Skip to content

Release notes

ActiveServer v2.0.20

[Release Date: 27/02/24]

ChangeDescription
[#2880]Added functionality to enable message content logs
[#2908]Added new param includeTotalElements to the API endpoint /api/v1/admin/trans
[#2921]Fixed an issue with PRes validation when dsEndProtocolVersion is 2.3.1
OtherMinor bug fixes, performance, and security enhancements

ActiveServer v2.0.19

[Release Date: 16/11/23]

ChangeDescription
[#2142]Added support for mandatory password for when exporting DS certificates
[#2659]Enhanced error logs
[#2664]Enhanced Transaction page in Admin UI
[#2721]Enhanced RReq waiting strategy
[#2750]Enhanced Archiving utility
[#2788]Enhanced browser collection to send IPv6 in an uncompressed format
[#2805]Enhanced merchant API validation
OtherMinor bug fixes, performance, and security enhancements

ActiveServer v2.0.18

[Release Date: 21/08/23]

ChangeDescription
OtherMinor bug fixes, performance, and security enhancements

ActiveServer v2.0.17

[Release Date: 03/08/23]

ChangeDescription
[#2505]Added Archiving utility
[#2556]Added new Admin API
OtherMinor bug fixes, performance, and security enhancements

ActiveServer v2.0.16

[Release Date: 06/06/23]

ChangeDescription
[#2600]Fixed an issue in the Dashboard, where the leftmost digits of a large number on the y-axis are cut off on a small display
[#2602]Enhance usage uploading
OtherMinor bug fixes, performance, and security enhancements

ActiveServer v2.0.15.1

[Release Date: 27/04/23]

ChangeDescription
[#2522]Updated login form with "autocomplete=off"
OtherMinor bug fixes, performance, and security enhancements

ActiveServer v2.0.15

[Release Date: 20/03/23]

ChangeDescription
[#2308]Updated the password email template
[#2327]Fixed an issue with the Merchant profile page where card scheme information was not removed
[#2446]Added Mastercard Test Platform support
[#2454]Enhanced the Usage Uploading process
[#2480]Fixed an issue that caused HTTP connection errors
[#2520]Fixed an indexing issue that caused a latency during authentication value masking
[#2522]Disabled Autocomplete in the login page
OtherMinor bug fixes, performance, and security enhancements

ActiveServer v2.0.14

[Release Date: 16/12/22]

ChangeDescription
[#2380]Fixed issue with account validation for Auth API and Admin API
OtherMinor bug fixes, performance, and security enhancements

ActiveServer v2.0.13

[Release Date: 01/12/22]

ChangeDescription
[#2359]Further optimisation for usage uploading process
[#2337]Improved HTTP connection process when connecting to the DS

ActiveServer v2.0.12

[Release Date: 07/11/22]

ChangeDescription
[#2311]Optimised usage uploading to handle the accumulation of pending transactions

ActiveServer v2.0.11

[Release Date: 18/10/22]

ChangeDescription
[#2004]New API parameter - resolvedCardScheme
[#1797]Optimised the DB query logic for Mastercard
[#2154]Update merchant dropdown to search box in Admin UI - Dashboard
[#2161]Updated result API error message if the RReq is not received
[#2163]Added a waiting period for the RReq as some ACSs may not follow the EMV protocol and will send the final CRes before receiving the RRes
[#2188]Introduced Second Level Card Range Cache deployment option to Sidecar node
[#2211]Resolved JDK high CPU usage
[#2224]Update ActiveServer Testlabs profile to use the new Testlabs URL
[#2269]Fixed a locking issue on the card range data

ActiveServer v2.0.10

[Release Date: 28/07/22]

ChangeDescription
[#2159]Fixed an issue introduced in AS v2.0.9 where an unmasked PAN could be shown in the logs when there is a request to get card range data

ActiveServer v2.0.9

[Release Date: 18/07/22]

ChangeDescription
[#392]Update JDBC drivers, and removed SQLServer 2008 R2 as a supported database and added support for SQLServer 2019
[#570]Added challenge completion rate to the dashboard in Admin UI
[#1981]Enhanced the data scanner and DB IO
[#2093]Added Merchant ID and Merchant Name override to each card scheme row in Merchant Profile
[#2104]Fixed a rendering issue in the Transaction Request/Response section of the Admin UI
OtherMinor bug fixes, requestor code update, performance, and security enhancements

ActiveServer v2.0.8

[Release Date: 14/04/22]

ChangeDescription
[#1830]Added extra metadata for the client certificate bundle
[#1897]Performance and memory usage enhancements for large card range updates from the DS
[#1911]Frontrunner/Sidecar deployment options for ActiveServer instance
[#1931]Enhancement of reading process of PReq/PRes when it is displayed in the Admin UI
[#1939]Return threeDSRequestorTransID when the auth/brw/result is called
[#1945]Optimised card range query for the init Auth API
[#1946]Optimised AS usage processing and memory usage under high work load
[#1949]Enhancement of Admin UI security
OtherMinor bug fixes, performance, and security enhancements

ActiveServer v2.0.7

[Release Date: 01/03/22]

ChangeDescription
[#1717]Enhancement of ActiveServer to allow the requestor to do browser collection and provide the data
[#1826]Enhancement of Create new Merchant API
OtherMinor bug fixes, performance, requestor and security enhancements

ActiveServer v2.0.6.2

[Release Date: 19/01/22]

ChangeDescription
[#1819]Added a warning message to when a user is deleted

ActiveServer v2.0.6.1

[Release Date: 15/12/21]

ChangeDescription
[#1793]Fixed an issue where a user was unable to set a new user’s password

ActiveServer v2.0.6

[Release Date: 07/12/21]

ChangeDescription
[#142]Enhancement of Auth Error Response
[#1562]Added support for 3DS1 transaction query
[#1622]Added “Incomplete (E)” to the Additional Information - Transactions section at the bottom of the Dashboard view. It represents transactions that were not completed for any reason.
[#1638]Enhancement of transactions loading in dashboard view
[#1641]Enhancement of browser collection
[#1661]monUrl to include scenario where 3DSMethodUrl is not available
[#1669]Updated documentation description for trans-type field
[#1670]Enhancement to support BrowserIP field collection
[#1676]Remove payTokenInd from API document
[#1694]Introduced new fields to Enrol API to support co-branding and improve query
[#1695]Processing and handling of a “null” PRes field
[#1719]Improved browserInfo to account for scenarios where the values are empty
[#1733]Fixed formatting error in messageCategory in 3RI API document
[#1743]Improved Admin UI activation URL
[#1765]Scheduled card cache to exclude disabled card schemes
OtherMinor bug fixes, performance and security enhancements

ActiveServer v2.0.5

[Release Date: 21/09/21]

ChangeDescription
[#1517]Added the Message Version, Device Channel and 3DS Requestor TransID filters to the Transaction report page on the Admin UI
[#1534]Changed the Dashboard page on the Admin UI to automatically hide card schemes from the statistics if there are no transactions for the specified date range
[#1536]Updated the merchant details page on the Admin UI by separating the details and certificates into tabs
[#1546]Improved the 3DS Method handling process for when the DS sends a 3DS Method Notification message too close to the 3DS Method time-out time
[#1554]Changed the "PAN not enrolled" log message from ERROR to WARN
[#1555]Fixed an issue where the errorDetail was sometimes not returned in the 3DS error message
[#1559]Fixed an issue with purchaseDate field not being sent for Mastercard NPA AAV refresh transactions
[#1564]Fixed an issue with the purchaseAmount field conversion for 3DS1 SaaS transactions
[#1573]Fixed an issue with the disable local file output logging setting
[#1581]Enhanced the BrowserInfo collection process to round the BrowserTZ to a whole number when a decimal is returned from an old browser
[#1586]Removed the "New merchant" button on the Admin UI for the Merchant Admin user role
[#1589]Removed the priorTransID field from the Auth API requests. It has been replaced with the priorAuthenticationInfo field object, which allows the user to specify prior transaction data required for a transaction
[#1590]Added a UTC toggle to the Dashboard page on the Admin UI to show transactions in UTC rather than the users time-zone
[#1591]Fixed an issue with the key exchange process for the Data Encryption utility
[#1609]Improved the PRes proccessing memory allocation handling for large file updates
[#1616]Changed the log level for "invalid field data for masking messageExtension, type ArrayList" from error to trace
OtherMinor bug fixes, performance and security enhancements

ActiveServer v2.0.4

[Release Date: 02/07/21]

ChangeDescription
[#1410]Added support for ActiveServer to send 3DS1 authentication requests (SaaS clients only) through a new API endpoint /auth/3ds1. Please contact GPayments if you are a SaaS client interested in enabling this functionality for your service
[#1425]Added a new field to the /brw API request, forceMessageVersion, which will force ActiveServer to use the value specified in messageVersion even if the ACS card range does not support that 3DS version
[#1426]Added a new field to the /brw and /brw/result API responses, amexDsTransID, which will provide the DS Transaction ID in a converted format according to AMEX specifications. This is provided in addition to the existing dsTransID field
[#1432]Added a new event, 3DSMethodHasError, which will be returned if the ACS incorrectly attempts to send a 3DS Method notification after the time-out period has elapsed. This event is only for additional logging/troubleshooting purposes and the 3DS requestor can still continue with authentication when they receive the InitAuthTimedOut event, further explanation is provided in the API documentation
[#1439]Changed the automatically generated password when downloading certificate files to no longer include special characters. From now on only alphanumeric characters will be used, this does not affect existing certificate files
[#1447]Fixed an issue with concurrent updates which could cause an "Invalid PAN" in some occasions
[#1449]Fixed an issue causing browser information collection to occasionally fail
[#1450]Fixed an issue with the Transaction report page on the administration UI not showing all challenge transactions when the "Challenge (C)" filter is used
[#1459]Changed the browserLanguage field validation to truncate the provided browserLanguage rather than throw an error if it is longer than the EMV mandated 8 characters
[#1491]Fixed an issue where purchaseAmount would not be provided for Mastercard 2.1.0 3RI NPA transactions
[#1492]Changed the threeDSServerCallbackUrl parameter concatenation to three underscores ("___") to be more compatible with certain ACS vendors
[#1493]Improved the card range identification process to better avoid card range overlaps between UnionPay and other card schemes
OtherMinor bug fixes, performance and security enhancements

ActiveServer v2.0.3

[Release Date: 11/05/21]

ChangeDescription
[#883]Added functionality to support migrating merchants from ActiveMerchant to ActiveServer SaaS
[#1351]Added functionality for overriding merchant information (Acquirer BIN, 3DS Requestor ID, 3DS Requestor Name and Merchant Category Code) in the /auth/brw request. This feature first must be enabled by a security admin on the Admin UI settings
[#1390]Added functionality to disable merchantId checking for the /enrol request. This feature must first be enabled by a security admin on the Admin UI settings
[#1394]Fixed an issue with settings page always asking to save changes
[#1399]Improved the error handling process for callback pages
[#1406]Updated the /auth/brw request to longer require the threeDSRequestorTransId field
[#1408]Added additional logging for troubleshooting authentication requests
[#1409]Fixed an issue for a Visa 3RI NPA 2.2.0 compliance test case
[#1412]Updated the transaction report page on the Admin UI to show the RReq status for Decoupled transactions
[#1414]Changed the 3DS version downgrade logic to no longer downgrade a transaction from v2.2.0 to v2.1.0 if 2.2.0 is specified and no card range is found
OtherMinor bug fixes, performance and security enhancements

ActiveServer v2.0.2

[Release Date: 01/04/21]

ChangeDescription
[#1282]Added support for additional characters to be used for Merchant Name and 3DS Requestor Name fields
[#1284]Removed strict validation checking for billAddrCountry and billAddrState in the /brw API
[#1285]Improved the error message response for the calling /brw API if the transaction has already finished
[#1289]Added GC statistics (e.g. used/max memory, gc pause avg value, heap size) to the log entry when the Auth API is called
[#1296]Fixed issues with Mastercard IDC 2.2.0 compliance testing
[#1298]Enhanced the logging for the eventCallbackUrl notification and browser information collecting
[#1299]Added Mastercard support for the Message Category field values 85(PVPA) and 86(PVNPA)
[#1302]Updated Javascript libraries to their latest available version
[#1303]Enhanced the security for lost password reset mechanism
[#1305]Removed database entries in the key_reg table for keys that are no longer used after migrating to APIv2
[#1319]Further optimised the performance for the merchant cache update
[#1328]Improved handling of browserIP during browser information collecting
[#1333]Improved the distributed locking process for usage uploading and PReq processes
[#1352]Fixed an issue preventing Croatia appearing in the Merchant Country field on the Admin UI
[#1356]AuthResultReady event is now returned to the 3DS Requestor instead of an error page in case the second final CRes is submitted from the browser after the challenge timeout. No code changes are required for the 3DS Requestor
[#1359]Changed the HTTP status error code to 415 (Unsupported Media Type) to return to the DS when Content-Type that is not application/json is sent from the DS in the RReq process
[#1373]Fixed an issue where an unmasked PAN could be shown in the logs when the PAN did not fit into a card range
[#1377]Finished compliance testing with UnionPay International, the CUP DS Profile has now been enabled and CUP transactions can now be performed
OtherMinor bug fixes, performance and security enhancements

ActiveServer v2.0.1

[Release Date: 01/02/21]

ChangeDescription
[#1086]Added TestLabs logos for TestLabs transactions on the transaction report page
[#1154]Added an API conversion utility to permanently disable APIv1 and convert all APIv1 transactions to APIv2 format
[#1209]Enhanced the security for the PAN validation process
[#1214]Fixed an issue with PKCS11 provider name mismatch for HSM's, causing the authentication value decryption to fail in a multi node environment
[#1221]Changed the default column size for TransMessage LOB for DB2 databases to 250M
[#1229]Enhanced the Browser IP header validation to support proxy IP's
[#1277]Added DS specific values for threeDSRequestorChallengeInd when the transStatus is I, and changed validations on date fields to accept a maximum date of 99991231
OtherMinor bug fixes, performance and security enhancements

ActiveServer v2.0.0

[Release Date: 25/11/20]

ChangeDescription
EMV 2.2.0Added support for EMV 3DS v2.2.0, including:
[#962]: Non-javascript BRW processing
[#964]: Core 3DS 2.2.0 message validation, processing and verification
[#965]: New authentication process, Decoupled Authentication
[#966]: Updated PReq/PRes messaging to process additional 2.2.0 data fields
[#974]: New messageVersion field in all v2 Auth APIs to allow merchants to specify desired 3DS Message Version for the transaction
[#1111]: 3RI channel for PA transactions, including adding a new /auth/3ri/result endpoint to fetch the final RReq result
[#1141]: New v2.2.0 specific fields added to API, marked as [From V2.2.0] in documentation
[#833]Added the messageExtension field to the v2 /brw API request so that merchants can support card scheme specific message extensions
[#915]Added the challengeCancel field to the v2 /brw/result API response to give merchants more information why a challenge request may have been cancelled
[#1015]Changed the v2 /auth/brw API to now require the transType field for Visa, according to Visa specifications
[#1048]Added the display of transaction Error messages to the transaction report screen if they are available
[#1077]Fixed an issue when sending ChallengeIndicator=82 to the Visa DS
[#1092]Added support for challengeWindowSize to the v2 /brw/init API request, which allows the merchant to specify dimensions for the challenge window to be displayed to the cardholder
[#1097]Improved the performance for messaging processing on large PRes data sets
[#1139]Transaction timestamps stored as UTC in the database were being time-zone converted by certain JDBC drivers. Although all timestamps were being re-converted and displayed correctly by ActiveServer on the UI and APIs, the database storage logic has been changed to store timestamps without conversion in the database for future transactions. A conversion will take place after upgrade to convert old transactions in the background in batches until all transactions are updated.
[#1049]To support 3DS method time-outs or failure, monUrl will now post browser information to the callback url, allowing a merchant to continue with the authentication process
[#1109]The resultMonUrl field has been added in the BRW, APP and 3RI API responses for monitoring the results availability for decoupled authentication
[#1150]Updated the v2 Enrol API to return EMV 2.2 specific information, including the Supported Message Versions and ACS Information Indicator, which can be used by the merchant for additional transaction processing logic
[#1167]Changed the validation logic for merchant Acquirer BIN's to allow non-numeric values as well
[#1171]Added support for overriding the 3DS Server Reference number for each card scheme
[#1175]Fixed an issue with the 3DS Server transactionId not not being output in the log file for APP and 3RI transaction messages
OtherMinor bug fixes, performance and security enhancements

ActiveServer v1.4.0

[Release Date: 10/09/20]

ChangeDescription
[#904] EnhancementAdded extra log messages for licensing warnings
[#928] EnhancementAdded preliminary support for UnionPay, including adding UnionPay to the Dashboard, DS profiles, Transaction reports, Merchant profiles and API providers. UnionPay functionality will be enabled for clients in a future release
[#931] EnhancementEnhanced the Merchant/Master Auth API and Admin API client certificates download procedure to automatically generate a strong password and an expiry date which is now included in the downloaded zip file
[#938] EnhancementAdded universal message logging by TransactionID, log messages related to transactions now have the log format of [Transaction ID: <TransID>]: <Message>
[#941] EnhancementAdded a new health check API /health to allow checking of system status
[#959] ChangeUpdated the /trans admin API from GET to POST as clients using a proxy or load balancer may expose a PAN in their own system logs by accident
[#976] EnhancementThe 3DS Server URL for TestLabs is now editable to allow customisation of the port number, however the domain must still match the External URL or API URL (if present) used during server activation
[#984] EnhancementEnhanced PRes processing to ignore card ranges that have an invalid 3DS Method URL and successfully process the remaining valid ranges
[#986] EnhancementUpdated the cardholder email validation logic to accept uppercase lettering
[#988] FixFixed an issue that could cause the Download CSR and Delete CSR buttons on the DS Settings page to become unselectable
[#991] EnhancementAdded support for EMV DS reserved message fields
[#994] FixFixed an issue where the MCC was not saved when it was edited on the administration UI
[#997] FixFixed an issue where the MCC and acquirerBIN were not set for NPA transactions
[#1005] ChangeUpdated the error component field message handling to always use the value returned by the DS
[#1008] ChangeThe purchaseCurrency field is no longer set to null when the threeDSRequestorAuthenticationInd is not 02 or 03, it is now set to the requestor provided value or populated from the merchants default currency
[#1009] EnhancementEnhanced performance and resource usage optimisation for underlying web container
[#1014] FixFixed an issue when adding an acquirer BIN that removed the preceding "0" characters from the start of the BIN
[#1024] FixFixed an issue that caused the "Last PReq status" to not update when switching card schemes on the administration UI
[#1046] EnhancementUpdated the format of the threeDSMethodNotificationURL to be compatible with ACS's that incorrectly perform URL escaping
[#1058] EnhancementImproved the CRes error handling process
[#1071] ChangeRemoved the masking from the cardholder expiry date field on the raw 3DS messages to be consistent with the rest of the system
[#1074] EnhancementAdded additional masking to the cardholderEmail field for the initAuth API logs to be consistent with the rest of the system
[#1075] EnhancementEnhanced PRes card range lookup functionality for PRes data when identifying which DS the transaction should be sent to
[#1076] EnhancementAdded batch update functionality for large PRes data files as well as improved node memory management during lengthy PRes update tasks
[#1080] EnhancementAdded additional database indexing to improve the performance of transaction report queries on the administration UI
OtherMinor bug fixes, performance and security enhancements

ActiveServer v1.3.5

[Release Date: 26/06/20]

ChangeDescription
[#900] EnhancementAdded a Card range tab to each Directory Server settings page, which shows the last received PRes information, along with all the cached enrolled card ranges
[#907] FixFixed a UI issue where the Recurring Expiry and Recurring Frequency would not be shown on the transaction report screen
[#913] EnhancementAdded an option to disable PReq sending per card scheme profile
[#927] EnhancementAdded "Production" and "TestLabs" sub menus to the Directory Servers on the administration interface so they can be managed individually
[#932] FixFixed an concurrent user issue that could occur when resetting a user password
[#942] EnhancementEnhanced validation logic for validating URLs received in PRes messages
[#944] ChangeIf a browserColorDepth value is presented outside of EMV protocol specifications, it will now be changed to the closest lower value rather than throw an error, based on EMV recommendations
[#945] EnhancementAdded support for additional hash algorithms for certificate importing
[#946] EnhancementEnhanced the performance of PReq processing functions
[#948] EnhancementAdded a DS profile override function that allows the server to be set up to only send API requests to a certain DS profile instead of using the API trans-type flag
[#950] EnhancementEnhanced certificate importing compatibility by removing the Extended Key Usage check
OtherMinor bug fixes, performance and security enhancements

ActiveServer v1.3.4

[Release Date: 26/05/20]

ChangeDescription
[#674] EnhancementActiveMerchant merchant migration function is now disabled when no database configuration has been set in the properties file
[#868] EnhancementAdded a Transaction Type filter to the Transactions search on the admin UI and Transaction Type field to the /trans API for TestLab/Prod transaction filtering
[#870] EnhancementAdded a Transaction Type filter to Dashboard on the admin UI for TestLab/Prod transaction filtering
[#875] FixFixed an issue with PReq sending to the TestLabs DS on multi node systems
[#879] FixFixed a startup error that occurred when AS_PROFILES was set to "test"
[#880] FixFixed a display error on the admin UI that sometimes occurred when selecting the DS settings certificate tab
OtherMinor bug fixes, performance and security enhancements

ActiveServer v1.3.3

[Release Date: 14/05/20]

ChangeDescription
[#397] EnhancementAdded support for using a proxy for usage uploading and Directory Server connections
[#757] EnhancementAdded additional URL input validation by not allowing 127.0.0.1 to be used
[#775] EnhancementAdded encryption for Authentication Value stored in the database for Auth API v2 transactions
[#796] FixFixed an issue where an invalid Acquirer BIN could cause a display error on the Admin UI
[#803] EnhancementAdded support for AS to run using a read-only file system
[#804] ChangeRemoved the warning from AS startup for the keystore not loading with keystore loading optimisation
[#806] EnhancementAdmin UI can now only be accessed via a single browser session per individual user
[#820] Enhancement[TestLabs Support] Added an optional parameter to Auth API calls (?trans-type=prod) to distinguish production transactions from GPayments TestLabs transactions. TestLabs DS will be used by default if no parameter is provided
[#823] Enhancement[TestLabs Support] Added additional listening ports for the GPayments TestLabs directory server
[#826] Enhancement[TestLabs Support] Added internal DS profiles for the GPayments TestLabs. Production DS profiles can now be used for production card scheme settings. Existing GPayments certificates and URLs can be removed safely
[#828] EnhancementPReq message sending can now be disabled per card scheme by removing the Server URLs on the respective Directory Server settings page
[#831] ChangeRelaxed the validation for the notes section on the merchant profile by allowing additional characters to be used
[#847] EnhancementImproved the efficiency of the card range caching process
[#854] EnhancementAdded support for AWS secrets manager configuration
[#857] EnhancementUpdated the default application-prod.properties file with TestLabs DS ports, existing implementations will not be updated
[#859] FixFixed issue with /api/v2/auth/enrol API returning inconsistent error response when empty merchantId was provided
[#865] FixReturn error code ERROR_SAVE_TRANSACTION(1002) is now provided when a transaction fails to be saved
OtherMinor bug fixes, performance and security enhancements

ActiveServer v1.3.2

[Release Date: 30/03/20]

ChangeDescription
[#619] EnhancementOptimised the loading performance of the Directory Server settings and certificate pages
[#771] EnhancementEnhanced the port checking process to be more flexible when X-forwarded headers are used in a load balancing setup
[#774] EnhancementAdded encryption for the Authentication Value stored in the database which is provided as proof of authentication
[#781] EnhancementSecurity enhancements added to harden Admin API calls against intrusion
[#799] EnhancementAdded a connection test for KMS on startup, which will throw an error if KMS is not initialised correctly
[#801] FixFixed an issue that that could return an error during an API v2 enrol request, as well as adding log output's for API enrol requests
OtherMinor bug fixes, performance and security enhancements

ActiveServer v1.3.1

[Release Date: 18/03/20]

ChangeDescription
[#468] EnhancementEnhanced the security for the setup wizard
[#664] EnhancementAdded support for disabling logging output to local files
[#718] FixFixed an error that occurred when using a Purchase Amount to search for a transaction report
[#735] FixFixed an error that occurred when the optional purchaseCurrency field was not provided in Auth API v2 payment (PA) transactions
[#736] FixFixed an issue with merchant name overriding in Auth API v2 for 3RI channel authentications
[#747] EnhancementAdded the dsReferenceNumber and acsReferenceNumber to the /api/v2/brw/result and /api/v2/app/result API responses
[#753] EnhancementAdded support for additional HTTP status codes to be returned in the Auth API error responses
[#754] EnhancementAdded URL input validation for the External URL, API URL, Admin URL and 3DS Server URLs, so that they can no longer include additional path's or query strings
OtherMinor bug fixes, performance and security enhancements

ActiveServer v1.3.0

[Release Date: 07/02/20]

ChangeDescription
[#347] EnhancementAdded support for using AWS KMS as an encryption type
[#375] FixFixed an issue that potentially allowed unauthorised access to the login page via the Admin API
[#589] EnhancementAdded a new optional field (addrMatch) to the Auth API v1, allowing the user to specify if the cardholder billing and shipping addresses match
[#621] EnhancementAdded support for the PRes cache to handle up to 19 digit PANs when calling the /enrol API
[#637] EnhancementImproved keystore handling process to prevent potential conflicts
[#639] EnhancementAdded v2 of the authentication API, including changes to PAN storage and encryption keys - full PAN is no longer stored, only a truncated version for v2 transactions
[#642] EnhancementImproved error handling for HTTP 302 redirections on administration interface
[#644] EnhancementImproved the performance of the PReq message process for card range caching
[#652] ChangeAuthentication Value provided as the proof of authentication is now only stored for 7 days, after which it is masked
[#656] EnhancementAdded support for specifying the folder for log file collection
[#657] FixFixed an issue that could cause transaction processing to stop when no threeDSMethodData was received
[#660] EnhancementImproved performance for database connection pool
[#679] ChangePANs in the system now show the first 6 and last 4 digits, with the remaining digits being truncated and masked
[#682] ChangeChanged the s3.bucket-name property path setting to be more flexible
OtherMinor bug fixes, performance and security enhancements

ActiveServer v1.2.2

[Release Date: 21/11/19]

ChangeDescription
[#167] EnhancementEnhanced 3DS Method notification process to be more robust
[#627] ChangeChanged security header policy to apply to both HTTP and HTTPS
[#628] FixFixed an issue with content security policy header for administration UI
[#629] FixFixed an issue with message validation for field authenticationType

ActiveServer v1.2.1

[Release Date: 15/11/19]

ChangeDescription
[#584] EnhancementNormalised HTTP response status for server requests
[#586] EnhancementAdded additional HTTP headers to enhance page security
[#616] FixFixed an issue with currency code exponent for UAH (980)
[#617] FixFixed an issue when searching for merchants using an acquirer BIN

ActiveServer v1.2.0.1

[Release Date: 04/11/19]

ChangeDescription
[#610] FixFixed an issue with Oracle database initialisation

ActiveServer v1.2.0

[Release Date: 01/11/19]

ChangeDescription
[#293] EnhancementAdded the payTokenInd to Auth APIs to support the conditional EMVCo field EMV Payment Token Indicator
[#351] ChangeMerchants must now be created or edited to have a unique combination of Merchant name and Merchant ID
[#404] FixFixed an issue for users with a merchant role being unable to access dashboard
[#494] ChangeRemoved padding from Base64url encoding as per EMVCo bulletin
[#542] EnhancementAdded support for importing Merchant and Acquirer profiles from ActiveMerchant
[#546] ChangePurchase amount on transaction reports are now shown and searched for in major units rather than minor units
[#561] EnhancementImproved indexing for database table performance
[#581] EnhancementAdded a warning dialogue to restart instance when a DS certificate is added
[#583] EnhancementAdded a new Admin URL setting to allow separate access to the administration interface
[#590] EnhancementImproved the process of keystore initialisation during server startup
[#599] ChangeRemoved the global settings for Cache refresh interval, Preparation Response (PRes) timeout and Preparation Response (PRes) timeout. These settings can still be managed per card scheme on the DS settings page
OtherMinor bug fixes, performance and security enhancements

ActiveServer v1.1.4

[Release Date: 27/09/19]

ChangeDescription
[#559] EnhancementUpdating the External URL will now automatically update all 3DS Server URLs in the Directory Server settings if they have an empty value
[#579] FixFixed database index errors that occurred during Mastercard automated compliance testing
OtherMinor bug fixes, performance and security enhancements

ActiveServer v1.1.3

[Release Date: 20/09/19]

ChangeDescription
[#573] FixFixed an issue concerning key generation for certain HSMs
[#574] EnhancementAdded a confirmation dialogue when rotating keys
OtherMinor bug fixes, performance and security enhancements

ActiveServer v1.1.2

[Release Date: 19/09/2019]

ChangeDescription
[#383] EnhancementThe ActiveServer EULA is now accessed from the administration UI about page and has been removed from the release package
[#424] ChangeManaging Acquirer BINs via the Admin API now uses string values rather than UUID's of Acquirers in the system. As such, the Acquirer Admin API endpoints have been removed. The administration UI now takes either an existing Acquirer BIN or a value can be entered
[#450] ChangeSetting the admin.port now restricts all administration interface UI requests to that port number
[#507] EnhancementAdded dsTransID and messageVersion to API responses for BRW, APP and 3RI channels
[#519] EnhancementAdded a Master Auth API client certificate which can be used to authenticate on behalf of any merchant in the system
[#547] EnhancementAdded additional warning dialogues for users when there is a possibility of overriding existing private keys on Directory Server certificate page
[#548] EnhancementAdded a new challenge status API endpoint (/api/v1/auth/challenge/status), allowing the 3DS Requestor to optionally provide a cancel reason when cancelling a challenge request
[#552] EnhancementEnhanced the performance of installation wizard
[#555] ChangeChanged a listener port opened by ActiveServer to be internally used only
[#557] ChangeRemoved the CRes and ACS Method timeout settings as they correspond to 3DS SDK timeouts
[#560] ChangeChanged the Admin API endpoints for Merchants (certificate export/revoke and key rotate) and removed unused parameters from request and responses. Also removed the Admin API endpoints for settings
[#565] FixFixed an issue where a user was able to exceed the session failed attempts amount
[#569] FixFixed an issue causing the PReq not to be sent if the PReq value was not set in Directory Server settings
OtherMinor bug fixes, performance and security enhancements

ActiveServer v1.1.1

[Release Date: 30/08/2019]

ChangeDescription
[#509] EnhancementAdded a new monitoring endpoint for timing out non-completed transactions to support 3DS Requestor sample code v1.1
[#537] EnhancementAdded an optional merchant name field to authentication APIs to allow the merchant name in a merchant profile to be overridden
[#541] EnhancementAdded sample database connector settings to application-prod.properties for DB2 and PostgreSQL
OtherMinor bug fixes, performance and security enhancements

ActiveServer v1.1.0

[Release Date: 16/08/2019]

ChangeDescription
[#151] EnhancementAdded functionality to import CA certificate chain during client/server certificate installation if included in certificate
[#152] EnhancementAdded functionality to specify a separate PReq endpoint if DS provider requires this setup
[#371] FixFixed a bug causing the administration interface session timeout not to work, this setting is now in the configuration properties
[#425] ChangeChanged audit log reports to better show what values have been changed
[#447] EnhancementRReq and RRes messages are now shown on Transaction Details page
[#461] EnhancementAdded support for PostgreSQL type databases
[#483] EnhancementAdded timed logs for auth API messages for debug log level
[#487] EnhancementAdded functionality to override the 3DS Server reference number when performing Mastercard compliance testing
[#488] EnhancementRedesigned the DS Certificate page to more easily manage CSRs as well as streamlining buttons
[#493] ChangeDefault Test Merchant is no longer able to be deleted, as it is used for test purposes
[#497] EnhancementAdded support for DB2 type databases
[#499] EnhancementCommon name of DS CSRs will now be pre-filled if 3DS Server URL is available
[#505] ChangeWhen browser info collecting or the 3DS method is skipped, actual error message with required fields missing is now shown
[#508] EnhancementAdded ECI value to be shown on Transaction Details page
[#516] ChangeChanged error message on login page to eliminate risk of username enumeration
[#520] ChangeChanged the moment.js file to be loaded locally rather than from an external CDN
OtherMinor bug fixes, performance and security enhancements

ActiveServer v1.0.5

[Release Date: 04/07/2019]

ChangeDescription
[#322] FixFixed issue that could cause times and dates on administration interface to not display in users local time zone (set from user profile)
[#378] EnhancementAdded functionality to download CA certificate bundle from merchant details page
[#401] ChangeFor new installations, changed the default system keystore filename pattern to be as_sys_"randomUUID.jks"
[#402] FixFixed issue causing "3DS Server Transaction ID", "Min purchase amount", "Max purchase amount" not to display correct transaction search results
[#412] FixFixed issue causing a user to not lock after exceeding maximum password attempts
[#422] FixFixed issue causing incorrect value to be displayed for Directory Servers > Settings > HTTPS callback port
[#428] ChangeUpdated /api/v1/auth/3ri auth API request to require a {messageCategory}
[#433] ChangeRemoved .html suffix from all pages
[#446] EnhancementImproved error messages for invalid values on merchant details page
[#448] EnhancementImproved logic and error handling for importing Directory Server certificates
[#449] EnhancementChanged system labels for improved readability - Directory Server > Settings > 3DS Server URL (previously External URL), Directory Server > Settings > HTTP listening port (previously HTTPS callback port), Settings > 3DS2 > API URL (previously Auth API URL)
OtherMinor bug fixes, performance and security enhancements

ActiveServer v1.0.4

[Release Date: 31/05/2019]

ChangeDescription
[#386] FixFixed an issue that could cause an error during the activation process when a HSM is being used
[#390] EnhancementAdded functionality to change the HSM PIN via the Settings > Security page
[#380] EnhancementAdded Amazon Aurora MySQL 5.7 to compatible databases

ActiveServer v1.0.3

[Release Date: 27/05/2019]

ChangeDescription
[#376] ChangeUpdated enrol API response to provide result enumeration as 00 or 01 values
[#379] FixFixed issue that could cause dashboard historical data not to display
[#380] FixFixed issue causing merchants with old DS enum values to show an error when accessed

ActiveServer v1.0.2

[Release Date: 24/05/2019]

ChangeDescription
Database SupportAdded support for MSSQL Server 2017
[#301] EnhancementUpdated the Admin API endpoints to use .x509 authentication
[#349] ChangeChanged log file format from as.dd-mm-yyyy.log to as.yyyy-mm-dd.log and to be stored in base logs folder
[#356] ChangeChanged default values for DS ports in application-prod.properties to be in the 9600 range
[#368] FixFixed issue that was causing enrol API to return an Internal Server Error
[#373] EnhancementAdded CA certificate download to User Profile page to be used with API requests

ActiveServer v1.0.1

[Release Date: 17/05/2019]

ChangeDescription
[#326] FixFixed issue causing side menu to load slowly on some browsers
[#327] FixFixed compatibility issue when using Oracle DB
[#328] ChangeAdded acsReferenceNumber to the AuthResponseApp API
OtherMinor bug fixes, performance and security enhancements

ActiveServer v1.0.0

[Release Date: 09/05/2019]

ChangeDescription
ReleaseInitial release