Release notes
ActiveServer v2.0.20¶
[Release Date: 27/02/24]
Change | Description |
---|---|
[#2880] | Added functionality to enable message content logs |
[#2908] | Added new param includeTotalElements to the API endpoint /api/v1/admin/trans |
[#2921] | Fixed an issue with PRes validation when dsEndProtocolVersion is 2.3.1 |
Other | Minor bug fixes, performance, and security enhancements |
ActiveServer v2.0.19¶
[Release Date: 16/11/23]
Change | Description |
---|---|
[#2142] | Added support for mandatory password for when exporting DS certificates |
[#2659] | Enhanced error logs |
[#2664] | Enhanced Transaction page in Admin UI |
[#2721] | Enhanced RReq waiting strategy |
[#2750] | Enhanced Archiving utility |
[#2788] | Enhanced browser collection to send IPv6 in an uncompressed format |
[#2805] | Enhanced merchant API validation |
Other | Minor bug fixes, performance, and security enhancements |
ActiveServer v2.0.18¶
[Release Date: 21/08/23]
Change | Description |
---|---|
Other | Minor bug fixes, performance, and security enhancements |
ActiveServer v2.0.17¶
[Release Date: 03/08/23]
Change | Description |
---|---|
[#2505] | Added Archiving utility |
[#2556] | Added new Admin API |
Other | Minor bug fixes, performance, and security enhancements |
ActiveServer v2.0.16¶
[Release Date: 06/06/23]
Change | Description |
---|---|
[#2600] | Fixed an issue in the Dashboard, where the leftmost digits of a large number on the y-axis are cut off on a small display |
[#2602] | Enhance usage uploading |
Other | Minor bug fixes, performance, and security enhancements |
ActiveServer v2.0.15.1¶
[Release Date: 27/04/23]
Change | Description |
---|---|
[#2522] | Updated login form with "autocomplete=off" |
Other | Minor bug fixes, performance, and security enhancements |
ActiveServer v2.0.15¶
[Release Date: 20/03/23]
Change | Description |
---|---|
[#2308] | Updated the password email template |
[#2327] | Fixed an issue with the Merchant profile page where card scheme information was not removed |
[#2446] | Added Mastercard Test Platform support |
[#2454] | Enhanced the Usage Uploading process |
[#2480] | Fixed an issue that caused HTTP connection errors |
[#2520] | Fixed an indexing issue that caused a latency during authentication value masking |
[#2522] | Disabled Autocomplete in the login page |
Other | Minor bug fixes, performance, and security enhancements |
ActiveServer v2.0.14¶
[Release Date: 16/12/22]
Change | Description |
---|---|
[#2380] | Fixed issue with account validation for Auth API and Admin API |
Other | Minor bug fixes, performance, and security enhancements |
ActiveServer v2.0.13¶
[Release Date: 01/12/22]
Change | Description |
---|---|
[#2359] | Further optimisation for usage uploading process |
[#2337] | Improved HTTP connection process when connecting to the DS |
ActiveServer v2.0.12¶
[Release Date: 07/11/22]
Change | Description |
---|---|
[#2311] | Optimised usage uploading to handle the accumulation of pending transactions |
ActiveServer v2.0.11¶
[Release Date: 18/10/22]
Change | Description |
---|---|
[#2004] | New API parameter - resolvedCardScheme |
[#1797] | Optimised the DB query logic for Mastercard |
[#2154] | Update merchant dropdown to search box in Admin UI - Dashboard |
[#2161] | Updated result API error message if the RReq is not received |
[#2163] | Added a waiting period for the RReq as some ACSs may not follow the EMV protocol and will send the final CRes before receiving the RRes |
[#2188] | Introduced Second Level Card Range Cache deployment option to Sidecar node |
[#2211] | Resolved JDK high CPU usage |
[#2224] | Update ActiveServer Testlabs profile to use the new Testlabs URL |
[#2269] | Fixed a locking issue on the card range data |
ActiveServer v2.0.10¶
[Release Date: 28/07/22]
Change | Description |
---|---|
[#2159] | Fixed an issue introduced in AS v2.0.9 where an unmasked PAN could be shown in the logs when there is a request to get card range data |
ActiveServer v2.0.9¶
[Release Date: 18/07/22]
Change | Description |
---|---|
[#392] | Update JDBC drivers, and removed SQLServer 2008 R2 as a supported database and added support for SQLServer 2019 |
[#570] | Added challenge completion rate to the dashboard in Admin UI |
[#1981] | Enhanced the data scanner and DB IO |
[#2093] | Added Merchant ID and Merchant Name override to each card scheme row in Merchant Profile |
[#2104] | Fixed a rendering issue in the Transaction Request/Response section of the Admin UI |
Other | Minor bug fixes, requestor code update, performance, and security enhancements |
ActiveServer v2.0.8¶
[Release Date: 14/04/22]
Change | Description |
---|---|
[#1830] | Added extra metadata for the client certificate bundle |
[#1897] | Performance and memory usage enhancements for large card range updates from the DS |
[#1911] | Frontrunner/Sidecar deployment options for ActiveServer instance |
[#1931] | Enhancement of reading process of PReq/PRes when it is displayed in the Admin UI |
[#1939] | Return threeDSRequestorTransID when the auth/brw/result is called |
[#1945] | Optimised card range query for the init Auth API |
[#1946] | Optimised AS usage processing and memory usage under high work load |
[#1949] | Enhancement of Admin UI security |
Other | Minor bug fixes, performance, and security enhancements |
ActiveServer v2.0.7¶
[Release Date: 01/03/22]
Change | Description |
---|---|
[#1717] | Enhancement of ActiveServer to allow the requestor to do browser collection and provide the data |
[#1826] | Enhancement of Create new Merchant API |
Other | Minor bug fixes, performance, requestor and security enhancements |
ActiveServer v2.0.6.2¶
[Release Date: 19/01/22]
Change | Description |
---|---|
[#1819] | Added a warning message to when a user is deleted |
ActiveServer v2.0.6.1¶
[Release Date: 15/12/21]
Change | Description |
---|---|
[#1793] | Fixed an issue where a user was unable to set a new user’s password |
ActiveServer v2.0.6¶
[Release Date: 07/12/21]
Change | Description |
---|---|
[#142] | Enhancement of Auth Error Response |
[#1562] | Added support for 3DS1 transaction query |
[#1622] | Added “Incomplete (E)” to the Additional Information - Transactions section at the bottom of the Dashboard view. It represents transactions that were not completed for any reason. |
[#1638] | Enhancement of transactions loading in dashboard view |
[#1641] | Enhancement of browser collection |
[#1661] | monUrl to include scenario where 3DSMethodUrl is not available |
[#1669] | Updated documentation description for trans-type field |
[#1670] | Enhancement to support BrowserIP field collection |
[#1676] | Remove payTokenInd from API document |
[#1694] | Introduced new fields to Enrol API to support co-branding and improve query |
[#1695] | Processing and handling of a “null” PRes field |
[#1719] | Improved browserInfo to account for scenarios where the values are empty |
[#1733] | Fixed formatting error in messageCategory in 3RI API document |
[#1743] | Improved Admin UI activation URL |
[#1765] | Scheduled card cache to exclude disabled card schemes |
Other | Minor bug fixes, performance and security enhancements |
ActiveServer v2.0.5¶
[Release Date: 21/09/21]
Change | Description |
---|---|
[#1517] | Added the Message Version, Device Channel and 3DS Requestor TransID filters to the Transaction report page on the Admin UI |
[#1534] | Changed the Dashboard page on the Admin UI to automatically hide card schemes from the statistics if there are no transactions for the specified date range |
[#1536] | Updated the merchant details page on the Admin UI by separating the details and certificates into tabs |
[#1546] | Improved the 3DS Method handling process for when the DS sends a 3DS Method Notification message too close to the 3DS Method time-out time |
[#1554] | Changed the "PAN not enrolled" log message from ERROR to WARN |
[#1555] | Fixed an issue where the errorDetail was sometimes not returned in the 3DS error message |
[#1559] | Fixed an issue with purchaseDate field not being sent for Mastercard NPA AAV refresh transactions |
[#1564] | Fixed an issue with the purchaseAmount field conversion for 3DS1 SaaS transactions |
[#1573] | Fixed an issue with the disable local file output logging setting |
[#1581] | Enhanced the BrowserInfo collection process to round the BrowserTZ to a whole number when a decimal is returned from an old browser |
[#1586] | Removed the "New merchant" button on the Admin UI for the Merchant Admin user role |
[#1589] | Removed the priorTransID field from the Auth API requests. It has been replaced with the priorAuthenticationInfo field object, which allows the user to specify prior transaction data required for a transaction |
[#1590] | Added a UTC toggle to the Dashboard page on the Admin UI to show transactions in UTC rather than the users time-zone |
[#1591] | Fixed an issue with the key exchange process for the Data Encryption utility |
[#1609] | Improved the PRes proccessing memory allocation handling for large file updates |
[#1616] | Changed the log level for "invalid field data for masking messageExtension, type ArrayList" from error to trace |
Other | Minor bug fixes, performance and security enhancements |
ActiveServer v2.0.4¶
[Release Date: 02/07/21]
Change | Description |
---|---|
[#1410] | Added support for ActiveServer to send 3DS1 authentication requests (SaaS clients only) through a new API endpoint /auth/3ds1. Please contact GPayments if you are a SaaS client interested in enabling this functionality for your service |
[#1425] | Added a new field to the /brw API request, forceMessageVersion, which will force ActiveServer to use the value specified in messageVersion even if the ACS card range does not support that 3DS version |
[#1426] | Added a new field to the /brw and /brw/result API responses, amexDsTransID, which will provide the DS Transaction ID in a converted format according to AMEX specifications. This is provided in addition to the existing dsTransID field |
[#1432] | Added a new event, 3DSMethodHasError, which will be returned if the ACS incorrectly attempts to send a 3DS Method notification after the time-out period has elapsed. This event is only for additional logging/troubleshooting purposes and the 3DS requestor can still continue with authentication when they receive the InitAuthTimedOut event, further explanation is provided in the API documentation |
[#1439] | Changed the automatically generated password when downloading certificate files to no longer include special characters. From now on only alphanumeric characters will be used, this does not affect existing certificate files |
[#1447] | Fixed an issue with concurrent updates which could cause an "Invalid PAN" in some occasions |
[#1449] | Fixed an issue causing browser information collection to occasionally fail |
[#1450] | Fixed an issue with the Transaction report page on the administration UI not showing all challenge transactions when the "Challenge (C)" filter is used |
[#1459] | Changed the browserLanguage field validation to truncate the provided browserLanguage rather than throw an error if it is longer than the EMV mandated 8 characters |
[#1491] | Fixed an issue where purchaseAmount would not be provided for Mastercard 2.1.0 3RI NPA transactions |
[#1492] | Changed the threeDSServerCallbackUrl parameter concatenation to three underscores ("___") to be more compatible with certain ACS vendors |
[#1493] | Improved the card range identification process to better avoid card range overlaps between UnionPay and other card schemes |
Other | Minor bug fixes, performance and security enhancements |
ActiveServer v2.0.3¶
[Release Date: 11/05/21]
Change | Description |
---|---|
[#883] | Added functionality to support migrating merchants from ActiveMerchant to ActiveServer SaaS |
[#1351] | Added functionality for overriding merchant information (Acquirer BIN, 3DS Requestor ID, 3DS Requestor Name and Merchant Category Code) in the /auth/brw request. This feature first must be enabled by a security admin on the Admin UI settings |
[#1390] | Added functionality to disable merchantId checking for the /enrol request. This feature must first be enabled by a security admin on the Admin UI settings |
[#1394] | Fixed an issue with settings page always asking to save changes |
[#1399] | Improved the error handling process for callback pages |
[#1406] | Updated the /auth/brw request to longer require the threeDSRequestorTransId field |
[#1408] | Added additional logging for troubleshooting authentication requests |
[#1409] | Fixed an issue for a Visa 3RI NPA 2.2.0 compliance test case |
[#1412] | Updated the transaction report page on the Admin UI to show the RReq status for Decoupled transactions |
[#1414] | Changed the 3DS version downgrade logic to no longer downgrade a transaction from v2.2.0 to v2.1.0 if 2.2.0 is specified and no card range is found |
Other | Minor bug fixes, performance and security enhancements |
ActiveServer v2.0.2¶
[Release Date: 01/04/21]
Change | Description |
---|---|
[#1282] | Added support for additional characters to be used for Merchant Name and 3DS Requestor Name fields |
[#1284] | Removed strict validation checking for billAddrCountry and billAddrState in the /brw API |
[#1285] | Improved the error message response for the calling /brw API if the transaction has already finished |
[#1289] | Added GC statistics (e.g. used/max memory, gc pause avg value, heap size) to the log entry when the Auth API is called |
[#1296] | Fixed issues with Mastercard IDC 2.2.0 compliance testing |
[#1298] | Enhanced the logging for the eventCallbackUrl notification and browser information collecting |
[#1299] | Added Mastercard support for the Message Category field values 85(PVPA) and 86(PVNPA) |
[#1302] | Updated Javascript libraries to their latest available version |
[#1303] | Enhanced the security for lost password reset mechanism |
[#1305] | Removed database entries in the key_reg table for keys that are no longer used after migrating to APIv2 |
[#1319] | Further optimised the performance for the merchant cache update |
[#1328] | Improved handling of browserIP during browser information collecting |
[#1333] | Improved the distributed locking process for usage uploading and PReq processes |
[#1352] | Fixed an issue preventing Croatia appearing in the Merchant Country field on the Admin UI |
[#1356] | AuthResultReady event is now returned to the 3DS Requestor instead of an error page in case the second final CRes is submitted from the browser after the challenge timeout. No code changes are required for the 3DS Requestor |
[#1359] | Changed the HTTP status error code to 415 (Unsupported Media Type) to return to the DS when Content-Type that is not application/json is sent from the DS in the RReq process |
[#1373] | Fixed an issue where an unmasked PAN could be shown in the logs when the PAN did not fit into a card range |
[#1377] | Finished compliance testing with UnionPay International, the CUP DS Profile has now been enabled and CUP transactions can now be performed |
Other | Minor bug fixes, performance and security enhancements |
ActiveServer v2.0.1¶
[Release Date: 01/02/21]
Change | Description |
---|---|
[#1086] | Added TestLabs logos for TestLabs transactions on the transaction report page |
[#1154] | Added an API conversion utility to permanently disable APIv1 and convert all APIv1 transactions to APIv2 format |
[#1209] | Enhanced the security for the PAN validation process |
[#1214] | Fixed an issue with PKCS11 provider name mismatch for HSM's, causing the authentication value decryption to fail in a multi node environment |
[#1221] | Changed the default column size for TransMessage LOB for DB2 databases to 250M |
[#1229] | Enhanced the Browser IP header validation to support proxy IP's |
[#1277] | Added DS specific values for threeDSRequestorChallengeInd when the transStatus is I, and changed validations on date fields to accept a maximum date of 99991231 |
Other | Minor bug fixes, performance and security enhancements |
ActiveServer v2.0.0¶
[Release Date: 25/11/20]
Change | Description |
---|---|
EMV 2.2.0 | Added support for EMV 3DS v2.2.0, including: [#962]: Non-javascript BRW processing [#964]: Core 3DS 2.2.0 message validation, processing and verification [#965]: New authentication process, Decoupled Authentication [#966]: Updated PReq/PRes messaging to process additional 2.2.0 data fields [#974]: New messageVersion field in all v2 Auth APIs to allow merchants to specify desired 3DS Message Version for the transaction [#1111]: 3RI channel for PA transactions, including adding a new /auth/3ri/result endpoint to fetch the final RReq result [#1141]: New v2.2.0 specific fields added to API, marked as [From V2.2.0] in documentation |
[#833] | Added the messageExtension field to the v2 /brw API request so that merchants can support card scheme specific message extensions |
[#915] | Added the challengeCancel field to the v2 /brw/result API response to give merchants more information why a challenge request may have been cancelled |
[#1015] | Changed the v2 /auth/brw API to now require the transType field for Visa, according to Visa specifications |
[#1048] | Added the display of transaction Error messages to the transaction report screen if they are available |
[#1077] | Fixed an issue when sending ChallengeIndicator=82 to the Visa DS |
[#1092] | Added support for challengeWindowSize to the v2 /brw/init API request, which allows the merchant to specify dimensions for the challenge window to be displayed to the cardholder |
[#1097] | Improved the performance for messaging processing on large PRes data sets |
[#1139] | Transaction timestamps stored as UTC in the database were being time-zone converted by certain JDBC drivers. Although all timestamps were being re-converted and displayed correctly by ActiveServer on the UI and APIs, the database storage logic has been changed to store timestamps without conversion in the database for future transactions. A conversion will take place after upgrade to convert old transactions in the background in batches until all transactions are updated. |
[#1049] | To support 3DS method time-outs or failure, monUrl will now post browser information to the callback url, allowing a merchant to continue with the authentication process |
[#1109] | The resultMonUrl field has been added in the BRW, APP and 3RI API responses for monitoring the results availability for decoupled authentication |
[#1150] | Updated the v2 Enrol API to return EMV 2.2 specific information, including the Supported Message Versions and ACS Information Indicator, which can be used by the merchant for additional transaction processing logic |
[#1167] | Changed the validation logic for merchant Acquirer BIN's to allow non-numeric values as well |
[#1171] | Added support for overriding the 3DS Server Reference number for each card scheme |
[#1175] | Fixed an issue with the 3DS Server transactionId not not being output in the log file for APP and 3RI transaction messages |
Other | Minor bug fixes, performance and security enhancements |
ActiveServer v1.4.0¶
[Release Date: 10/09/20]
Change | Description |
---|---|
[#904] Enhancement | Added extra log messages for licensing warnings |
[#928] Enhancement | Added preliminary support for UnionPay, including adding UnionPay to the Dashboard, DS profiles, Transaction reports, Merchant profiles and API providers. UnionPay functionality will be enabled for clients in a future release |
[#931] Enhancement | Enhanced the Merchant/Master Auth API and Admin API client certificates download procedure to automatically generate a strong password and an expiry date which is now included in the downloaded zip file |
[#938] Enhancement | Added universal message logging by TransactionID, log messages related to transactions now have the log format of [Transaction ID: <TransID>]: <Message> |
[#941] Enhancement | Added a new health check API /health to allow checking of system status |
[#959] Change | Updated the /trans admin API from GET to POST as clients using a proxy or load balancer may expose a PAN in their own system logs by accident |
[#976] Enhancement | The 3DS Server URL for TestLabs is now editable to allow customisation of the port number, however the domain must still match the External URL or API URL (if present) used during server activation |
[#984] Enhancement | Enhanced PRes processing to ignore card ranges that have an invalid 3DS Method URL and successfully process the remaining valid ranges |
[#986] Enhancement | Updated the cardholder email validation logic to accept uppercase lettering |
[#988] Fix | Fixed an issue that could cause the Download CSR and Delete CSR buttons on the DS Settings page to become unselectable |
[#991] Enhancement | Added support for EMV DS reserved message fields |
[#994] Fix | Fixed an issue where the MCC was not saved when it was edited on the administration UI |
[#997] Fix | Fixed an issue where the MCC and acquirerBIN were not set for NPA transactions |
[#1005] Change | Updated the error component field message handling to always use the value returned by the DS |
[#1008] Change | The purchaseCurrency field is no longer set to null when the threeDSRequestorAuthenticationInd is not 02 or 03, it is now set to the requestor provided value or populated from the merchants default currency |
[#1009] Enhancement | Enhanced performance and resource usage optimisation for underlying web container |
[#1014] Fix | Fixed an issue when adding an acquirer BIN that removed the preceding "0" characters from the start of the BIN |
[#1024] Fix | Fixed an issue that caused the "Last PReq status" to not update when switching card schemes on the administration UI |
[#1046] Enhancement | Updated the format of the threeDSMethodNotificationURL to be compatible with ACS's that incorrectly perform URL escaping |
[#1058] Enhancement | Improved the CRes error handling process |
[#1071] Change | Removed the masking from the cardholder expiry date field on the raw 3DS messages to be consistent with the rest of the system |
[#1074] Enhancement | Added additional masking to the cardholderEmail field for the initAuth API logs to be consistent with the rest of the system |
[#1075] Enhancement | Enhanced PRes card range lookup functionality for PRes data when identifying which DS the transaction should be sent to |
[#1076] Enhancement | Added batch update functionality for large PRes data files as well as improved node memory management during lengthy PRes update tasks |
[#1080] Enhancement | Added additional database indexing to improve the performance of transaction report queries on the administration UI |
Other | Minor bug fixes, performance and security enhancements |
ActiveServer v1.3.5¶
[Release Date: 26/06/20]
Change | Description |
---|---|
[#900] Enhancement | Added a Card range tab to each Directory Server settings page, which shows the last received PRes information, along with all the cached enrolled card ranges |
[#907] Fix | Fixed a UI issue where the Recurring Expiry and Recurring Frequency would not be shown on the transaction report screen |
[#913] Enhancement | Added an option to disable PReq sending per card scheme profile |
[#927] Enhancement | Added "Production" and "TestLabs" sub menus to the Directory Servers on the administration interface so they can be managed individually |
[#932] Fix | Fixed an concurrent user issue that could occur when resetting a user password |
[#942] Enhancement | Enhanced validation logic for validating URLs received in PRes messages |
[#944] Change | If a browserColorDepth value is presented outside of EMV protocol specifications, it will now be changed to the closest lower value rather than throw an error, based on EMV recommendations |
[#945] Enhancement | Added support for additional hash algorithms for certificate importing |
[#946] Enhancement | Enhanced the performance of PReq processing functions |
[#948] Enhancement | Added a DS profile override function that allows the server to be set up to only send API requests to a certain DS profile instead of using the API trans-type flag |
[#950] Enhancement | Enhanced certificate importing compatibility by removing the Extended Key Usage check |
Other | Minor bug fixes, performance and security enhancements |
ActiveServer v1.3.4¶
[Release Date: 26/05/20]
Change | Description |
---|---|
[#674] Enhancement | ActiveMerchant merchant migration function is now disabled when no database configuration has been set in the properties file |
[#868] Enhancement | Added a Transaction Type filter to the Transactions search on the admin UI and Transaction Type field to the /trans API for TestLab/Prod transaction filtering |
[#870] Enhancement | Added a Transaction Type filter to Dashboard on the admin UI for TestLab/Prod transaction filtering |
[#875] Fix | Fixed an issue with PReq sending to the TestLabs DS on multi node systems |
[#879] Fix | Fixed a startup error that occurred when AS_PROFILES was set to "test" |
[#880] Fix | Fixed a display error on the admin UI that sometimes occurred when selecting the DS settings certificate tab |
Other | Minor bug fixes, performance and security enhancements |
ActiveServer v1.3.3¶
[Release Date: 14/05/20]
Change | Description |
---|---|
[#397] Enhancement | Added support for using a proxy for usage uploading and Directory Server connections |
[#757] Enhancement | Added additional URL input validation by not allowing 127.0.0.1 to be used |
[#775] Enhancement | Added encryption for Authentication Value stored in the database for Auth API v2 transactions |
[#796] Fix | Fixed an issue where an invalid Acquirer BIN could cause a display error on the Admin UI |
[#803] Enhancement | Added support for AS to run using a read-only file system |
[#804] Change | Removed the warning from AS startup for the keystore not loading with keystore loading optimisation |
[#806] Enhancement | Admin UI can now only be accessed via a single browser session per individual user |
[#820] Enhancement | [TestLabs Support] Added an optional parameter to Auth API calls (?trans-type=prod) to distinguish production transactions from GPayments TestLabs transactions. TestLabs DS will be used by default if no parameter is provided |
[#823] Enhancement | [TestLabs Support] Added additional listening ports for the GPayments TestLabs directory server |
[#826] Enhancement | [TestLabs Support] Added internal DS profiles for the GPayments TestLabs. Production DS profiles can now be used for production card scheme settings. Existing GPayments certificates and URLs can be removed safely |
[#828] Enhancement | PReq message sending can now be disabled per card scheme by removing the Server URLs on the respective Directory Server settings page |
[#831] Change | Relaxed the validation for the notes section on the merchant profile by allowing additional characters to be used |
[#847] Enhancement | Improved the efficiency of the card range caching process |
[#854] Enhancement | Added support for AWS secrets manager configuration |
[#857] Enhancement | Updated the default application-prod.properties file with TestLabs DS ports, existing implementations will not be updated |
[#859] Fix | Fixed issue with /api/v2/auth/enrol API returning inconsistent error response when empty merchantId was provided |
[#865] Fix | Return error code ERROR_SAVE_TRANSACTION(1002) is now provided when a transaction fails to be saved |
Other | Minor bug fixes, performance and security enhancements |
ActiveServer v1.3.2¶
[Release Date: 30/03/20]
Change | Description |
---|---|
[#619] Enhancement | Optimised the loading performance of the Directory Server settings and certificate pages |
[#771] Enhancement | Enhanced the port checking process to be more flexible when X-forwarded headers are used in a load balancing setup |
[#774] Enhancement | Added encryption for the Authentication Value stored in the database which is provided as proof of authentication |
[#781] Enhancement | Security enhancements added to harden Admin API calls against intrusion |
[#799] Enhancement | Added a connection test for KMS on startup, which will throw an error if KMS is not initialised correctly |
[#801] Fix | Fixed an issue that that could return an error during an API v2 enrol request, as well as adding log output's for API enrol requests |
Other | Minor bug fixes, performance and security enhancements |
ActiveServer v1.3.1¶
[Release Date: 18/03/20]
Change | Description |
---|---|
[#468] Enhancement | Enhanced the security for the setup wizard |
[#664] Enhancement | Added support for disabling logging output to local files |
[#718] Fix | Fixed an error that occurred when using a Purchase Amount to search for a transaction report |
[#735] Fix | Fixed an error that occurred when the optional purchaseCurrency field was not provided in Auth API v2 payment (PA) transactions |
[#736] Fix | Fixed an issue with merchant name overriding in Auth API v2 for 3RI channel authentications |
[#747] Enhancement | Added the dsReferenceNumber and acsReferenceNumber to the /api/v2/brw/result and /api/v2/app/result API responses |
[#753] Enhancement | Added support for additional HTTP status codes to be returned in the Auth API error responses |
[#754] Enhancement | Added URL input validation for the External URL, API URL, Admin URL and 3DS Server URLs, so that they can no longer include additional path's or query strings |
Other | Minor bug fixes, performance and security enhancements |
ActiveServer v1.3.0¶
[Release Date: 07/02/20]
Change | Description |
---|---|
[#347] Enhancement | Added support for using AWS KMS as an encryption type |
[#375] Fix | Fixed an issue that potentially allowed unauthorised access to the login page via the Admin API |
[#589] Enhancement | Added a new optional field (addrMatch) to the Auth API v1, allowing the user to specify if the cardholder billing and shipping addresses match |
[#621] Enhancement | Added support for the PRes cache to handle up to 19 digit PANs when calling the /enrol API |
[#637] Enhancement | Improved keystore handling process to prevent potential conflicts |
[#639] Enhancement | Added v2 of the authentication API, including changes to PAN storage and encryption keys - full PAN is no longer stored, only a truncated version for v2 transactions |
[#642] Enhancement | Improved error handling for HTTP 302 redirections on administration interface |
[#644] Enhancement | Improved the performance of the PReq message process for card range caching |
[#652] Change | Authentication Value provided as the proof of authentication is now only stored for 7 days, after which it is masked |
[#656] Enhancement | Added support for specifying the folder for log file collection |
[#657] Fix | Fixed an issue that could cause transaction processing to stop when no threeDSMethodData was received |
[#660] Enhancement | Improved performance for database connection pool |
[#679] Change | PANs in the system now show the first 6 and last 4 digits, with the remaining digits being truncated and masked |
[#682] Change | Changed the s3.bucket-name property path setting to be more flexible |
Other | Minor bug fixes, performance and security enhancements |
ActiveServer v1.2.2¶
[Release Date: 21/11/19]
Change | Description |
---|---|
[#167] Enhancement | Enhanced 3DS Method notification process to be more robust |
[#627] Change | Changed security header policy to apply to both HTTP and HTTPS |
[#628] Fix | Fixed an issue with content security policy header for administration UI |
[#629] Fix | Fixed an issue with message validation for field authenticationType |
ActiveServer v1.2.1¶
[Release Date: 15/11/19]
Change | Description |
---|---|
[#584] Enhancement | Normalised HTTP response status for server requests |
[#586] Enhancement | Added additional HTTP headers to enhance page security |
[#616] Fix | Fixed an issue with currency code exponent for UAH (980) |
[#617] Fix | Fixed an issue when searching for merchants using an acquirer BIN |
ActiveServer v1.2.0.1¶
[Release Date: 04/11/19]
Change | Description |
---|---|
[#610] Fix | Fixed an issue with Oracle database initialisation |
ActiveServer v1.2.0¶
[Release Date: 01/11/19]
Change | Description |
---|---|
[#293] Enhancement | Added the payTokenInd to Auth APIs to support the conditional EMVCo field EMV Payment Token Indicator |
[#351] Change | Merchants must now be created or edited to have a unique combination of Merchant name and Merchant ID |
[#404] Fix | Fixed an issue for users with a merchant role being unable to access dashboard |
[#494] Change | Removed padding from Base64url encoding as per EMVCo bulletin |
[#542] Enhancement | Added support for importing Merchant and Acquirer profiles from ActiveMerchant |
[#546] Change | Purchase amount on transaction reports are now shown and searched for in major units rather than minor units |
[#561] Enhancement | Improved indexing for database table performance |
[#581] Enhancement | Added a warning dialogue to restart instance when a DS certificate is added |
[#583] Enhancement | Added a new Admin URL setting to allow separate access to the administration interface |
[#590] Enhancement | Improved the process of keystore initialisation during server startup |
[#599] Change | Removed the global settings for Cache refresh interval, Preparation Response (PRes) timeout and Preparation Response (PRes) timeout. These settings can still be managed per card scheme on the DS settings page |
Other | Minor bug fixes, performance and security enhancements |
ActiveServer v1.1.4¶
[Release Date: 27/09/19]
Change | Description |
---|---|
[#559] Enhancement | Updating the External URL will now automatically update all 3DS Server URLs in the Directory Server settings if they have an empty value |
[#579] Fix | Fixed database index errors that occurred during Mastercard automated compliance testing |
Other | Minor bug fixes, performance and security enhancements |
ActiveServer v1.1.3¶
[Release Date: 20/09/19]
Change | Description |
---|---|
[#573] Fix | Fixed an issue concerning key generation for certain HSMs |
[#574] Enhancement | Added a confirmation dialogue when rotating keys |
Other | Minor bug fixes, performance and security enhancements |
ActiveServer v1.1.2¶
[Release Date: 19/09/2019]
Change | Description |
---|---|
[#383] Enhancement | The ActiveServer EULA is now accessed from the administration UI about page and has been removed from the release package |
[#424] Change | Managing Acquirer BINs via the Admin API now uses string values rather than UUID's of Acquirers in the system. As such, the Acquirer Admin API endpoints have been removed. The administration UI now takes either an existing Acquirer BIN or a value can be entered |
[#450] Change | Setting the admin.port now restricts all administration interface UI requests to that port number |
[#507] Enhancement | Added dsTransID and messageVersion to API responses for BRW, APP and 3RI channels |
[#519] Enhancement | Added a Master Auth API client certificate which can be used to authenticate on behalf of any merchant in the system |
[#547] Enhancement | Added additional warning dialogues for users when there is a possibility of overriding existing private keys on Directory Server certificate page |
[#548] Enhancement | Added a new challenge status API endpoint (/api/v1/auth/challenge/status), allowing the 3DS Requestor to optionally provide a cancel reason when cancelling a challenge request |
[#552] Enhancement | Enhanced the performance of installation wizard |
[#555] Change | Changed a listener port opened by ActiveServer to be internally used only |
[#557] Change | Removed the CRes and ACS Method timeout settings as they correspond to 3DS SDK timeouts |
[#560] Change | Changed the Admin API endpoints for Merchants (certificate export/revoke and key rotate) and removed unused parameters from request and responses. Also removed the Admin API endpoints for settings |
[#565] Fix | Fixed an issue where a user was able to exceed the session failed attempts amount |
[#569] Fix | Fixed an issue causing the PReq not to be sent if the PReq value was not set in Directory Server settings |
Other | Minor bug fixes, performance and security enhancements |
ActiveServer v1.1.1¶
[Release Date: 30/08/2019]
Change | Description |
---|---|
[#509] Enhancement | Added a new monitoring endpoint for timing out non-completed transactions to support 3DS Requestor sample code v1.1 |
[#537] Enhancement | Added an optional merchant name field to authentication APIs to allow the merchant name in a merchant profile to be overridden |
[#541] Enhancement | Added sample database connector settings to application-prod.properties for DB2 and PostgreSQL |
Other | Minor bug fixes, performance and security enhancements |
ActiveServer v1.1.0¶
[Release Date: 16/08/2019]
Change | Description |
---|---|
[#151] Enhancement | Added functionality to import CA certificate chain during client/server certificate installation if included in certificate |
[#152] Enhancement | Added functionality to specify a separate PReq endpoint if DS provider requires this setup |
[#371] Fix | Fixed a bug causing the administration interface session timeout not to work, this setting is now in the configuration properties |
[#425] Change | Changed audit log reports to better show what values have been changed |
[#447] Enhancement | RReq and RRes messages are now shown on Transaction Details page |
[#461] Enhancement | Added support for PostgreSQL type databases |
[#483] Enhancement | Added timed logs for auth API messages for debug log level |
[#487] Enhancement | Added functionality to override the 3DS Server reference number when performing Mastercard compliance testing |
[#488] Enhancement | Redesigned the DS Certificate page to more easily manage CSRs as well as streamlining buttons |
[#493] Change | Default Test Merchant is no longer able to be deleted, as it is used for test purposes |
[#497] Enhancement | Added support for DB2 type databases |
[#499] Enhancement | Common name of DS CSRs will now be pre-filled if 3DS Server URL is available |
[#505] Change | When browser info collecting or the 3DS method is skipped, actual error message with required fields missing is now shown |
[#508] Enhancement | Added ECI value to be shown on Transaction Details page |
[#516] Change | Changed error message on login page to eliminate risk of username enumeration |
[#520] Change | Changed the moment.js file to be loaded locally rather than from an external CDN |
Other | Minor bug fixes, performance and security enhancements |
ActiveServer v1.0.5¶
[Release Date: 04/07/2019]
Change | Description |
---|---|
[#322] Fix | Fixed issue that could cause times and dates on administration interface to not display in users local time zone (set from user profile) |
[#378] Enhancement | Added functionality to download CA certificate bundle from merchant details page |
[#401] Change | For new installations, changed the default system keystore filename pattern to be as_sys_"randomUUID.jks" |
[#402] Fix | Fixed issue causing "3DS Server Transaction ID", "Min purchase amount", "Max purchase amount" not to display correct transaction search results |
[#412] Fix | Fixed issue causing a user to not lock after exceeding maximum password attempts |
[#422] Fix | Fixed issue causing incorrect value to be displayed for Directory Servers > Settings > HTTPS callback port |
[#428] Change | Updated /api/v1/auth/3ri auth API request to require a {messageCategory} |
[#433] Change | Removed .html suffix from all pages |
[#446] Enhancement | Improved error messages for invalid values on merchant details page |
[#448] Enhancement | Improved logic and error handling for importing Directory Server certificates |
[#449] Enhancement | Changed system labels for improved readability - Directory Server > Settings > 3DS Server URL (previously External URL), Directory Server > Settings > HTTP listening port (previously HTTPS callback port), Settings > 3DS2 > API URL (previously Auth API URL) |
Other | Minor bug fixes, performance and security enhancements |
ActiveServer v1.0.4¶
[Release Date: 31/05/2019]
Change | Description |
---|---|
[#386] Fix | Fixed an issue that could cause an error during the activation process when a HSM is being used |
[#390] Enhancement | Added functionality to change the HSM PIN via the Settings > Security page |
[#380] Enhancement | Added Amazon Aurora MySQL 5.7 to compatible databases |
ActiveServer v1.0.3¶
[Release Date: 27/05/2019]
Change | Description |
---|---|
[#376] Change | Updated enrol API response to provide result enumeration as 00 or 01 values |
[#379] Fix | Fixed issue that could cause dashboard historical data not to display |
[#380] Fix | Fixed issue causing merchants with old DS enum values to show an error when accessed |
ActiveServer v1.0.2¶
[Release Date: 24/05/2019]
Change | Description |
---|---|
Database Support | Added support for MSSQL Server 2017 |
[#301] Enhancement | Updated the Admin API endpoints to use .x509 authentication |
[#349] Change | Changed log file format from as.dd-mm-yyyy.log to as.yyyy-mm-dd.log and to be stored in base logs folder |
[#356] Change | Changed default values for DS ports in application-prod.properties to be in the 9600 range |
[#368] Fix | Fixed issue that was causing enrol API to return an Internal Server Error |
[#373] Enhancement | Added CA certificate download to User Profile page to be used with API requests |
ActiveServer v1.0.1¶
[Release Date: 17/05/2019]
Change | Description |
---|---|
[#326] Fix | Fixed issue causing side menu to load slowly on some browsers |
[#327] Fix | Fixed compatibility issue when using Oracle DB |
[#328] Change | Added acsReferenceNumber to the AuthResponseApp API |
Other | Minor bug fixes, performance and security enhancements |
ActiveServer v1.0.0¶
[Release Date: 09/05/2019]
Change | Description |
---|---|
Release | Initial release |