Release Notes of KeyTalk client for Linux -------------------------------------------------------- Known issues: 1) Ref Ubuntu agent: Certificates are only added to TPM/NSS, without replacing the existing ones when performing automated renewals. client-7.6.1, 29 January 2025 ----------------------- FIXED: Fix TPM provision on new devices with normally unsupported TPM properties KeyTalk Linux client version 7.5.14, 8 October 2024 -------------------------------------------------------- ADDED: Removing NSS-DB KeyTalk TPM module when uninstalling client CHANGED: Updated TPM TSS libraries to v4.1 KeyTalk Linux client version 7.2.2, 10 July 2023 -------------------------------------------------------- ADDED: Ubuntu 22: Automated renewal of user (seat) certificates (--renew-cert) CHANGED: Ubuntu 22: Add Linux distro major version in the .DEB package version CHANGED: Ubuntu 22: Use more conventional 'amd64' iso 'x86_64' in Linux agent package names KeyTalk Linux client version 7.2.1, 24 May 2023 -------------------------------------------------------- CHANGED: Remove pip dependency from Ubuntu 22 agent KeyTalk Linux client version 6.6.0, 25 April 2023 -------------------------------------------------------- ADDED: Kerberos support for Ubuntu 20.04 and 22.04 KeyTalk Linux client version 6.5.0, 26 August 2022 -------------------------------------------------------- ADDED: When requesting Pfx over RCDP, use Pfx key encryption format compatible with OpenSSL version in use by the agent CHANGED: Always include CA trust chain in certificate received from the server, whenever available CHANGED: Dropped support for CentOS 7 and RHEL 7 (Linux agent) FIXED: TPM support on machines with newer TPM chips (Ubuntu 20 and 22) KeyTalk Linux client version 6.4.9, 26 August 2022 -------------------------------------------------------- FIXED: KeyTalk Linux agent could not locate TPM libraries (so no need for the manual "ln -s" workaround anymore) FIXED: Native Debian installer on Ubuntu 20 is back KeyTalk Linux client version 6.4.8, 2 August 2022 -------------------------------------------------------- ADDED: Signing client CSR from TPM with attestation (Linux agent for Ubuntu 20.04 only) KeyTalk Linux client version 6.4.5, 19 May 2022 -------------------------------------------------------- ADDED: Chrome support: Import, list or remove certificates to/from NSS database (Ubuntu 20.04 64-bit client only) KeyTalk Linux client version 6.3.2, 01 December 2020 -------------------------------------------------------- ADDDED: Linux client: support for Ubuntu 20 CHANGED: Linux client: removed support for CentOS 8 and RHEL8 because CentOS 8 reached its EOL KeyTalk Linux client version 5.8.10, 01 December 2020 -------------------------------------------------------- FIXED: CentOS 8 & RHEL 8 TomCat and Apache certificate update issue KeyTalk Linux client version 5.8.9, 23 November 2020 -------------------------------------------------------- ADDED: CentOS 8 & RHEL 8 support KeyTalk Linux client version 5.7.0, 19 February 2020 -------------------------------------------------------- FIXED: Static linking to Apache/TomCat KeyTalk Linux client version 5.6.5, 10 January 2020 -------------------------------------------------------- ADDED: Installation manuals got included in the top-level fat package of KeyTalk Linux client delivery (Linux client) ADDED: Added installation log to the Problem Report (Linux client) KeyTalk Linux client version 5.6.4, 31 October 2019 -------------------------------------------------------- FIXED: cron job for Apache and TomCat certificate renewal never kicked in (Linux client) FIXED: Check all users for valid certificate for latest provider and service during automatic certificate validation (Windows client) KeyTalk Linux client version 5.6.3, 01 October 2019 -------------------------------------------------------- ADDED: Detecting machine hostname, to support issuing and installation of machine certificates ADDED: Added Machine Name verification and monitoring functionality when machine certificates are issued, and enabled automated authenticated revocation and renewal when machine name changed KeyTalk Linux client version 5.6.2, 28 August 2019 -------------------------------------------------------- FIXED: Preinstall epel repository on CentOS/RHEL necessary for inotify-tools used by KeyTalk CA updater KeyTalk Linux client version 5.5.1, 26 February 2019 -------------------------------------------------------- - ADDED: Allow non-root users to customize and use KeyTalk Linux client KeyTalk Linux client version 5.5.0, 25 January 2019 -------------------------------------------------------- - ADDED: Extend HWSIG with random number - ADDED: Allow "certificate validity percentage" in absolute time KeyTalk Linux client version 5.2.3 13 September 2018 ------------------------------------------------------- - ADDED: Support for Tomcat certificate renewal for Linux client - ADDED: Support for Ubuntu 18 KeyTalk Linux client version 5.2.2 22 June 2018 --------------------------------------------------- - ADDED Support for CentOS 6 - ADDED Support for CentOS 7 - ADDED Support for RedHat Enterprise 6 - ADDED Support for RedHat Enterprise 7 - ADDED Support for Debian 8 - ADDED Support for Debian 9 - ADDED Support for Chrome browser - ADDED Support for FireFox browser - FIXED static lib KeyTalk Linux client version 5.2.1 14 September 2017 -------------------------------------------------------- - ADDED Check CRL during auto updating of Apache/IIS SSL certificates - ADDED Support for Debian 9 for Linux client - CHANGED KeyTalk Linux client became 64-bit which automatically limits platform support to 64-bit only - CHANGED Dropped support for http proxy on Windows and Linux clients as well as in RCCDs KeyTalk Linux client version 5.2.0 16 May 2017 ---------------------------------------------------- - FIXED minor bug in problem report generation KeyTalk Linux client version 5.0.0 25 January 2017 ---------------------------------------------------- - FIXED chmod 0644 to 0400 - REMOVED support for <4.6.0 KeyTalk virtual appliance - ADDED Enforces KeyTalk RESTful API over TLS communication. - REMOVED support for older configuration files - ADDED new style configuration (RCCD) based on YAML - REMOVED RCCD signature verification due to Amazon Web Services store requirements - FIXED Imported KeyTalk personal certificates are now only owner-readable on Linux (KeyTalk Linux client) - FIXED allow for RCCD KeyTalk configuration import from HTTPS - FIXED Imported KeyTalk personal certificates are now only owner-readable on Linux (KeyTalk Linux client) - FIXED Imported (sub)CAs from RCCD now end up in default location - KNOWN ISSUES Proxy is not supported on Windows and Linux clients KeyTalk Linux client version 4.4.4 -------------------------------------------------- - ADDED Apache support KeyTalk Linux client version 4.4.2 --------------------------- - FIXED Allow installation of KeyTalk Linux client via sudo - FIXED Allow non-root to use and customize KeyTalk Linux client - ADDED Host ssh public keys HWSIG component for Linux clients KeyTalk Linux client version 4.4.0 ---------------------------- - ADDED full RADIUS support - ADDED Active Directory password change KeyTalk Linux client version 4.4.0.b2 ---------------------------- - Compatible as of KeyTalk (virtual) appliance 4.3.3 - Command prompt only beta release 2 client - Tested for CentOS and ArchLinux - Uses static linked libraries