Horizon 2.6.0 release notes

Here are the release notes for EverTrust Horizon v2.6.0, released on 2024-08-22.

For the installation and upgrade procedure, please refer to the Installation and Upgrade guide.

Horizon now requires Java version 17.

1. New Features

  • [HRZ-1664] - Added support for basic authentication on HTTP Proxies

  • [HRZ-1946] - Added datasources: external data can now enrich enrollment metadata

  • [HRZ-1970] - Added auto validation on SCEP, EST and WebRA: certificates matching a set of rules can now be enrolled without any further validation by an operator

  • [HRZ-1956] - Added SCIM v2 compliance: Horizon accounts can now be automatically synchronized with SCIM Providers (Entra, Okta, …​)

  • [HRZ-1995] - Added automatic healthcheck for Stream, Acme, ADCS, DigiCert, EJBCA, GlobalSignMSSL, NameShield and Opentrust PKI connectors

  • [HRZ-2051] - Added the Nameshield PKI Connector

  • [HRZ-1910] - Teams can now be used in HPQL

2. Enhancements

  • [HRZ-2101] - Crypto decoder now displays unknown extensions

  • [HRZ-1966] - Crypto decoder now supports OpenSSH certificates, Timestamping Tokens and OCSP Tokens

  • [HRZ-2059] - Added the possibility to selectively enable features depending on the hostname. Learn more

  • [HRZ-2068] - EST/SCEP: Computation rule execution now takes place on challenge request submission

  • [HRZ-1995] - Improved configuration workflow for the Stream connector

  • [HRZ-2063] - Added CSV capabilities for Events and Discovery Events on search and report interfaces

  • [HRZ-1881] - Notifications now also support computation rule manipulation inside dynamic attributes

  • [HRZ-2108] - Added the possibility to search if a certificate is escrowed or not

  • [HRZ-2114] - Added support of additional endpoints on Sectigo SCM PKI connector

  • [HRZ-2115] - MetaPKI connector now supports Unique Identifier DN Element

  • [HRZ-2078] - WCCE: AD Caller identity’s distinguished name dictionary is now available

3. Bug Fixes

  • [HRZ-2106] - Fixed incorrect configuration key for request grace period and default duration

  • [HRZ-2100] - Fixed a bug that prevented HQL requests to be saved when modified

  • [HRZ-1546] - Fixed a bug that allowed WebRA requests to be approved concurrently

  • [HRZ-2025] - Fixed a bug that made long running scheduled tasks appear as failed

  • [HRZ-1853] - Mongo Driver: Fixed a bug that made database results incomplete in non primary mode. This will improve performance when connected to a mongo cluster once the connection string has been modified

4. Known Defects

  • A migration issue affects requests:

    • Pending requests for renewal cannot be validated

    • Approved requests are missing some information and PKCS#12 cannot be downloaded

      This issue has been fixed in version 2.6.3

  • Authenticated proxies are not available for Intune, SOAP and LDAP Connections.

5. API modifications

  • [HRZ-1881] - In REST notifications (/api/v1/triggers), body and bodyType parameters were renamed to payload and payloadType

  • [HRZ-1970] - Added the authorizationMode mandatory property on WebRA profiles (/api/v1/certificate/profiles)

The Akka framework has been replaced by Pekko. It can lead to configuration changes if you manually manage the Horizon configuration.