:

• Azure DevOps (dev.azure.com) is now supported as a Trusted Build System (In Preview).

New Release: 1.185.0

Improvements:

• Personal API tokens of interactive users can now be used in combination with trusted build systems/origin verification.

• Performance improvement for group membership changes (especially for groups with frequent changes).

New Release: 1.185.0

Breaking changes:

• Custom notification email styling: changed _MailLayout.cshtml. In case you have overridden the template, compare your customized file with the Helm chart’s version. [Updated 2025-06-03]

New Release: 1.184.0

New features:

• Certificate chains are now automatically resolved. See the documentation.

Improvements:

• Uploaded X.509 certificate chains are now embedded in the signature when using the <authenticode-sign> directive.

New Release: 1.3.1

Improvements:

• Performance improvements.

New Release: 1.183.0

New features:

• Added support for storing and retrieving X.509 certificate chains (for e.g. certificates issued by in-house PKIs).

• Added support for file-version, company-name, copyright, and original-filename to <pe-file> metadata restrictions.

Improvements:

• The rsa-padding attribute in create-cms-signature or create-raw-signature doesn’t lead to validation errors when signing with an ECDSA certificate (it will be just ignored).

New Release: 1.183.0

Bug fixes:

• Fixed a memory leak in SignService with enabled HSM watchdog.

New Release: 1.182.0

New features:

• ECDSA keys can now be created on custom HSMs with the “Exportable” flag turned on, which allows those keys to be synchronized to a self-hosted backup HSM.

Improvements:

• Certificate signing requests (CSRs) and self-signed X.509 certificates now set the key usage Code Signing as critical to align with the CA/Browser forum requirements.

• Improved performance when dealing with large user groups or many artifact configurations.

Bug fixes:

• Fixed a bug that did not allow saving artifact configurations containing detached signature (Raw, CMS or GPG) directives within <file-set> elements.

New Release: 1.182.0

Improvements:

• Reduced image size of the signpathio/signservice-lunahsm container image and startup time of the SignService migration jobs.

New Release: 1.2.0

Improvements:

• The SignPath GitHub App is only required if source code and build policy verification is used.

Bug fixes:

• Fixed bug for workflow runs with skipped jobs.

New Release: 3.0.1

Breaking changes:

• The SignPath Api URL must now be configured globally in the Jenkins system settings. The parameter in the Pipeline step has been marked as deprecated. (It is ignored if it matches the global setting.)

  This fix removes a risk of introducing insecure configurations through individual Jenkins projects. All potentially affected customers have previously been informed.

New features:

• A default Trusted Build System Token Credential ID and a default Organization ID can now be configured globally in the Jenkins system settings.

New Release: 5.2.0

Improvements:

• Improved Linux container samples:

  • Ported all scenario scripts and helper functions to Bash.
  • Improved support for running the scenario scripts outside of a Docker container:
    • moved Organization ID and API token parameters to the “inner” scenario scripts
    • improved Cryptoki library discovery
    • various minor improvements
  • GPG-based hash signing: GPG public key file is now downloaded automatically. Therefore the -GpgKeyId parameter of the scenario scripts has been replaced with -ProjectSlug and -SigningPolicySlug.
  • Changed work directory from Samples/Scenarios/temp to Samples/Scenarios/Work and logs directory to Samples/Scenarios/Work/Logs.
  • Added detached CMS signing sample to the OpenSSL scenario.

New Release: 1.180.0

Bug fixes:

• GPG Key Creation: fixed a rounding error, which led to expiry dates which were 1 sec off and an overflow error for expiry dates later than year 2161

• Signing Request CSV Report: fixed failed report download when querying large time spans

New Release: 1.179.0

New features:

• Added support for detached GPG file signing.

• The signing request details page now displays details of detected malware including threat names and the exact file location in container files like ZIP archives.

Improvements:

• <create-raw-signature>: renamed file-name attribute to output-file-name. (file-name is still supported for backwards compatibility.)

• <create-cms-signature>: hash-algorithm attribute is now optional.

Bug fixes:

• REST API: Fixed error in signing request approve/deny APIs when providing empty request body. (Used to fail unless passing a dummy {} body.)

New Release: 1.179.0

Breaking changes:

• Changed recommended Kubernetes version to 1.30 and signpathio/kubectl image tag to 1.30.

Improvements:

• Reduced image size of the signpathio/signservice-software container image and startup time.

New Release: 1.177.2

New features:

• Added support for Cryptographic Message Syntax (CMS) signatures.

New Release: 1.1.0

New features:

• Policy checks for branch rulesets, build and build runner are supported. See the documentation.

Bug fixes:

• Fixed a bug that prevented signing requests from being submitted when the “re-run failed jobs” feature of workflows was used for workflows with multiple jobs.

• Fixed an integer overflow bug caused by large artifact IDs.

New Release: 1.177.0

New features:

• Added GPG key management:

  • GPG keys can now be created directly in the SignPath UI.
  • They can currently be used for hash signing and create-raw-signature.

Improvements:

• REST API additions and improvements regarding certificates and signing policies:

  • New route to retrieve signing policy details:
    • GET /v1/{organizationId}/Projects/{projectSlug}/SigningPolicies/{signingPolicySlug}
  • New route to retrieve certificate metadata and to directly download a X.509 certificate or GPG public key file for a signing policy:
    • GET /v1/{organizationId}/Projects/{projectSlug}/SigningPolicies/{signingPolicySlug}/Certificate
    • GET /v1/{organizationId}/Projects/{projectSlug}/SigningPolicies/{signingPolicySlug}/Certificate/X509Certificate
    • GET /v1/{organizationId}/Projects/{projectSlug}/SigningPolicies/{signingPolicySlug}/Certificate/GpgPublicKey
  • The following routes now return the X.509 certificate specific data in the x509CertificateData property instead of x509Certificate:
    • GET /v1/{organizationId}/Certificates
    • GET /v1/{organizationId}/Certificates/{slug}
    • Note that the x509Certificate property is included returned for backwards compatibility, but marked as “deprecated”.
  • For details see API definition.

• Improved error reporting for projects with manual approval enabled (not available for hash-signing) for SignPath Crypto Providers.

Bug fixes:

• Fixed a concurrency issue which potentially caused signing request processing to stop for the affected organization.

  (SaaS only)

New Release: 1.177.0

Breaking changes:

• JAR signing is now disabled by default because it requires dedicated service instances. To enable it, you need to deploy the new javasigningmethodservice component via the chartSettings.javaSigningMethodService.replicaCount value and set up authentication configuration.

Improvements:

• Improved basic authentication configuration (basicAuthenticationOptions sections):

  • Password hash and salt (server-side) have been combined into a single configuration value (passwordHash value).
  • Updated the Generate-Secret tool to generate the new format (see “Generate basic authentication passwords and hashes” in the installation guide).
  • Added an optional new previousPasswordHash value to allow zero-downtime rotation.

  This change is backwards-compatible. The legacy passwordSalt can be still used.

New Release: 5.1.0

New features:

• Added support for using GPG keys generated by SignPath certificate management:

  • It is no longer required to locally generate GPG keys based on backing X.509 certificates. You can create GPG keys directly in the SignPath UI.
  • Requires SignPath version 1.177 or higher.
  • Adapted and simplified the Linux container samples for GPG hash signing.

Improvements:

• Linux PKCS#11 CryptoProvider: Added support for Debian 12 “bookworm” and Ubuntu 24.04 distros.

New Release: 1.176.0

Improvements:

• JAR signing: Added a workaround for Java code signing using recent GlobalSign code signing certificates. (The default root certificate is not in the Java root trust list, so a special cross-signed certificate must be applied.)

• Improved display of validation errors in the user invitation UI.

New Release: 1.176.0

New features:

• Azure Blob Storage and SQL Server connections: added support for Azure Workload Identity authentication. See “Azure Workload Identity” in the installation guide for details.

Improvements:

• Reduced image size of the signpathio/signservice-setup-db container image and startup time of the SignService migration jobs.

New Release: 1.175.1

Improvements:

• Improved performance of event audit log REST API (GET /v1-pre/{organizationId}/AuditLog/Events) for organizations with high signing request volume.

• Improved error handling for invalid paths in archive files.

New Release: 1.175.1

Breaking changes:

• In the signpath-application chart, the appSettings/appSecrets.shared.fastSigningRequestProcessorServiceClientOptions configuration section has been renamed to fastSigningServiceClientOptions (value unchanged).

New Release: 1.0.1

Bug fixes:

• Fixed a bug that prevented signing of artifactsf from GitHub.com. (GitHub’s global ID values crossed the max-int threshold on Nov. 5, 2024.)

New Release: 1.174.1

Improvements:

• Improved certificate list UI: added new “type” and key store information columns, dropped “valid from” column.

New Release: 2.1.0

New features:

• Added support for user-defined parameters.

Improvements:

• The API Token Credential can now be stored either in th System or a Global (recommended) scope.

• Improved error messages.

New Release: 2.0

Breaking changes:

• Renamed the command-line parameters to align with the other client tools.

New features:

• Added support for sha1 signatures required for productsign.

• Added support for HTTP timeout and retry configuration.

Improvements:

• Improved logging and logging configuration.

Bug fixes:

• Fixed a bug that prevented multiple certificates from being loaded at once.

• Fixed a bug where the application failed when provided with an invalid configuration file.

New Release: 1.173.0

Breaking changes:

• Renamed the X.509 certificate creation/upload REST API routes:

  • POST /v1/{organizationId}/Certificates/CreateSelfSigned → CreateSelfSignedX509
  • POST /v1/{organizationId}/Certificates/CreateCsrBased → CreateCsrBasedX509
  • POST /v1/{organizationId}/Certificates/{slug}/UploadCertificate → UploadX509Certificate

  Old routes are still available but deprecated. No changes in request bodies.

• Breaking change in v1 response properties.

  Affected routes:

  • GET /v1/{organizationId}/Certificates
  • GET /v1/{organizationId}/Certificates/{slug}

  Changes:

  • Existing property type (top-level) now represents the certificate type (currently only X509).
  • Previous value of type is now in x509Certificate.creationMethod (SelfSigned, Csr, PfxImport, ImportedWithExistingKeyPair).

  (Rationale: we expect no external dependencies on the current value of type.)

New features:

• ECDSA hash signing: added support for signature block format “RFC 3279 ASN.1 sequence”. See artifact format for signing hash digests.

Improvements:

• Signing request details page now shows HTTP response status code for failed artifact retrievals.

Bug fixes:

• Fixed broken base URL in Swagger UI (affected version 1.172).

New Release: 1.172.0

Improvements:

• Added origin information to the signing request list (verified origin or trusted build system name).

• Improved quota display on the organization page.

  (SaaS only)

• Artifact configuration visualization: multiple signing directives now displayed separately.

• Signing request processing history now displayed indefinitely (was not displayed for “archived” signing requests, i.e. 31 days after completion in SaaS).

Bug fixes:

• Fixed disabled “Resubmit with current settings” button for archived signing requests (completion older than 31 days).

• Fixed interactive user invitation flow for newly registered users.

  (SaaS only)

New Release: 1.172.0

Breaking changes:

• Changed recommended Kubernetes version to 1.29 and signpathio/kubectl image tag to 1.29.

Improvements:

• Graceful container shutdown: termination of Pods is now delayed (default of 30 secs). This allows for request drain-out and safe shutdown (e.g. flushing Application Insights data).

New Release: 1.171.0

Bug fixes:

• Fixed missing response models and response status codes in the API definition for the following REST API routes:

  • /v1/{organizationId}/CIUsers/{id}/RegenerateApiToken
  • /v1/{organizationId}/InteractiveUsers/{id}/RegenerateApiToken
  • /v1/{organizationId}/TrustedBuildSystems/{slug}/RegenerateTrustedBuildSystemToken
  • /v1/{organizationId}/SigningRequests/Resubmit (only status code was wrong)

New Release: 1.171.0

Bug fixes:

• All signpath-application Pods now correctly report application_Version to Application Insights (if enabled).

New Release: 1.0

New features:

• Initial release: GitHub.com is now available as a Trusted Build System.

New Release: 1.170.2

New features:

• All v1-pre REST API routes except audit log routes are now available as JSON APIs in v1.

  Changes in v1:

  • Changed from PATCH to POST:
    • /v1/{organizationId}/InteractiveUsers/{id}/Edit
    • /v1/{organizationId}/InteractiveUsers/{id}/SetDirectorySynchronized
    • /v1/{organizationId}/CIUsers/{id}/Edit
    • /v1/{organizationId}/UserGroups/{id}/Edit
    • /v1/{organizationId}/UserGroups/{id}/SetDirectorySynchronized
    • /v1/{organizationId}/Certificates/{slug}/Edit
    • /v1/{organizationId}/Projects/{slug}/Edit
    • /v1/{organizationId}/Projects/{projectSlug}/ArtifactConfigurations/{artifactConfigurationSlug}/Edit
    • /v1/{organizationId}/Projects/{projectSlug}/SigningPolicies/{signingPolicySlug}/Edit
    • /v1/{organizationId}/TrustedBuildSystems/{slug}/Edit
  • url response properties have been renamed to link:
    • GET /v1/{organizationId}/InteractiveUsers
    • GET /v1/{organizationId}/CIUsers
    • GET /v1/{organizationId}/UserGroups
    • GET /v1/{organizationId}/Projects/{slug} (artifactConfigurationXmlUrl and certificateUrl)
  • These remaining routes support JSON request bodies now:
    • POST /v1/{organizationId}/Projects
    • POST /v1/{organizationId}/Projects/{projectSlug}/ArtifactConfigurations
  • The name, slug and description properties are now in the request or response root object.
    • The "metadata" object has been dropped in all JSON requests and responses.
    • The metadata. prefix has been dropped in all multipart/form-data requests.

  See the API definition for more details.

  The v1-pre routes are unchanged but deprecated. They are no longer included in the API definition and will be removed in a future version.

  Note that these routes still use multipart/form-data:

  • POST /v1/{organizationId}/Certificates/{slug}/UploadCertificate
  • POST /v1/{organizationId}/SigningRequests
  • POST /v1/{organizationId}/SigningRequests/SubmitWithArtifactRetrievalLink

  For all other v1 APIs, multipart/form-data is no longer available.

• Authenticode signing now supports the following optional attributes:

  • description and description-url
  • hash-algorithm

Bug fixes:

• Fixed failed JAR signing operations for JAR files with >20,000 items.

• Fixed error during rendering of old failed signing requests with specific errors (e.g. artifact retrieval).

• Added missing response body definition for GET /v1/{organizationId}/Projects/{projectSlug}/TrustedBuildSystemLink in the API definition.

New Release: 1.170.2

Improvements:

• Improve error reporting for authentication errors in Operator Client.

Bug fixes:

• Fixed missing error detection in pairing restore startup script in HSM SignService.

New Release: 1.169.0

Improvements:

• Added support for JSON request bodies in the REST API.

  • Supported in all API routes except those with file inputs, like signing request submission or certificate upload.
  • Backwards-compatible: Content type multipart/form-data is still accepted in all changed APIs (but not exposed to the API definition).
  • See the API definition for more details.

New Release: 1.169.0

Breaking changes:

• Internal SignService API breaking change: when upgrading from a version below 1.165, follow the SignService breaking changes steps in the installation guide, section “Version compatibility”.

  Details: All file-based signing operations have been removed from the SignService API. Since version 1.165, all file-based signing operations have been executed by signing-processor-service.

New Release: 5.0.11

Improvements:

• Improved warning and error logging for HTTP call errors: log message now includes details about the error incl. HTTP status and response body if available.

Bug fixes:

• Fixed unnecessary retries for non-recoverable errors like authentication errors or invalid artifact configurations (anything but hash-signing) in the SignPath project.

New Release: 1.168.1

New features:

• Added support for appending Authenticode signatures.

Improvements:

• Improved approval notification emails: added project, signing policy and artifact file name to email body.

Bug fixes:

• Fixed a display error if browser’s language is configured to Chinese (zh-CHS).

New Release: 1.168.1

Improvements:

• Auto-restart detection mechanism extended to include a specific Luna Client startup error in signpath-signservice-lunahsm.

New Release: 1.167.3

Improvements:

• Added to organization page the number of “applied individual signatures” of the current month.

  (SaaS only)

New Release: 1.167.3

Improvements:

• Reduced memory overhead in all Pods deployed by the signpath-signservice-<type> charts by switching the entry point from PowerShell to CMD.

New Release: 4.4.1

Improvements:

• Signing requests are new automatically cancelled after WaitForCompletionTimeoutInSeconds. This can be overridden with the new -CancellationTimeoutInSeconds parameter.

New Release: 1.166.2

Improvements:

• Added an optional cancellationTimeoutInSeconds parameter to the signing request submission REST APIs to automatically cancel signing requests after the provided timeout.

New Release: 1.166.2

Improvements:

• Reduced memory overhead in all Pods deployed by the signpath-application chart by switching the entry point from PowerShell to CMD.

New Release: 5.0.7

Breaking changes:

• Changed default logging behavior:

  • File logging (with info level) is now enabled by default
    • The target directory on Windows is %TEMP%\SignPathLogs, on Linux /tmp/SignPathLogs.
    • Use SIGNPATH_LOG_CONSOLE_LEVEL=none to opt-out from file logging.
  • Console logging (if enabled) now logs to stderr instead of stdout by default.
    • Use the new SIGNPATH_LOG_CONSOLE_OUTPUT_STREAM configuration to switch back to stdout.
  • See Crypto Provider configuration for details.

New features:

• The Windows Crypto Providers (incl. KSP, CSP and Cryptoki library) now are delivered with a Windows MSI installer.

  • See install/uninstall docs. This also includes unattended installation options.
  • To upgrade from a previous manual installation/registration or from an InstallCspKsp.ps1 installation:
    • Install using the new MSI
    • In case you used a SIGNPATH_CONFIG_FILE JSON file: copy its content to %ProgramFiles%\SignPath\CryptoProviders\CryptoProvidersConfig.json
    • Delete the old installation target directory (including the old configuration file)

Improvements:

• Linux container samples improvements:

  • Added a Bash port for the entry point script (run_scenario.sh) next to the existing PowerShell version (RunScenario.ps1).
  • The GenerateGpgKey scenario now allows to specify all key parameters like full name, email or expiration directly to the entry point script.
  • The GPG scenarios (e.g. SignRpm) now allow to specify the key’s ID (email) directly to the entry point script.

• The CryptoProvider package now includes SBOM files.

Bug fixes:

• Linux container samples: fixed incompatibility with recent RedHat 8 and 9 repository changes concerning openssl and gnupg-pkcs11-scd.

New Release: 1.165.2

Improvements:

• Allow import of certificates that exceed RFC length limits in Distinguished Name components such as Common Name. Applies to Certificate Signing Request (CSR) certificate upload and PFX import.

• Improve error reporting for PFX files with missing common name field in the contained certificate.

Bug fixes:

• Fixed error handling for invalid ClickOnce files with missing “deployment manifest” files.

New Release: 1.164.3

New features:

• Added ECDSA certificate support for Authenticode.

Bug fixes:

• Fixed minor UI glitch for edit signing policy (approval deactivated when removing all approvers).

New Release: 1.164.3

Breaking changes:

• Changed the recommended Kubernetes version to 1.28 and the signpathio/kubectl image tag to 1.28.

Improvements:

• Reduced the compressed signing-processor-service image size by 350 MB.

Bug fixes:

• Fixed false-positive exceptions for hash/fast signing operations when the client aborts the HTTP call.

• Fixed failing hash/fast signing operations when malware scanning is disabled in the corresponding signing policy.

• Fixed issue which can cause occasional failing signing requests under very high load. (Introduced in 1.154)

New Release: 1.163.0

New features:

• Authenticode files can now be signature validated with the new <authenticode-verify /> artifact configuration directive. Use to ensure that third-party components are properly signed in deep signing configurations.

• Office macro signing now supports ECDSA certificates.

Improvements:

• Improved error reporting when a macro-enabled Office file contains no macros instead of generic “processing error”.

Bug fixes:

• Malformed hash signing requests now result in a specific 400 validation error (invalid hash encoding or length, was a 500 response since version 1.160).

• Fixed a rare concurrency issue on high Office macro signing load.

New Release: 1.163.0

Improvements:

• Replaced the “readiness probes” in all K8s deployments with startup + liveness probes to improve startup perf and stability.

New Release: 1.162.2

Improvements:

• Improved history UI: table column alignment, use of screen estate.

• Improved performance of ModifyMembers, ChangeMembers user group REST APIs.

New Release: 1.162.2

New features:

• HSM SignServices now provides “readonly” mode for operational/maintenance purposes, which disables key management while still allowing signing operations.

Improvements:

• K8s readiness probe for signingprocessorservice switched from “readyfile” command probe to HTTP “healthz” probe to improve stability.

New Release: 1.161.1

New features:

• When applying changes via helm upgrade, now all signpath-application deployments restart automatically (via rollout restart).

Improvements:

• Added a safeguard mechanism for signpath-application pods which prevents startup on inactive colors due to deployment or configuration errors.

New Release: 1.160.1

Improvements:

• Artifact configuration: <create-raw-signature> supports input filename substitution via ${file.name}.

• “Resubmit with current settings” now also works for signing requests which fail due to an artifact retrieval error.

New Release: 1.160.1

Breaking changes:

• Hash signing operations are now performed by signingprocessorservice.

  You need to configure basic authentication configuration:

  • signingprocessorservice: signingProcessorService.basicAuthenticationOptions
  • signpath-application: fastSigningRequestProcessorServiceClientOptions.basicAuthenticationPassword

  See “Generate basic authentication passwords and hashes” in the installation guide for more information.

Improvements:

• The HSM SignServices watchdog doesn’t require a TSA URL anymore. The previously mandatory SignService values config entry appSettings.signService.cspWatchdogOptions.timestampingServerUrl can be removed.

New Release: 1.0

New features:

• Initial release

New Release: 1.159.0

Breaking changes:

• Provided dedicated REST APIs for modifying group memberships:

  • /ChangeMembers sets a new list of members
  • /ModifyMembers allows to add/remove members

  See the API definition for more details.

Improvements:

• Added a new API route GET /v1-pre/<org-id>/SiginingRequests that allows listing Signing Requests. See the API definition for more details.

• Improved the reliability of processing signing requests in case of temporary network errors.

New Release: 1.159.0

Improvements:

• Added additional custom dimensions to AppInsights events.

• The AdministrationUtility tool can now also log to AppInsights.

• Added an additional safeguard mechanism that prevents the inactive color deployment from processing signing requests.

Bug fixes:

• Fixed the mechanism that restarts the SignService components when the connection to a Luna/Thales DPoD HSM becomes corrupt.

• Added missing ActivityId entries to the log output to ensure a consistent logging experience.

New Release: 4.4.1

Bug fixes:

• Fixed a bug that prevented the underlying error messages from being shown.

• Fixed a bug that prevented retries from being executed properly in certain situations.

• Fixed a bug in the Linux container samples for GPG signing.

New Release: 1.158.0

New features:

• New “Operator REST API” (part of the Operator Client deployment) including organization list queries and organization creation APIs. Can be activated via appSettings.shared.globalFeatureToggleOptions.isOperatorApiEnabled configuration.

Improvements:

• Added Generate-Secret tool to simplify secure encryption key, basic authentication secret and API token generation.

New Release: 1.157.0

Improvements:

• For failed signing requests, the “Retry with current settings” feature was replaced with “Resubmit with current settings”. This feature creates a new signing request (linking back to the “original signing request”) instead of retrying the same signing request.

• Stricter validation of email address input.

• Introduced file size limits for XML files (2 MB) and OPC files (40 MB) to improve operational stability.

Bug fixes:

• Fixed path validation issue for encoded paths in OPC, MSIX and APPX files.

New Release: 1.157.0

Breaking changes:

• Renamed the Hangfire dashboard application component K8s Deployment to “Operator Client”:

  • Renamed signpathio/hangfire-dashboard Docker image to signpathio/operator-client (you may need to update your Docker image mirroring)
  • Replaced the appSettings/appSecrets.hangfireDashboard values section with appSettings/appSecrets.operatorClient
  • Replaced chartSettings.hangfireDashboard section with chartSettings.operatorClient
  • Changed operatorClient authentication settings from basic auth to API token-based (see operatorClientOptions.operatorUsers section)

Improvements:

• Added the possibility to expose the Operator Client via the Ingress (see “Enable Operator Client Ingress” installation guide).

• Application Insights: greatly reduced the amount of “pulled empty batch” events in the CustomEvents telemetry to reduce log volume.

• Increased default signingProcessorService.dotNetGCHeapHardLimit from 450 to 700 MB to avoid out of memory situations for XML and OPC signing.

Bug fixes:

• Fixed a migration job issue which left the old color Application Pods running in case of an Kubernetes API server outage.

New Release: 1.156.0

New features:

• REST API: Added new routes for creating, querying and modifying Trusted Build Systems.

Improvements:

• Improved error reporting of internal errors during Authenticode signing operations.

Bug fixes:

• Fixed a bug where changing the certificate before approving a signing request caused a processing error in certain situations.

• Fixed a bug that hid the detailed error message in the user interface when an artifact fails to be scanned for malware.

New Release: 1.156.0

Breaking changes:

• Changed the recommended Kubernetes version to 1.27 and the signpathio/kubectl image tag to 1.27.

Improvements:

• Application Insights: The custom dimension name has been renamed from LoggerName to CategoryName to comply with Microsoft standards.

• Application Insights: Now the Trace (application logs) and Request (Incoming HTTP requests) telemetry types aren’t sampled anymore on high load (i.e. Application Insights receives a gapless log stream) by default. The default configuration can be overridden in signpath-application or Sign Service values in the additionalApplicationInsightsOptions section.

• Container/Application Insights logs: Removed specific high volume, but unimportant log emitters to reduce log volume.

New Release: 4.3.4

Bug fixes:

• Fixed a bug that prevented read-only files from being submitted for signing.

New Release: 1.155.0

New features:

• REST API: Added new routes for (de)activating certificates, projects, signing policies and artifact configurations, and a new route for the “delete private key” certificate operation.

• REST API: Added GET /v1-pre/{organizationId}/InteractiveUsers/Me route.

Improvements:

• REST API: Added the ID of the created entity to the response body in various POST routes.

• Improved the title line on the signing request detail page for long project/signing policy names.

New Release: 1.155.0

Breaking changes:

• In signpath-application values chartSettings section: removed malwareScanning.timeout configuration value, and instead introduced scanner-type specific values:

  • malwareScanning.signPathMalwareScanningService.scanningTimeout and .httpRequestTimeout
  • malwareScanning.customMalwareScanningScript.scriptTimeout

Improvements:

• Added logging of the “User Agent” header to Application Insights requests.

• Removed the signpathmalwarescanningservice config map resource (unused since 1.144).

Bug fixes:

• Fixed broken Application Insights sampling configuration for signservice Pods.

New Release: 1.153.1

Bug fixes:

• Trusted build systems: Fixed validation error for Git repository SSH URLs.

New Release: 4.3.0

Improvements:

• Improved GPG initialization and shadow key fetching in Linux container sample scripts (which also fixed a compatibility issue with GnuPG 2.3+).

• Linux PKCS#11 CryptoProvider: Added support for Debian 11 and RedHat 9 distros incl. updated Linux container samples.

• Added CryptoProvider version info to the user agent header for backend REST calls.

Bug fixes:

• KSP CryptoProvider: Fixed a compatibility issue with ECDSA certificates.

New Release: 1.153.0

New features:

• Added support for creating raw detached signature files.

New Release: 1.153.0

Improvements:

• Added additionalApplicationInsightsOptions section to signpath-application values which allows to configure Application Insights sampling options.

New Release: 2.0.0

Breaking changes:

• Renamed CIUserToken to ApiToken.

Improvements:

• Added configurable timeouts for HTTP requests and signing request processing.

• Improved error messages.

New Release: 1.152.1

Bug fixes:

• Restricted user role assignment for OSS subscriptions.

New Release: 1.152.0

New features:

• Granular read-access authorization for signing requests. (Work in progress, available on request.)

Improvements:

• Signing requests with artifact retrieval links: added support for HTTP content compression.

• Improved reliability of HSM key store (additional retry conditions).

  (SaaS only)

• Improved performance of ClickOnce signing operations.

• Improved error messages for Office files without macros.

Bug fixes:

• Fixed PFX certificate import into certain HSM key stores (including SaaS HSM).

• Fixed a bug that prevented signing with Crypto Providers using the new API token feature for interactive users.

New Release: 1.152.0

Breaking changes:

• Changed the recommended Kubernetes version to 1.26 and the signpathio/kubectl image tag to 1.26.

Improvements:

• Added a Helm chart check which fails the installation in case the pod disruption budget’s minAvailable count is larger or equal to replicaCount.

New Release: 4.2.0

Improvements:

• Renamed the CIUserToken configuration file property to ApiToken and SIGNPATH_CI_USER_TOKEN environment variable to SIGNPATH_API_TOKEN). Please adapt your configurations (you can use the same value for ApiToken). Note that the old names are still accepted, but will be removed in a future version.

• Added documentation and Linux integration tests for the osslsigncode tool.

• Implemented the Windows KSP EnumKeys function, which enables hash based Mage / ClickOnce signing.

New Release: 1.151.1

New features:

• New REST API route: download the X509 certificate of a signing request GET /v1-pre/{organizationId}/SigningRequests/{id}/X509Certificate.

Improvements:

• Improved error messages for AppX and MSIX files when the publisher name does not match the certificate subject.

• Timestamping now falls back to alternative timestamping servers when primary server is unavailable.

  (SaaS only)

• Project administrators can now configure Docker repositories.

• User page shows date and time when an API token was generated.

Bug fixes:

• Fixed a bug that prevented importing PFX files generated by Microsoft CNG.

• Fixed a bug that prevented adding CI users to the project configurators of a project.

New Release: 1.151.0

Improvements:

• Dropped the JCE key “retargeting” when creating certificates on nShield HSMs (previously required for JAR signing).

Bug fixes:

• Fixed a problem that caused the sandbox.vhdx files of the Docker Mirantis runtime to grow continuously in Docker Compose installations.

New Release: 1.150.2

Improvements:

• Renamed certificate field “Thumbprint” to “SHA-1 Thumbprint” in the user interface and pre-release API.

• Added improved error messages for analyzing SSO-related configuration issues.

New Release: 1.150.2

Improvements:

• Improved logging login/logout errors by providing more details on OIDC related errors.

Bug fixes:

• Fixed issue of unnecessarily delay of automatic artifact deletion or archiving in content store of 23 days (affected versions 1.148 and 1.149).

• Fixed incorrect logging of PathBase in HTTP request logging.

New Release: 1.149.2

New features:

• Added limited administrator roles: User Administrator, Project Administrator and _Certificate Administrator. For more details, see the user roles documentation.

• Select multiple files is now generally available.

• Added support for deep signing of APPX and MSIX files. Read more about deep signing.

Bug fixes:

• Fixes incorrect display of malware scanning status for old signing requests.

  (SaaS only)

• Fixed a race condition that caused multiple signing requests to be created when uploading multiple files instead of bundling them correctly into a single artifact.

• Fixed a bug that led to failed signing requests for artifact configurations with a <zip-file> containing a path attribute as a root file element.

• Fixed a bug that prevented signing with the Crypto Providers for interactive users and users that were added as submitters through group membership.

New Release: 1.149.2

Breaking changes:

• Configuration setting appSettings.shared.signingOptions.timestampingServerUrl has been renamed to timestampingServerUrlTemplate in signpath-application values.

• The SignPath.Application.AdministrationUtility.exe tool in the Administration Utility pod has been renamed to SignPath.Application.Clients.AdministrationUtility.exe.

New Release: 4.3.2

Improvements:

• Improved the inline documentation

New Release: 4.1.0

Improvements:

• Added installation/uninstallation PowerShell script for Windows CSP and KSP. Note that the old installation method (involving System32 file copying, sp-register-ksp, regsvr32) still works, but it’s recommended to switch to the installation script. For details and usage see the “CSP/KSP installation (Windows)” section in the CryptoProviders documentation.

New Release: 1.148.2

New features:

• Added support for personal API tokens for interactive users. See authentication.

Improvements:

• Renamed “CI user token” to “Api token” in the user interface and one pre-release API (RegenerateApiToken).

• Renamed artifact configuration XML attributes productName and productVersion to product-name and product-version, respectively. (Existing spelling is still valid for the current schema version.)

• The zip archive created when uploading multiple files for signing is now named bundle.zip. See ui-multifile-upload.

• Renamed “Initial Login Email Address” of interactive users to “Account email address” in the user interface and InteractiveUser pre-release APIs.

New Release: 1.148.2

New features:

• Added support for “nginx.org” Ingress Controller distribution (see ingressAnnotations.nginx.ingressControllerDistribution configuration value).

Improvements:

• Improved memory consumption of the Signing Processor Service pod (see signingProcessorService.dotNetGCHeapHardLimit configuration value).

• Updated the default Ingress controller annotations to support 4 GB file uploads.

• Removed unnecessary values in signpath-application-ingress.

• Reduced logging noise in webclient and api containers.

Bug fixes:

• Fixed disk space leak which affected signpath-application containers with large logging volume.

New Release: 4.3.1

Improvements:

• Renamed -CIUserToken parameter to -ApiToken. The old name is still valid for this major version (4.x).

New Release: 4.0.1

Breaking changes:

• Replaced Timeouts.ServiceUnavailable (and SIGNPATH_TIMEOUTS_SERVICE_UNAVAILABLE) configuration value with Timeouts.FirstRetryDelay and Timeouts.RetryCount (See “Setting configuration values” section in the CryptoProviders documentation for details).

Improvements:

• Changed the HTTP call error retry strategy to use an exponential back-off mechanism.

• Added a warning logging for failed HTTP calls before retrying.

• Improved error return values codes for KSP/CSP/Cryptoki functions for HTTP call errors to better express the underlying problem. (See the corresponding “Error return values” sections in the CryptoProviders documentation).

• Improved the debug logging output for Cryptoki function calls.

• Improved the error message for HTTP(S) errors on Linux.

New Release: 1.147.0

Improvements:

• Added a “My profile” link in the user menu.

Bug fixes:

• Fixed incorrect handling of special characters in artifact file path during malware scanning and during OPC deep signing processing.

New Release: 1.147.0

Improvements:

• Added confirmation prompts in the administration utility for all commands and a -y argument.

• Added recommendation of master database SQL user creation to “Database logins and permissions” section in documentation.

New Release: 1.146.0

New features:

• Added ui-multifile-upload feature to upload multiple files in signing request web client UI (preview).

• Added “Multiple Office files with macros” default artifact configuration which allows to upload multiple Office files in the user interface.

Improvements:

• Improved resilience of system against temporary database outages.

New Release: 1.146.0

Improvements:

• Limit number of maximum events per stored entity to avoid performance bottlenecks.

• Added chartSettings.signingProcessorService.dotNetGCHeapHardLimit to reduce memory consumption of signingprocessorservice pods.

Bug fixes:

• Fixed possible timeouts for long running malware scanning runs via malwareScannerType: signPathMalwareScanningService.

New Release: 1.145.1

Improvements:

• Improved /v1-pre/{organizationId}/AuditLog/SigningRequestEvents responses:

  • Added originalSigningRequestId for resubmit events.
  • Added file name and hash fields for various submission event types.

• Improved the performance of the /v1-pre/{organizationId}/AuditLog/Events REST API

New Release: 1.145.1

Breaking changes:

• Changed the recommended Kubernetes version to 1.25 (note that 1.24 will go EOL on 2023-07-28) and the signpathio/kubectl image tag to 1.25.

• Changed the Web Client authentication ticket lifetime from 14 days to 12 hours. This means that after 12 hours without any request, the Web Client will re-authenticate via OIDC.

Improvements:

• Allowed using multi-line PEM certificates in chartSettings.trustedRootCertificates/.intermediateCertificates in all Helm Charts.

• Dropped the supportOptions and signingRequestQueueThrottlingOptions sections (both not relevant for self-hosted installations) in signpath-application values.

• Removed mandatory SMTP server username/password overrides in the signpath-application values.

• Reduced the log noise in all web server based containers.

• Added SigningRequestProcessing-IndividualSignature Application Insights events for hash signing requests.

New Release: 1.144.1

Improvements:

• New REST API route: reinvite interactive users /v1-pre/{organizationId}/InteractiveUsers/{id}/Reinvite.

• New REST API route: /v1-pre/{organizationId}/Projects/{slug}/SetDefaultArtifactConfiguration.

• Improved performance of REST API and UI HTTP responses.

New Release: 1.144.1

Improvements:

• Improved performance and reduced memory consumption of the signPathMalwareScanningService malware scanning client.

Bug fixes:

• Fixed duplicate MalwareScannerOptions__MalwareScannerType config map entries.

New Release: 1.143.2

Breaking changes:

• Event Audit Log API (preview): The TrustedBuildSystem.Added event has been renamed to TrustedBuildSystem.CustomAdded.

New Release: 1.143.2

Improvements:

• Reduced memory consumption when signing JAR files.

Bug fixes:

• Fixed aborted SignService deployments in cases using descheduler for Kubernetes with RemovePodsViolatingTopologySpreadConstraint.

New Release: 1.142.1

New features:

• Added support for optionally moving contents to the Azure Blob store archive tier instead of deleting them.

Improvements:

• Reduced amount of application logging for Azure Blob content store accesses.

Bug fixes:

• Fixed error when accessing Hangfire dashboard in special cases.

New Release: 1.141.1

Improvements:

• Malformed hash values in hash signing are now gracefully reported to the API caller.

Bug fixes:

• Fixed a problem that caused some signing requests to be stuck in the Queued state.

• Fixed a problem where some signing request reports were truncated.

New Release: 1.141.1

New features:

• Added support for client-mediated HA Group Pairing for Luna Network HSMs.

Improvements:

• Added the “Signing Request Accepted” event to the reported “custom events” in Application Insights.

• Various performance fixes regarding signing request archive database access.

New Release: 1.140.3

New features:

• Added support for signing Cyclone DX SBOMs.

• Added support for XML file signing based on the W3C XMLDSig standard.

Bug fixes:

• Fixed timeouts that occurred during the creation of signing request reports.

• Fixed timeouts in the Audit Log API.

New Release: 4.3.0

New features:

• Support for using mutual TLS client certificates specified by a Microsoft template ID.

New Release:

Upgrade information:

• After the upgrade the report model database will be automatically built up from scratch. This means that for a while (depending on the number of signing requests) the signing request list in the UI and the CSV report may be incomplete until the report model building reached the latest signing requests.

New Release: 1.139.0

Bug fixes:

• Fixed a bug that allowed users to be created via the API even though the quota limit has been met.

• Fixed timeouts in the signing request Audit Log API.

• Fixed the alignment of the buttons in the artifact configuration panel on the project page.

New Release: 1.138.0

Improvements:

• Improved performance in UI when showing long history lists.

Bug fixes:

• Fixed potential issue that allowed very long running background tasks to run in parallel.

New Release: 1.137.0

Improvements:

• SignPath now explicitly drops any secrets exposed in the build settings by AppVeyor. All affected parties were informed.

New Release: 1.137.0

Bug fixes:

• Fixed the issue that not all application logging entries reached Application Insights.

• Fixed missing error reporting details for failed malware scanning service calls.

New Release: 1.136.3

Improvements:

• New REST API route /v1-pre/{organizationId}/SigningRequests/{id}/ArtifactDescriptionXml allows to retrieve the artifact description XML content for signing requests including file details for all contained signed files.

• Added a “Sign artifact” button in the artifact configuration list in the project page.

• Added “Sign artifact” and “Show signing requests” buttons on the artifact configuration details page.

New Release: 4.2.1

Improvements:

• Improved error messages when a wrong URL is provided.

New Release: 3.4.0

Improvements:

• Cryptoki: Added Cryptoki.DoNotFailOnReadWriteSessions configuration flag to enable compatibility with Cryptoki / PKCS #11 clients which always open the session with the read/write option (e.g. pkcs11-tool in version lower than 0.23).

• Added documentation for pkcs11-tool usage and Linux Docker container sample scenario.

New Release: 1.136.3

Breaking changes:

• The following configuration values have been moved from appSettings to appSecrets:

  • signpath-application value appSettings.shared.applicationInsights.connectionString
  • signpath-signservice-<variant> value appSettings.signService.applicationInsights.connectionString

New features:

• Added support for automatic artifact deletion after a configurable retention time (disabled by default).

Improvements:

• The operator user name stored alongside all operations triggered by the administration utility can now be set via an environment variable.

• Various malware scanning script performance fixes.

New Release: 1.135.0

New features:

• Added support for ECDSA X.509 (key type ecdsa-x509) certificates for Docker Signing.

Improvements:

• Added new REST API for listing all projects as well as modifying projects, signing policies, and artifact configurations.

• Improved dashboard loading performance.

New Release: 3.3.0

New features:

• Added suppport for using a HTTP web proxy (Linux and Windows).

Improvements:

• Improved the error reporting for the sp-register-ksp command (Windows).

New Release: 1.135.0

New features:

• For Luna and DPoD HSMs it’s now possible to delete certificate keys on the HSM storage 60 days after the “Delete private key” action (Note: By default, deleted keys are only recorded for manual deletion.)

Breaking changes:

• The configuration parameters for NGINX proxy settings in the signpath-application-ingress chart have a new location.

• Custom malware scanning scripts must now be able to handle two new parameters: -OriginalFileName and -ExecutionTimeout.

Improvements:

• Added support in the Ingress chart to configure additional annotations on the Ingress resource and to opt-out from the NGINX default annotations.

• Changed recommended Kubernetes version from 1.23 to 1.24.

• Updated the signpathio/kubectl container image to include kubectl 1.24.10 (the image is tagged with both 1.24 and 1.24.10).

• Dropped NGINX session affinity annotations (Note: reverse proxy session affinity has not been a requirement since release 1.133.).

• Improved signing request triggering latency.

• Changed the default replica count for hangfireDashboard to 1.

• Cleaned up the Ingress chart (removed the tests section).

• Cleaned the SignService Kubernetes Helm Charts (dropped unused sections).

• The commands in the administration utility were cleaned up.

New Release: 1.133.0

New features:

• Artifact configurations can now be deactivated.

Improvements:

• New REST API /v1-pre/{organizationId}/Certificates allows to list all certificates.

• Added REST APIs to modify, activate and deactivate CI Users.

• HTTP requests where the TCP connection is dropped by the client are now automatically canceled.

New Release: 1.133.0

Breaking changes:

• Added new mandatory database connection strings for the application: DataProtectionDatabase and DataProtectionDatabaseDdl.

  • We recommend to rename the ReportModel database to ApplicationShared and use this database in the connections strings ReportModelDatabase, ReportModelDatabaseDdl and the two new connection strings.
  • Alternatively also a new database named DataProtection can be created and used.
  • See also the “Create databases” and “Data protection keys” sections in the installation guide.

Improvements:

• Cleaned up and improved the default values in values.yaml in the Kubernetes Helm Charts.

• Improved the log format for multi-line log messages.

• Changed the Kubernetes topologySpreadConstraints.maxSkew to 1 to advise K8s to preferably spawn pod replicas on different nodes.

Bug fixes:

• Fixed a bug that set maximum number of certificates quota to zero when changing subscriptions in certain cases.

New Release: 1.1.0

Improvements:

• Removed PowerShell dependency.

Bug fixes:

• Fixed a bug that allowed a potential attacker to submit files other than the build artifacts.

New Release: 1.132.0

Breaking changes:

• Within the AuditLog API (preview) response, the metadata.user property has been renamed to metadata.actor.

Improvements:

• Changed web hooks to be triggered for all final signing request statuses, not only Complete.

• Improved error reporting when deep-signing MSI files with missing external files.

Bug fixes:

• Fixed artifact configuration generation for file names containing special characters like square brackets.

• Fixed an HTML (non-XSS) injection vulnerability in the UI.

New Release: 1.132.0

Improvements:

• Uploaded artifact files can now be exempt from Windows Defender realtime scanning on Kubernetes hosts.

Bug fixes:

• Temporary files during HTTP uploads are now stored in an emptyDir volume, which can improve performance and fix disk usage issues (Kubernetes).

New Release: 1.130.0

Breaking changes:

• The Audit Log REST API (preview) /v1-pre/{organizationId}/AuditLog/Events doesn’t include signing request events anymore, instead they can be retrieved via the the new /v1-pre/{organizationId}/AuditLog/SigningRequestEvents route.

New features:

• Added support for additional, organization-specific key stores.

Bug fixes:

• Signing requests with more than one signing policy are now properly returned in the REST API.

New Release: 1.129.0

New features:

• Enabled Swagger UI for the REST API at /Api/swagger.

Bug fixes:

• Fixed bug in elliptic curve certificate generation for the software key store.

New Release: 1.129.0

Breaking changes:

• Renamed signServiceOptions to keyStoreOptions in the following places:

  • appSecrets/appSettings.shared.signServiceOptions (also changed the structure)
  • appSettings.deletionProcessorService
  • appSettings.signingProcessorService

• Configuration value appSettings.notificationsProcessorService.smtpServerOptions.useSsl has been renamed to .secureSocketMode. Change false to 'None' and true to 'Ssl'.

New features:

• Added support for SMTP StartTLS protocol.

• New AppInsights customEvents for individual signing operations.

New Release: 1.128.0

New features:

• Added possibility to disable malware scanning for individual signing policies.

Improvements:

• Performance improvement for signing requests using the HSM key store.

• New REST API routes (preview) to list all CI Users and regenerate CI User tokens.

New Release: 4.2.0

New features:

• Artifact Retrieval: Instead of uploading the artifact file, a HTTPS retrieval link including authentication headers can now be passed to SignPath.

New Release: 3.2.2

Improvements:

• Linux: Added Debian package signing via dpkg-sig to signing scenarios.

• Linux: Added Maven GPG signing Docker container sample scenario.

New Release: 1.128.0

New features:

• New Administration Utility ChangeMultipleSubscriptions command to (partially) update multiple organizations with new subscription options.

• Added support for including images files in custom notification email styling.

Improvements:

• The versioning scheme of the Kubernetes Helm Charts has been changed to match the application version.

• The signService.lunaHsmKeyStoreOptions.slotIndex configuration value is not necessary anymore and can be dropped.

New Release: 1.126.0

New features:

• Verifying that a signing request was submitted from a trusted build system (TBS) is now possible without requiring the TBS to provide origin information.

• The certificate view now also lists the X509 Issuer, Serial Number, Thumbprint, Key Usage and Extended Key Usage flags for each certificate.

Improvements:

• Changed the name of the initial artifact configuration when creating projects to “Initial version”.

New Release: 1.126.0

Breaking changes:

• New mandatory chartSettings.malwareScanning.malwareScannerType configuration for signpath-application (Kubernetes only).

• New mandatory signService.cspWatchdogOptions.keyId app setting for Luna HSM SignService.

New features:

• Possibility to configure a custom malware scanning service (via PowerShell adapter script).

• Luna HSM watchdog key IDs can now be configured.

Bug fixes:

• Fixed a bug where multiple Luna HSM watchdog keys were created on first startup (only relevant for Kubernetes installations with multiple replicas).

New Release: 1.125.0

New features:

• Added support for MSIX (Windows app package) signing.

• Added UI support for Re-submission of signing requests.

Improvements:

• Added new API routes to change a user’s NotificationEmailAddress and Identity fields.

New Release: 4.1.3

Improvements:

• Added a proper return message when an operation is not allowed.

• Cleaned up the documentation.

New Release: 1.125.0

Breaking changes:

• To continue using the REST API to resubmit signing requests (preview), a feature toggle needs to be enabled for every organization.

New Release: 1.124.0

New features:

• Interactive users can now be created via the REST API.

Improvements:

• Various small UI/UX improvements:

  • Used “email” instead of “e-mail” consistently.
  • Entity names are only truncated when there is no more space available on the UI.
  • It’s not possible to send empty feedback messages any longer.
  • When using the “Copy to clipboard” functionality, a confirmation message is shown.
  • When submitting forms, a spinning icon was added to indicate that the request is being processed.
  • On pages containing forms, the first input field is automatically focused on.
  • The interative user field “Display Identity” was renamed to “Initial Login Email Address”.
  • The mouse cursor now indicates when an element can be interacted with.
  • The date and time picker now does not open any more when the input field is focused, making it easier to enter a date using the keyboard.

New Release: 3.2.1

Improvements:

• Linux: Updated the statically linked dependencies to Boost 1.79.0, OpenSSL 1.1.1n/3.0.5, plog 1.1.8 and zlib 1.2.12

Bug fixes:

• Fixed a segmentation fault when using Cryptoki on Linux.

• Fixed Cryptoki loading error on RedHat Linux v8.

• Fixed missing CI User token redaction when passed on command line instead by configuration.

New Release: 1.124.0

Improvements:

• Improved pairing experience with nShield HSMs.

• The “HashPassword” functionality doesn’t require a Windows container anymore.

Bug fixes:

• Fixed nShield HSM startup error in Kubernetes.

New Release: 1.123.0

Breaking changes:

• Compatibility with Internet Explorer 11 has been dropped.

New features:

• The artifact description in signing requests now contains the full path of files inside container artifacts.

• The certificate’s key store ID is now also shown on the certificate details page (needs to be enabled per organization).

Improvements:

• Modernization of the HTML UI framework including fixes of minor UI glitches.

• Projects can now be configured to use multiple repository URLs for origin verification.

Bug fixes:

• Fixed broken signing request notifications for denied signing requests in special scenarios.

New Release: 3.2.0

Bug fixes:

• Fixed Cryptoki loading errors on RedHat Linux 8.6.

New Release: 3.1.0

New features:

• Collecting information about the invoking process (command line call and user account) is now also supported on Linux.

Bug fixes:

• Fixed missing support for libp11 (OpenSSL engine) version 0.4.12.

• Fixed missing reporting of specific configuration errors (e.g. invalid CI user token registry location).

New Release: 3.0.0

Breaking changes:

• The SIGNPATH_LOG_LEVEL configuration was split into SIGNPATH_LOG_CONSOLE_LEVEL and SIGNPATH_LOG_FILE_LEVEL.

• The console logging was disabled by default (SIGNPATH_LOG_CONSOLE_LEVEL=none).

New features:

• Cryptoki: Added compatibility with gnupg-pkcs11-scd to support GnuPG PGP signing.

New Release: 1.121.0

Improvements:

• Improved error reporting for wrong configurations.

Bug fixes:

• Added missing error reporting in the Administration Utility.

New Release: 4.1.4

Bug fixes:

• Fixed interopability problems with the Azure Container Registry.

New Release: 1.120.0

New features:

• Added support for Windows Script Signing.

Improvements:

• Improved error handling for invalid archives.

Bug fixes:

• Fixed bug that prevented project configurators from setting the default artifact configuration.

New Release: 4.1.1

Improvements:

• Added references to the online documentation.

New Release: 1.120.0

Improvements:

• Improved the pairing process for Thales Luna and DPoD Cloud HSMs.

• Added support for Azure Application Insights logging.

New Release: 1.119.0

New features:

• Added the possibility to provide a reason when denying a signing request.

Improvements:

• Improved error messages when submitting invalid NuGet packages.

Bug fixes:

• Fixed a bug that allowed deleting an unsigned artifact that was still referenced by a resubmitted signing request.

New Release: 1.119.0

Bug fixes:

• Fixed a bug that that required self-hosted installations to configure a timestamping server URL for FreeTrial subscriptions.

New Release: 1.117.0

Bug fixes:

• Fixed a potential argument injection vulnerability in the jarsigner call.

• Fixed a bug that prevented notification email changes from being shown in the history.

New Release:

Improvements:

• New REST API route (preview): /v1-pre/{organizationId}/CIUsers/Me returns information about the authenticated CI user.

New Release: 1.117.0

Improvements:

• In Kubernetes installations, an improved migration mode ensures that all container images are ready before to the new version starts, ensuring a minimum downtime.

New Release: 1.115.0

Bug fixes:

• Fixed Content-Security-Policy rules that prevented some SVG icons from being loaded.

New Release: 1.115.0

Breaking changes:

• A new ReportModel database needs to be created. See the installation guide for more details.

Improvements:

• Administrators are now prevented from deploying to the wrong color.

• Added a new /healthzd route to the API that checks the health of the SignServices.

New Release: 1.114.0

Improvements:

• Calling SetupDBs.ps1 now prints out a usage message when no parameters are supplied in the Docker Compose setup.

• Improved default values in configuration files.

New Release: 1.113.0

Bug fixes:

• Fixed a bug that prevented Docker Signing to work when using the Azure Container Registry.

New Release: 4.1.0

Improvements:

• An error message is shown when an artifact is no longer available for download.

New Release: 1.113.0

New features:

• Artifacts can now be deleted using the administration utility.

Improvements:

• The database connection strings used in the initial setup and during the migration are now read from the configuration files.

New Release: 1.112.0

Improvements:

• New REST API route (preview): /v1-pre/{organizationId}/Organization to query organization and quota information.

New Release: 2.1.0

New features:

• Support for DPAPI-encrypted CI User tokens.

• Dedicated support for signing of Microsoft Office macros.

Improvements:

• Separate versions for 32- and 64-bit architectures.

New Release: 1.112.0

Improvements:

• NShield HSM keys are automatically retargeted to be used for Java signing.

Bug fixes:

• Fixed Malware Scanner warnings on startup on Windows Server machines using Docker Compose.

New Release: 1.111.0

Improvements:

• Limited the maximum file size for artifact retrieval to 4GB in SaaS.

  (SaaS only)

New Release: 2.0.0

Breaking changes:

• Configuration and parameter names changed. All Crypto Providers now use a common naming schema. Environment variables have precedence over the configuration file. Command line parameters have precedence over environment variables.

Improvements:

• All Crypto Providers can now gracefully handle application downtimes and will retry HTTP requests if the application is temporarily unavailable.

New Release: 1.111.0

Improvements:

• Introduced a configurable file size limit for the artifact retrieval feature (defaults to 4GB).

New Release: 1.110.0

New features:

• Introduced the option to re-download a Certificate Signing Request (CSR) and to re-upload certificates.

Improvements:

• Updated Java Runtime to JDK 12.

Bug fixes:

• Fixed a bug that prevented the Audit Log API from handling Webhook.Deleted events.

New Release: 1.110.0

New features:

• Introduced option to change the log4net configuration used in SignPath.

New Release: 1.108.0

New features:

• Audit Log REST API is now available in preview.

Bug fixes:

• Expiration emails for already expired certificates are no longer sent out.

New Release: 1.1.0

New features:

• Windows only: Information about the invoking process (command line call and user account) is collected.

• Windows only: Mutual TLS (mTLS) client certificates can be specified.

New Release: 1.108.0

Breaking changes:

• Only for nShield HSMs: Move the kneti-hardserver file from the NShieldHardserverPath directory to a subdirectory hardserver in the NShieldPairingDataPath directory. (Note: The NShieldHardserverPath configuration value has been removed.)

New Release: 1.107.0

Improvements:

• The API now returns concrete error messages in the body of HTTP 401 Unauthorized responses.

• The signing request ID is now included in the HTTP response body of the submit API routes.

• Extended the build system integration for Appveyor to allow private projects for non-OSS subscriptions.

New Release: 1.106.0

Improvements:

• For Hash Signing, the metadata is now included in the signed artifact payload file.

Bug fixes:

• Fixed a bug that caused expiration notifications to be sent out even if a new certificate was re-imported.

New Release: 4.0.0

Breaking changes:

• The Submit-SigningRequestResubmit command has been removed. Resubmit is now possible using the -Resubmit flag of the regular Submit-SigningRequest command.

New Release: 1.106.0

Upgrade information:

• The Configuration.yml file does not contain settings for the connection strings any more. Connection strings are now handled as secrets by default. However, for migration purposes, the connection strings can still be added to the Configuration.yml and referencing secret files is still supported.

Improvements:

• The secret handling has been unified between the Docker Compose and K8s deployment targets.

New Release: 1.105.0

New features:

• Signing request filters: The signing request list can be filtered by status and artifact configuration (when viewing signing requests for a specific project or signing policy).

• User roles can also be configured for CI Users. Permissions will be applied to API calls accordingly.

Bug fixes:

• Fixed a bug that prevented artifact names of signing requests submitted via the artifact retrieval workflow from being included in the signing request report.

New Release: 1.105.0

Bug fixes:

• Fixed a bug that hid an error message when the configuration file could not be properly read.

New Release: 1.0.6

Improvements:

• Security-hardened handling of tokens and artifacts within the plugin.

Bug fixes:

• Fixed a bug that caused Jenkins to run into timeouts when uploading large artifacts for signing.

New Release: 1.104.0

Improvements:

• The content of signing request lists has been cleaned up and only includes the artifact name once.

Bug fixes:

• Fixed a UI glitch in the webhook body editor.

• The correct HTTP response code (403) is now returned for requesting unknown resources.

New Release: 3.2.1

Bug fixes:

• Fixed a bug that prevented an error message from being shown when a parameter is missing.

New Release: 1.104.0

Bug fixes:

• Special characters are now handled correctly during the creation of the ENV-file.

New Release: 1.103.0

New features:

• Added global reader and project reader roles.

• Signing requests can now be resubmitted via the PowerShell module or via the API.

Improvements:

• An additional certificate expiration notification is sent 10 days prior to the certificate expiration date.

Bug fixes:

• Errors that are caused by an unexpected timestamping algorithm are now handled properly again.

New Release: 1.102.0

New features:

• Support for Thales DPoD cloud HSMs are in pre-release status.

Improvements:

• The signing request status values have been reduced. Multiple status are now combined as “In Progress”.

• Artifact sizes are now displayed in a human readable format.

Bug fixes:

• Fixed a bug that prevented the artifact configuration XML from being downloaded if there were special characters in the configuration’s name.

New Release: 1.102.0

Breaking changes:

• In the Docker.LunaPairingDataPath or Docker.NShieldPairingDataPath directory respectively, replace all characters in the filenames that do not fall in the following patterns with underscores (_): ^[-._a-zA-Z0-9]+$.

• Dropped support for file-based content stores. Use content stores compatible with the Amazon S3 interface instead.

Improvements:

• The pairing data files have been renamed to only contain a reduced set of characters (for the upcoming Kubernetes support).

• Loosened the restrictions on the timestamping server protocol to allow the use of more timestamping servers.

New Release: 1.101.0

Bug fixes:

• Fixed a bug that caused exception stack traces during startup.

New Release: 1.100.0

New features:

• Project configurators: Configurator permissions can be granted to users that allow them to edit the artifact configurations and webhooks for specific projects only.

Improvements:

• The signing request report now includes a link to the web page of the respective signing request.

New Release: 1.100.0

New features:

• Support for the (AWS) S3 content store backend. (Note: The file-based content-store will be dropped in the next version.)

Bug fixes:

• The health check route of the Hangfire Dashboard works again.

New Release: 1.99.0

Improvements:

• Hardenend the content-security-policy settings.

New Release: 1.99.0

Improvements:

• Improved logging during the database setup phase.

• Fixed order of elements in Configuration.yml for easier comparison between versions.

New Release: 1.98.0

New features:

• Notification Levels: Users can now select a notification level for each signing policy separately. By default, administrators will stop receiving notifications for signing requests unless they are configured as submitters or approvers.

Improvements:

• Improved performance when processing artifacts.

Bug fixes:

• Removed the invalid required marker for Docker repositories on the create projects page.

• Fixed a UI glitch: The “View documentation” links are right-aligned again.

New Release: 1.98.0

Improvements:

• Improved migration times

• Unified replaceme placeholders in configuration files.

• Disabled free trial organizations by default.

Bug fixes:

• Patched version for Thales DPoD support.

New Release: 1.96.0

Improvements:

• Better error reporting for archives that contain multiple files with the same name.

• Performance improvements when loading signing request lists.

• The “resubmit” functionality that allows a failed signing request to be executed again was renamed to “retry”.

New Release: 3.1.3

Improvements:

• Cleaned up the code.

New Release: 1.96.0

Improvements:

• Changed the default isolation mode from Hyper-V to Process.

• Removed necessity to set Multiple Active Result Set (MARS) in the connection strings explictly when upgrading.

New Release: 1.95.0

Improvements:

• Improved performance for hash-signing operations.

New Release: 1.95.0

Improvements:

• Docker images are now pulled from DockerHub instead of being included in the installation package.

New Release: 1.94.0

Improvements:

• The default key size was increased to 4096 bits when creating keys via the user interface. This change was necessary to meet the new baseline requirements for code signing certificates as published by the CA/Browser forum. Existing certificates are not affected by this change.

• Authenticode signatures may contain a description field that is displayed by Windows User Account Controls (UAC) and possibly other mechanisms. If present, SignPath will now use the FileDescription value of the PE file VERSIONINFO resource (VER_FILEDESCRIPTION_STR). Otherwise the file name will be used as before.

• The malware scanning step is now displayed as a separate entry in the processing log of each new signing request.

New Release: 1.92.0

Improvements:

• Improved migration performance by reducing the number of events.

Bug fixes:

• Fixed wrong metadata type entry in content store for signed/unsigned artifacts.

New Release: 1.91.0

Improvements:

• Various small UX improvements:

  • Renamed “Build information” to “Build data”.
  • Improved the display of the file name of artifacts submitted using the artifact retrieval functionality

• In the SaaS deployment, the login process has been improved and handles correlation errors more gracefully.

  (SaaS only)

Bug fixes:

• Fixed a bug where certain directory structures in clickonce application bundles resulted in unusable artifact configurations when created from a sample upload.

New Release: 3.1.0

New features:

• Added support for user-defined parameters.

New Release: 1.91.0

Breaking changes:

• Move all configuration values from the .env file to the respective section in the Configuration.yml file.

New features:

• Added possibility to configure an external malware scanner.

Improvements:

• Switched to a YAML-based hierarchical configuration system.

• The performance of the Administration Utility has been improved.

New Release: 1.90.0

Improvements:

• Changed webhook URLs to only allow HTTPS.

• Group memberships are also shown for user groups.

• The repository URL is also shown on the signing policy detail page (if origin verification is enabled).

New Release: 3.0.2

Improvements:

• Added more explicit error messages when a Trusted Build System Link is missing in the Project configuration.

New Release: 1.90.0

Breaking changes:

• Move all secrets from the .env file to the respective secret files.

New features:

• Switched to using Docker-Compose secrets.

Improvements:

• SQL connection strings for the SignService databases are also encrypted by default.

• Improved error messages in case of missing configuration values.

• Cleaned up the Docker images.

New Release: 1.89.0

Improvements:

• Signing request reports now also include the user IDs of all submitters and approvers.

New Release: 3.0.1

Improvements:

• Added -Verbose flag for better debugging experience.

• The -ClientCertificate parameter is now also supported in the Get-SignedArtifact command.

Bug fixes:

• File handles are now closed correctly even if an error occurs.

New Release: 1.89.0

New features:

• Reverse proxies are now supported, recommended and enabled by default.

New Release: 1.88.0

New features:

• Artifact configurations now support user-defined parameters.

Bug fixes:

• Fixed a bug that did not show the organization name on the invitation page.