Release notes
ActiveServer v1.3.2¶
[Release Date: 30/03/20]
| Change | Description |
|---|---|
| [#619] Enhancement | Optimised the loading performance of the Directory Server settings and certificate pages |
| [#771] Enhancement | Enhanced the port checking process to be more flexible when X-forwarded headers are used in a load balancing setup |
| [#774] Enhancement | Added encryption for the Authentication Value stored in the database which is provided as proof of authentication |
| [#781] Enhancement | Security enhancements added to harden Admin API calls against intrusion |
| [#799] Enhancement | Added a connection test for KMS on startup, which will throw an error if KMS is not initialised correctly |
| [#801] Fix | Fixed an issue that that could return an error during an API v2 enrol request, as well as adding log output's for API enrol requests |
| Other | Minor bug fixes, performance and security enhancements |
ActiveServer v1.3.1¶
[Release Date: 18/03/20]
| Change | Description |
|---|---|
| [#468] Enhancement | Enhanced the security for the setup wizard |
| [#664] Enhancement | Added support for disabling logging output to local files |
| [#718] Fix | Fixed an error that occurred when using a Purchase Amount to search for a transaction report |
| [#735] Fix | Fixed an error that occurred when the optional purchaseCurrency field was not provided in Auth API v2 payment (PA) transactions |
| [#736] Fix | Fixed an issue with merchant name overriding in Auth API v2 for 3RI channel authentications |
| [#747] Enhancement | Added the dsReferenceNumber and acsReferenceNumber to the /api/v2/brw/result and /api/v2/app/result API responses |
| [#753] Enhancement | Added support for additional HTTP status codes to be returned in the Auth API error responses |
| [#754] Enhancement | Added URL input validation for the External URL, API URL, Admin URL and 3DS Server URLs, so that they can no longer include additional path's or query strings |
| Other | Minor bug fixes, performance and security enhancements |
ActiveServer v1.3.0¶
[Release Date: 07/02/20]
| Change | Description |
|---|---|
| [#347] Enhancement | Added support for using AWS KMS as an encryption type |
| [#375] Fix | Fixed an issue that potentially allowed unauthorised access to the login page via the Admin API |
| [#589] Enhancement | Added a new optional field (addrMatch) to the Auth API v1, allowing the user to specify if the cardholder billing and shipping addresses match |
| [#621] Enhancement | Added support for the PRes cache to handle up to 19 digit PANs when calling the /enrol API |
| [#637] Enhancement | Improved keystore handling process to prevent potential conflicts |
| [#639] Enhancement | Added v2 of the authentication API, including changes to PAN storage and encryption keys - full PAN is no longer stored, only a truncated version for v2 transactions |
| [#642] Enhancement | Improved error handling for HTTP 302 redirections on administration interface |
| [#644] Enhancement | Improved the performance of the PReq message process for card range caching |
| [#652] Change | Authentication Value provided as the proof of authentication is now only stored for 7 days, after which it is masked |
| [#656] Enhancement | Added support for specifying the folder for log file collection |
| [#657] Fix | Fixed an issue that could cause transaction processing to stop when no threeDSMethodData was received |
| [#660] Enhancement | Improved performance for database connection pool |
| [#679] Change | PANs in the system now show the first 6 and last 4 digits, with the remaining digits being truncated and masked |
| [#682] Change | Changed the s3.bucket-name property path setting to be more flexible |
| Other | Minor bug fixes, performance and security enhancements |
ActiveServer v1.2.2¶
[Release Date: 21/11/19]
| Change | Description |
|---|---|
| [#167] Enhancement | Enhanced 3DS Method notification process to be more robust |
| [#627] Change | Changed security header policy to apply to both HTTP and HTTPS |
| [#628] Fix | Fixed an issue with content security policy header for administration UI |
| [#629] Fix | Fixed an issue with message validation for field authenticationType |
ActiveServer v1.2.1¶
[Release Date: 15/11/19]
| Change | Description |
|---|---|
| [#584] Enhancement | Normalised HTTP response status for server requests |
| [#586] Enhancement | Added additional HTTP headers to enhance page security |
| [#616] Fix | Fixed an issue with currency code exponent for UAH (980) |
| [#617] Fix | Fixed an issue when searching for merchants using an acquirer BIN |
ActiveServer v1.2.0.1¶
[Release Date: 04/11/19]
| Change | Description |
|---|---|
| [#610] Fix | Fixed an issue with Oracle database initialisation |
ActiveServer v1.2.0¶
[Release Date: 01/11/19]
| Change | Description |
|---|---|
| [#293] Enhancement | Added the payTokenInd to Auth APIs to support the conditional EMVCo field EMV Payment Token Indicator |
| [#351] Change | Merchants must now be created or edited to have a unique combination of Merchant name and Merchant ID |
| [#404] Fix | Fixed an issue for users with a merchant role being unable to access dashboard |
| [#494] Change | Removed padding from Base64url encoding as per EMVCo bulletin |
| [#542] Enhancement | Added support for importing Merchant and Acquirer profiles from ActiveMerchant |
| [#546] Change | Purchase amount on transaction reports are now shown and searched for in major units rather than minor units |
| [#561] Enhancement | Improved indexing for database table performance |
| [#581] Enhancement | Added a warning dialogue to restart instance when a DS certificate is added |
| [#583] Enhancement | Added a new Admin URL setting to allow separate access to the administration interface |
| [#590] Enhancement | Improved the process of keystore initialisation during server startup |
| [#599] Change | Removed the global settings for Cache refresh interval, Preparation Response (PRes) timeout and Preparation Response (PRes) timeout. These settings can still be managed per card scheme on the DS settings page |
| Other | Minor bug fixes, performance and security enhancements |
ActiveServer v1.1.4¶
[Release Date: 27/09/19]
| Change | Description |
|---|---|
| [#559] Enhancement | Updating the External URL will now automatically update all 3DS Server URLs in the Directory Server settings if they have an empty value |
| [#579] Fix | Fixed database index errors that occurred during Mastercard automated compliance testing |
| Other | Minor bug fixes, performance and security enhancements |
ActiveServer v1.1.3¶
[Release Date: 20/09/19]
| Change | Description |
|---|---|
| [#573] Fix | Fixed an issue concerning key generation for certain HSMs |
| [#574] Enhancement | Added a confirmation dialogue when rotating keys |
| Other | Minor bug fixes, performance and security enhancements |
ActiveServer v1.1.2¶
[Release Date: 19/09/2019]
| Change | Description |
|---|---|
| [#383] Enhancement | The ActiveServer EULA is now accessed from the administration UI about page and has been removed from the release package |
| [#424] Change | Managing Acquirer BINs via the Admin API now uses string values rather than UUID's of Acquirers in the system. As such, the Acquirer Admin API endpoints have been removed. The administration UI now takes either an existing Acquirer BIN or a value can be entered |
| [#450] Change | Setting the admin.port now restricts all administration interface UI requests to that port number |
| [#507] Enhancement | Added dsTransID and messageVersion to API responses for BRW, APP and 3RI channels |
| [#519] Enhancement | Added a Master Auth API client certificate which can be used to authenticate on behalf of any merchant in the system |
| [#547] Enhancement | Added additional warning dialogues for users when there is a possibility of overriding existing private keys on Directory Server certificate page |
| [#548] Enhancement | Added a new challenge status API endpoint (/api/v1/auth/challenge/status), allowing the 3DS Requestor to optionally provide a cancel reason when cancelling a challenge request |
| [#552] Enhancement | Enhanced the performance of installation wizard |
| [#555] Change | Changed a listener port opened by ActiveServer to be internally used only |
| [#557] Change | Removed the CRes and ACS Method timeout settings as they correspond to 3DS SDK timeouts |
| [#560] Change | Changed the Admin API endpoints for Merchants (certificate export/revoke and key rotate) and removed unused parameters from request and responses. Also removed the Admin API endpoints for settings |
| [#565] Fix | Fixed an issue where a user was able to exceed the session failed attempts amount |
| [#569] Fix | Fixed an issue causing the PReq not to be sent if the PReq value was not set in Directory Server settings |
| Other | Minor bug fixes, performance and security enhancements |
ActiveServer v1.1.1¶
[Release Date: 30/08/2019]
| Change | Description |
|---|---|
| [#509] Enhancement | Added a new monitoring endpoint for timing out non-completed transactions to support 3DS Requestor sample code v1.1 |
| [#537] Enhancement | Added an optional merchant name field to authentication APIs to allow the merchant name in a merchant profile to be overridden |
| [#541] Enhancement | Added sample database connector settings to application-prod.properties for DB2 and PostgreSQL |
| Other | Minor bug fixes, performance and security enhancements |
ActiveServer v1.1.0¶
[Release Date: 16/08/2019]
| Change | Description |
|---|---|
| [#151] Enhancement | Added functionality to import CA certificate chain during client/server certificate installation if included in certificate |
| [#152] Enhancement | Added functionality to specify a separate PReq endpoint if DS provider requires this setup |
| [#371] Fix | Fixed a bug causing the administration interface session timeout not to work, this setting is now in the configuration properties |
| [#425] Change | Changed audit log reports to better show what values have been changed |
| [#447] Enhancement | RReq and RRes messages are now shown on Transaction Details page |
| [#461] Enhancement | Added support for PostgreSQL type databases |
| [#483] Enhancement | Added timed logs for auth API messages for debug log level |
| [#487] Enhancement | Added functionality to override the 3DS Server reference number when performing Mastercard compliance testing |
| [#488] Enhancement | Redesigned the DS Certificate page to more easily manage CSRs as well as streamlining buttons |
| [#493] Change | Default Test Merchant is no longer able to be deleted, as it is used for test purposes |
| [#497] Enhancement | Added support for DB2 type databases |
| [#499] Enhancement | Common name of DS CSRs will now be pre-filled if 3DS Server URL is available |
| [#505] Change | When browser info collecting or the 3DS method is skipped, actual error message with required fields missing is now shown |
| [#508] Enhancement | Added ECI value to be shown on Transaction Details page |
| [#516] Change | Changed error message on login page to eliminate risk of username enumeration |
| [#520] Change | Changed the moment.js file to be loaded locally rather than from an external CDN |
| Other | Minor bug fixes, performance and security enhancements |
ActiveServer v1.0.5¶
[Release Date: 04/07/2019]
| Change | Description |
|---|---|
| [#322] Fix | Fixed issue that could cause times and dates on administration interface to not display in users local time zone (set from user profile) |
| [#378] Enhancement | Added functionality to download CA certificate bundle from merchant details page |
| [#401] Change | For new installations, changed the default system keystore filename pattern to be as_sys_"randomUUID.jks" |
| [#402] Fix | Fixed issue causing "3DS Server Transaction ID", "Min purchase amount", "Max purchase amount" not to display correct transaction search results |
| [#412] Fix | Fixed issue causing a user to not lock after exceeding maximum password attempts |
| [#422] Fix | Fixed issue causing incorrect value to be displayed for Directory Servers > Settings > HTTPS callback port |
| [#428] Change | Updated /api/v1/auth/3ri auth API request to require a {messageCategory} |
| [#433] Change | Removed .html suffix from all pages |
| [#446] Enhancement | Improved error messages for invalid values on merchant details page |
| [#448] Enhancement | Improved logic and error handling for importing Directory Server certificates |
| [#449] Enhancement | Changed system labels for improved readability - Directory Server > Settings > 3DS Server URL (previously External URL), Directory Server > Settings > HTTP listening port (previously HTTPS callback port), Settings > 3DS2 > API URL (previously Auth API URL) |
| Other | Minor bug fixes, performance and security enhancements |
ActiveServer v1.0.4¶
[Release Date: 31/05/2019]
| Change | Description |
|---|---|
| [#386] Fix | Fixed an issue that could cause an error during the activation process when a HSM is being used |
| [#390] Enhancement | Added functionality to change the HSM PIN via the Settings > Security page |
| [#380] Enhancement | Added Amazon Aurora MySQL 5.7 to compatible databases |
ActiveServer v1.0.3¶
[Release Date: 27/05/2019]
| Change | Description |
|---|---|
| [#376] Change | Updated enrol API response to provide result enumeration as 00 or 01 values |
| [#379] Fix | Fixed issue that could cause dashboard historical data not to display |
| [#380] Fix | Fixed issue causing merchants with old DS enum values to show an error when accessed |
ActiveServer v1.0.2¶
[Release Date: 24/05/2019]
| Change | Description |
|---|---|
| Database Support | Added support for MSSQL Server 2017 |
| [#301] Enhancement | Updated the Admin API endpoints to use .x509 authentication |
| [#349] Change | Changed log file format from as.dd-mm-yyyy.log to as.yyyy-mm-dd.log and to be stored in base logs folder |
| [#356] Change | Changed default values for DS ports in application-prod.properties to be in the 9600 range |
| [#368] Fix | Fixed issue that was causing enrol API to return an Internal Server Error |
| [#373] Enhancement | Added CA certificate download to User Profile page to be used with API requests |
ActiveServer v1.0.1¶
[Release Date: 17/05/2019]
| Change | Description |
|---|---|
| [#326] Fix | Fixed issue causing side menu to load slowly on some browsers |
| [#327] Fix | Fixed compatibility issue when using Oracle DB |
| [#328] Change | Added acsReferenceNumber to the AuthResponseApp API |
| Other | Minor bug fixes, performance and security enhancements |
ActiveServer v1.0.0¶
[Release Date: 09/05/2019]
| Change | Description |
|---|---|
| Release | Initial release |