[ol7_latest] pki-base-10.5.18-27.el7_9.noarch

The PKI Framework contains the common and client libraries and utilities
written in Python.  This package is a part of the PKI Core used by the
Certificate System.


==================================
||  ABOUT "CERTIFICATE SYSTEM"  ||
==================================

Certificate System (CS) is an enterprise software system designed
to manage enterprise Public Key Infrastructure (PKI) deployments.

PKI Core contains ALL top-level java-based Tomcat PKI components:

  * pki-symkey
  * pki-base
  * pki-base-python2 (alias for pki-base)
  * pki-base-python3
  * pki-base-java
  * pki-tools
  * pki-server
  * pki-ca
  * pki-kra
  * pki-ocsp
  * pki-tks
  * pki-tps
  * pki-javadoc

which comprise the following corresponding PKI subsystems:

  * Certificate Authority (CA)
  * Key Recovery Authority (KRA)
  * Online Certificate Status Protocol (OCSP) Manager
  * Token Key Service (TKS)
  * Token Processing Service (TPS)

Python clients need only install the pki-base package.  This
package contains the python REST client packages and the client
upgrade framework.

Java clients should install the pki-base-java package.  This package
contains the legacy and REST Java client packages.  These clients
should also consider installing the pki-tools package, which contain
native and Java-based PKI tools and utilities.

Certificate Server instances require the fundamental classes and
modules in pki-base and pki-base-java, as well as the utilities in
pki-tools.  The main server classes are in pki-server, with subsystem
specific Java classes and resources in pki-ca, pki-kra, pki-ocsp etc.

Finally, if Certificate System is being deployed as an individual or
set of standalone rather than embedded server(s)/service(s), it is
strongly recommended (though not explicitly required) to include at
least one PKI Theme package:

  * dogtag-pki-theme (Dogtag Certificate System deployments)
    * dogtag-pki-server-theme
  * redhat-pki-server-theme (Red Hat Certificate System deployments)
    * redhat-pki-server-theme
  * customized pki theme (Customized Certificate System deployments)
    * <customized>-pki-server-theme

  NOTE:  As a convenience for standalone deployments, top-level meta
         packages may be provided which bind a particular theme to
         these certificate server packages.

Changelog (Show File list) (Show related packages)

• Mon May 01 2023 Dogtag Team <devel@lists.dogtagpki.org> 10.5.18-27

  - ##########################################################################
  - # RHEL 7.9 (Batch Update 23):
  - ##########################################################################
  - ##########################################################################
  - # RHCS 9.7 (Batch Update 23):
  - ##########################################################################
  - Bugzilla Bug #2179305 - Unable to use the TPS UI "Token Filter" to filter
    a list of tokens [RHCS 9.7] (ckelley)
  - Bugzilla Bug #2092522 - TPS Not allowing Token Status Change based on
    Revoke True/False and Hold till last True/False [RHCS 9.7.z] (cfu)
  - Bugzilla Bug #2176233 - TPS Not allowing Token Status Change based on
    Revoke True/False and Hold till last True/False (part 2) [RHCS 9.7.z] (cfu)

• Fri Mar 24 2023 Dogtag Team <devel@lists.dogtagpki.org> 10.5.18-26

  - ##########################################################################
  - # RHEL 7.9 (Batch Update 22):
  - ##########################################################################
  - ##########################################################################
  - # RHCS 9.7 (Batch Update 22):
  - ##########################################################################
  - Bugzilla Bug #2179305 - Unable to use the TPS UI "Token Filter" to filter
    a list of tokens [RHCS 9.7] (ckelley)
  - Bugzilla Bug #2092522 - TPS Not allowing Token Status Change based on
    Revoke True/False and Hold till last True/False [RHCS 9.7.z] (cfu)
  - Bugzilla Bug #2176233 - TPS Not allowing Token Status Change based on
    Revoke True/False and Hold till last True/False (part 2) [RHCS 9.7.z] (cfu)

• Fri Feb 10 2023 Dogtag Team <devel@lists.dogtagpki.org> 10.5.18-25

  - ##########################################################################
  - # RHEL 7.9 (Batch Update 21):
  - ##########################################################################
  - Bugzilla Bug #2160355 - RA Separation by KeyType - Set Token Status
    [RHCS 9.7 bu 21] (cfu, ckelley)
  - ##########################################################################
  - # RHCS 9.7 (Batch Update 21):
  - ##########################################################################
  - Bugzilla Bug #1774177 - Rebase redhat-pki, redhat-pki-theme, pki-core, and
    pki-console to 10.5.18 in RHCS 9.7 (Batch Update 7)

• Wed Oct 26 2022 Dogtag Team <devel@lists.dogtagpki.org> 10.5.18-24

  - ##########################################################################
  - # RHEL 7.9 (Batch Update 19):
  - ##########################################################################
  - Bugzilla Bug #2107329 - CVE-2022-2414 pki-core: access to external
    entities when parsing XML can lead to XXE [rhel-7.9.z] (ckelley, mharmsen)
  - ##########################################################################
  - # RHCS 9.7 (Batch Update 19):
  - ##########################################################################
  - Bugzilla Bug #2107325 - CVE-2022-2414 pki-core: access to external
    entities when parsing XML can lead to XXE [certificate_system_9.7.z]
    (ckelley, mharmsen)

• Mon Oct 10 2022 Dogtag Team <devel@lists.dogtagpki.org> 10.5.18-23

  - ##########################################################################
  - # RHEL 7.9 (Batch Update 18):
  - ##########################################################################
  - Bugzilla Bug #2107329 - CVE-2022-2414 pki-core: access to external
    entities when parsing XML can lead to XXE [rhel-7.9.z] (ckelley, mharmsen)
  - Bugzilla Bug #2111514 - CVE-2022-2393 pki-core: When using the
    caServerKeygen_DirUserCert profile, user can get certificates for other
    UIDs by entering name in Subject field [rhel-7.9] (cfu, ckelley)
  - ##########################################################################
  - # RHCS 9.7 (Batch Update 18):
  - ##########################################################################
  - Bugzilla Bug #2107325 - CVE-2022-2414 pki-core: access to external
    entities when parsing XML can lead to XXE [certificate_system_9.7.z]
    (ckelley, mharmsen)
  - Bugzilla Bug #2111493 - CVE-2022-2393 pki-core: When using the
    caServerKeygen_DirUserCert profile, user can get certificates for other
    UIDs by entering name in Subject field [rhcs_9.7] (cfu, ckelley)

• Mon Aug 22 2022 Dogtag Team <devel@lists.dogtagpki.org> 10.5.18-22

  - ##########################################################################
  - # RHEL 7.9 (Batch Update 17):
  - ##########################################################################
  - Bugzilla Bug #2107329 - CVE-2022-2414 pki-core: access to external
    entities when parsing XML can lead to XXE [rhel-7.9.z] (ckelley, mharmsen)
  - Bugzilla Bug #2111514 - CVE-2022-2393 pki-core: When using the
    caServerKeygen_DirUserCert profile, user can get certificates for other
    UIDs by entering name in Subject field [rhel-7.9] (cfu, ckelley)
  - ##########################################################################
  - # RHCS 9.7 (Batch Update 17):
  - ##########################################################################
  - Bugzilla Bug #2107325 - CVE-2022-2414 pki-core: access to external
    entities when parsing XML can lead to XXE [certificate_system_9.7.z]
    (ckelley, mharmsen)
  - Bugzilla Bug #2111493 - CVE-2022-2393 pki-core: When using the
    caServerKeygen_DirUserCert profile, user can get certificates for other
    UIDs by entering name in Subject field [rhcs_9.7] (cfu, ckelley)

• Tue May 31 2022 Dogtag Team <devel@lists.dogtagpki.org> 10.5.18-21

  - ##########################################################################
  - # RHEL 7.9 (Batch Update 15):
  - ##########################################################################
  - Bugzilla Bug #2074722 - user password and pkcs12 password exposure when
    debug level set to maximum [RHEL 7.9.z] (cfu)
  - Bugzilla Bug #2082717 - SCEP manual approval failure (cfu)
  - ##########################################################################
  - # RHCS 9.7:
  - ##########################################################################
  - Bugzilla Bug #1774177 - Rebase redhat-pki, redhat-pki-theme, pki-core, and
    pki-console to 10.5.18 in RHCS 9.7 (Batch Update 7)

• Mon Apr 25 2022 Dogtag Team <devel@lists.dogtagpki.org> 10.5.18-20

  - ##########################################################################
  - # RHEL 7.9 (Batch Update 14):
  - ##########################################################################
  - Bugzilla Bug #2074722 - user password and pkcs12 password exposure when
    debug level set to maximum [RHEL 7.9.z] (cfu)
  - ##########################################################################
  - # RHCS 9.7:
  - ##########################################################################
  - Bugzilla Bug #1774177 - Rebase redhat-pki, redhat-pki-theme, pki-core, and
    pki-console to 10.5.18 in RHCS 9.7 (Batch Update 7)

• Thu Dec 16 2021 Dogtag Team <devel@lists.dogtagpki.org> 10.5.18-19

  - ##########################################################################
  - # RHEL 7.9 (Batch Update 11):
  - ##########################################################################
  - Bugzilla Bug 1998597 - TPS RA Separation Issues (cfu)
  - Bugzilla Bug 2008319 - PKISpawn with ECC Signing Algorithms fail
    in FIPS Mode (cfu)
  - Bugzilla Bug 2018608 - Invalid certificates with creation of subCA
    (pkispawn single step) [rhel-7.9.0.z] (cfu)
  - ##########################################################################
  - # RHCS 9.7:
  - ##########################################################################
  - Bugzilla Bug #1774177 - Rebase redhat-pki, redhat-pki-theme, pki-core, and
    pki-console to 10.5.18 in RHCS 9.7 (Batch Update 7)

• Sat Oct 23 2021 Dogtag Team <devel@lists.dogtagpki.org> 10.5.18-18

  - ##########################################################################
  - # RHEL 7.9 (Batch Update 10):
  - ##########################################################################
  - Bugzillla Bug 1978345 - End Entity's List Certificates Page Back/Forward
    Buttons are Broken (ckelley, jonahon.d.parrish@mail.mil, mharmsen)
  - Bugzilla Bug 2008707 - pkispawn bails out too easily for things that could
    have been worked around after installation [RHEL 7.9.z] (cfu)
  - Bugzilla Bug 2016773 - Directory authentication plugin requires directory
    admin password just for user authentication (rhel-7.9.z)
    (awnuk@purestorage.com, jmagne)
  - ##########################################################################
  - # RHCS 9.7:
  - ##########################################################################
  - Bugzilla Bug #1774177 - Rebase redhat-pki, redhat-pki-theme, pki-core, and
    pki-console to 10.5.18 in RHCS 9.7 (Batch Update 7)