This maintenance release contains a compliance fix related to the validity of CRLs and OCSP responses. Additionally, an authorization issue affecting the revocation of throwaway certificates in EJBCA 7.6.0 and later has been resolved.

Deployment options include EJBCA Hardware Appliance, EJBCA Software Appliance, and EJBCA Cloud.

CRL and OCSP Validity Compliance

It was brought to our attention by a customer that EJBCA adds a second of validity to CRLs and OCSP replies to what is intended in RFC 5280. This issue has been addressed in EJBCA 7.8.0.1 by reducing the validity of CRLs and OCSP responses by 1 second.

Ephemeral CA Revocation Broken since 7.6.0

Due to a security fix introduced in EJBCA 7.6.0, the level of authorization required to perform revocation of throwaway certificates became too strict. This has now been restored to its initial behavior.

Upgrade Information

As a patch release, the upgrade procedure is the same as for EJBCA 7.8.0. See the EJBCA 7.8 Upgrade Notes for important information about this release. For upgrade instructions and information on upgrade paths, see Upgrading EJBCA.

EJBCA 7.8.0.1 is included in EJBCA Hardware Appliance 3.9.1 and EJBCA Cloud 2.9.0 and can be deployed as EJBCA Software Appliance.

Change Log: Resolved Issues

For full details of fixed bugs and implemented features in EJBCA 7.8.0.1, refer to our JIRA Issue Tracker.

Issues Resolved in 7.8.0.1

Released October 2021

Improvements

ECA-10327 - Reduce CRL and OCSP Validities by 1 second

Bug Fixes

ECA-10303 - Throwaway CA Revocation Broken in 7.6.0