Skip to content

Release notes

ActiveServer v2.0.0

[Release Date: 25/11/20]

ChangeDescription
EMV 2.2.0Added support for EMV 3DS v2.2.0, including:
[#962]: Non-javascript BRW processing
[#964]: Core 3DS 2.2.0 message validation, processing and verification
[#965]: New authentication process, Decoupled Authentication
[#966]: Updated PReq/PRes messaging to process additional 2.2.0 data fields
[#974]: New messageVersion field in all v2 Auth APIs to allow merchants to specify desired 3DS Message Version for the transaction
[#1111]: 3RI channel for PA transactions, including adding a new /auth/3ri/result endpoint to fetch the final RReq result
[#1141]: New v2.2.0 specific fields added to API, marked as [From V2.2.0] in documentation
[#833]Added the messageExtension field to the v2 /brw API request so that merchants can support card scheme specific message extensions
[#915]Added the challengeCancel field to the v2 /brw/result API response to give merchants more information why a challenge request may have been cancelled
[#1015]Changed the v2 /auth/brw API to now require the transType field for Visa, according to Visa specifications
[#1048]Added the display of transaction Error messages to the transaction report screen if they are available
[#1077]Fixed an issue when sending ChallengeIndicator=82 to the Visa DS
[#1092]Added support for challengeWindowSize to the v2 /brw/init API request, which allows the merchant to specify dimensions for the challenge window to be displayed to the cardholder
[#1097]Improved the performance for messaging processing on large PRes data sets
[#1139]Transaction timestamps stored as UTC in the database were being time-zone converted by certain JDBC drivers. Although all timestamps were being re-converted and displayed correctly by ActiveServer on the UI and APIs, the database storage logic has been changed to store timestamps without conversion in the database for future transactions. A conversion will take place after upgrade to convert old transactions in the background in batches until all transactions are updated.
[#1049]To support 3DS method time-outs or failure, monUrl will now post browser information to the callback url, allowing a merchant to continue with the authentication process
[#1109]The resultMonUrl field has been added in the BRW, APP and 3RI API responses for monitoring the results availability for decoupled authentication
[#1150]Updated the v2 Enrol API to return EMV 2.2 specific information, including the Supported Message Versions and ACS Information Indicator, which can be used by the merchant for additional transaction processing logic
[#1167]Changed the validation logic for merchant Acquirer BIN's to allow non-numeric values as well
[#1171]Added support for overriding the 3DS Server Reference number for each card scheme
[#1175]Fixed an issue with the 3DS Server transactionId not not being output in the log file for APP and 3RI transaction messages
OtherMinor bug fixes, performance and security enhancements

ActiveServer v1.4.0

[Release Date: 10/09/20]

ChangeDescription
[#904] EnhancementAdded extra log messages for licensing warnings
[#928] EnhancementAdded preliminary support for UnionPay, including adding UnionPay to the Dashboard, DS profiles, Transaction reports, Merchant profiles and API providers. UnionPay functionality will be enabled for clients in a future release
[#931] EnhancementEnhanced the Merchant/Master Auth API and Admin API client certificates download procedure to automatically generate a strong password and an expiry date which is now included in the downloaded zip file
[#938] EnhancementAdded universal message logging by TransactionID, log messages related to transactions now have the log format of [Transaction ID: <TransID>]: <Message>
[#941] EnhancementAdded a new health check API /health to allow checking of system status
[#959] ChangeUpdated the /trans admin API from GET to POST as clients using a proxy or load balancer may expose a PAN in their own system logs by accident
[#976] EnhancementThe 3DS Server URL for TestLabs is now editable to allow customisation of the port number, however the domain must still match the External URL or API URL (if present) used during server activation
[#984] EnhancementEnhanced PRes processing to ignore card ranges that have an invalid 3DS Method URL and successfully process the remaining valid ranges
[#986] EnhancementUpdated the cardholder email validation logic to accept uppercase lettering
[#988] FixFixed an issue that could cause the Download CSR and Delete CSR buttons on the DS Settings page to become unselectable
[#991] EnhancementAdded support for EMV DS reserved message fields
[#994] FixFixed an issue where the MCC was not saved when it was edited on the administration UI
[#997] FixFixed an issue where the MCC and acquirerBIN were not set for NPA transactions
[#1005] ChangeUpdated the error component field message handling to always use the value returned by the DS
[#1008] ChangeThe purchaseCurrency field is no longer set to null when the threeDSRequestorAuthenticationInd is not 02 or 03, it is now set to the requestor provided value or populated from the merchants default currency
[#1009] EnhancementEnhanced performance and resource usage optimisation for underlying web container
[#1014] FixFixed an issue when adding an acquirer BIN that removed the preceding "0" characters from the start of the BIN
[#1024] FixFixed an issue that caused the "Last PReq status" to not update when switching card schemes on the administration UI
[#1046] EnhancementUpdated the format of the threeDSMethodNotificationURL to be compatible with ACS's that incorrectly perform URL escaping
[#1058] EnhancementImproved the CRes error handling process
[#1071] ChangeRemoved the masking from the cardholder expiry date field on the raw 3DS messages to be consistent with the rest of the system
[#1074] EnhancementAdded additional masking to the cardholderEmail field for the initAuth API logs to be consistent with the rest of the system
[#1075] EnhancementEnhanced PRes card range lookup functionality for PRes data when identifying which DS the transaction should be sent to
[#1076] EnhancementAdded batch update functionality for large PRes data files as well as improved node memory management during lengthy PRes update tasks
[#1080] EnhancementAdded additional database indexing to improve the performance of transaction report queries on the administration UI
OtherMinor bug fixes, performance and security enhancements

ActiveServer v1.3.5

[Release Date: 26/06/20]

ChangeDescription
[#900] EnhancementAdded a Card range tab to each Directory Server settings page, which shows the last received PRes information, along with all the cached enrolled card ranges
[#907] FixFixed a UI issue where the Recurring Expiry and Recurring Frequency would not be shown on the transaction report screen
[#913] EnhancementAdded an option to disable PReq sending per card scheme profile
[#927] EnhancementAdded "Production" and "TestLabs" sub menus to the Directory Servers on the administration interface so they can be managed individually
[#932] FixFixed an concurrent user issue that could occur when resetting a user password
[#942] EnhancementEnhanced validation logic for validating URLs received in PRes messages
[#944] ChangeIf a browserColorDepth value is presented outside of EMV protocol specifications, it will now be changed to the closest lower value rather than throw an error, based on EMV recommendations
[#945] EnhancementAdded support for additional hash algorithms for certificate importing
[#946] EnhancementEnhanced the performance of PReq processing functions
[#948] EnhancementAdded a DS profile override function that allows the server to be set up to only send API requests to a certain DS profile instead of using the API trans-type flag
[#950] EnhancementEnhanced certificate importing compatibility by removing the Extended Key Usage check
OtherMinor bug fixes, performance and security enhancements

ActiveServer v1.3.4

[Release Date: 26/05/20]

ChangeDescription
[#674] EnhancementActiveMerchant merchant migration function is now disabled when no database configuration has been set in the properties file
[#868] EnhancementAdded a Transaction Type filter to the Transactions search on the admin UI and Transaction Type field to the /trans API for TestLab/Prod transaction filtering
[#870] EnhancementAdded a Transaction Type filter to Dashboard on the admin UI for TestLab/Prod transaction filtering
[#875] FixFixed an issue with PReq sending to the TestLabs DS on multi node systems
[#879] FixFixed a startup error that occurred when AS_PROFILES was set to "test"
[#880] FixFixed a display error on the admin UI that sometimes occurred when selecting the DS settings certificate tab
OtherMinor bug fixes, performance and security enhancements

ActiveServer v1.3.3

[Release Date: 14/05/20]

ChangeDescription
[#397] EnhancementAdded support for using a proxy for usage uploading and Directory Server connections
[#757] EnhancementAdded additional URL input validation by not allowing 127.0.0.1 to be used
[#775] EnhancementAdded encryption for Authentication Value stored in the database for Auth API v2 transactions
[#796] FixFixed an issue where an invalid Acquirer BIN could cause a display error on the Admin UI
[#803] EnhancementAdded support for AS to run using a read-only file system
[#804] ChangeRemoved the warning from AS startup for the keystore not loading with keystore loading optimisation
[#806] EnhancementAdmin UI can now only be accessed via a single browser session per individual user
[#820] Enhancement[TestLabs Support] Added an optional parameter to Auth API calls (?trans-type=prod) to distinguish production transactions from GPayments TestLabs transactions. TestLabs DS will be used by default if no parameter is provided
[#823] Enhancement[TestLabs Support] Added additional listening ports for the GPayments TestLabs directory server
[#826] Enhancement[TestLabs Support] Added internal DS profiles for the GPayments TestLabs. Production DS profiles can now be used for production card scheme settings. Existing GPayments certificates and URLs can be removed safely
[#828] EnhancementPReq message sending can now be disabled per card scheme by removing the Server URLs on the respective Directory Server settings page
[#831] ChangeRelaxed the validation for the notes section on the merchant profile by allowing additional characters to be used
[#847] EnhancementImproved the efficiency of the card range caching process
[#854] EnhancementAdded support for AWS secrets manager configuration
[#857] EnhancementUpdated the default application-prod.properties file with TestLabs DS ports, existing implementations will not be updated
[#859] FixFixed issue with /api/v2/auth/enrol API returning inconsistent error response when empty merchantId was provided
[#865] FixReturn error code ERROR_SAVE_TRANSACTION(1002) is now provided when a transaction fails to be saved
OtherMinor bug fixes, performance and security enhancements

ActiveServer v1.3.2

[Release Date: 30/03/20]

ChangeDescription
[#619] EnhancementOptimised the loading performance of the Directory Server settings and certificate pages
[#771] EnhancementEnhanced the port checking process to be more flexible when X-forwarded headers are used in a load balancing setup
[#774] EnhancementAdded encryption for the Authentication Value stored in the database which is provided as proof of authentication
[#781] EnhancementSecurity enhancements added to harden Admin API calls against intrusion
[#799] EnhancementAdded a connection test for KMS on startup, which will throw an error if KMS is not initialised correctly
[#801] FixFixed an issue that that could return an error during an API v2 enrol request, as well as adding log output's for API enrol requests
OtherMinor bug fixes, performance and security enhancements

ActiveServer v1.3.1

[Release Date: 18/03/20]

ChangeDescription
[#468] EnhancementEnhanced the security for the setup wizard
[#664] EnhancementAdded support for disabling logging output to local files
[#718] FixFixed an error that occurred when using a Purchase Amount to search for a transaction report
[#735] FixFixed an error that occurred when the optional purchaseCurrency field was not provided in Auth API v2 payment (PA) transactions
[#736] FixFixed an issue with merchant name overriding in Auth API v2 for 3RI channel authentications
[#747] EnhancementAdded the dsReferenceNumber and acsReferenceNumber to the /api/v2/brw/result and /api/v2/app/result API responses
[#753] EnhancementAdded support for additional HTTP status codes to be returned in the Auth API error responses
[#754] EnhancementAdded URL input validation for the External URL, API URL, Admin URL and 3DS Server URLs, so that they can no longer include additional path's or query strings
OtherMinor bug fixes, performance and security enhancements

ActiveServer v1.3.0

[Release Date: 07/02/20]

ChangeDescription
[#347] EnhancementAdded support for using AWS KMS as an encryption type
[#375] FixFixed an issue that potentially allowed unauthorised access to the login page via the Admin API
[#589] EnhancementAdded a new optional field (addrMatch) to the Auth API v1, allowing the user to specify if the cardholder billing and shipping addresses match
[#621] EnhancementAdded support for the PRes cache to handle up to 19 digit PANs when calling the /enrol API
[#637] EnhancementImproved keystore handling process to prevent potential conflicts
[#639] EnhancementAdded v2 of the authentication API, including changes to PAN storage and encryption keys - full PAN is no longer stored, only a truncated version for v2 transactions
[#642] EnhancementImproved error handling for HTTP 302 redirections on administration interface
[#644] EnhancementImproved the performance of the PReq message process for card range caching
[#652] ChangeAuthentication Value provided as the proof of authentication is now only stored for 7 days, after which it is masked
[#656] EnhancementAdded support for specifying the folder for log file collection
[#657] FixFixed an issue that could cause transaction processing to stop when no threeDSMethodData was received
[#660] EnhancementImproved performance for database connection pool
[#679] ChangePANs in the system now show the first 6 and last 4 digits, with the remaining digits being truncated and masked
[#682] ChangeChanged the s3.bucket-name property path setting to be more flexible
OtherMinor bug fixes, performance and security enhancements

ActiveServer v1.2.2

[Release Date: 21/11/19]

ChangeDescription
[#167] EnhancementEnhanced 3DS Method notification process to be more robust
[#627] ChangeChanged security header policy to apply to both HTTP and HTTPS
[#628] FixFixed an issue with content security policy header for administration UI
[#629] FixFixed an issue with message validation for field authenticationType

ActiveServer v1.2.1

[Release Date: 15/11/19]

ChangeDescription
[#584] EnhancementNormalised HTTP response status for server requests
[#586] EnhancementAdded additional HTTP headers to enhance page security
[#616] FixFixed an issue with currency code exponent for UAH (980)
[#617] FixFixed an issue when searching for merchants using an acquirer BIN

ActiveServer v1.2.0.1

[Release Date: 04/11/19]

ChangeDescription
[#610] FixFixed an issue with Oracle database initialisation

ActiveServer v1.2.0

[Release Date: 01/11/19]

ChangeDescription
[#293] EnhancementAdded the payTokenInd to Auth APIs to support the conditional EMVCo field EMV Payment Token Indicator
[#351] ChangeMerchants must now be created or edited to have a unique combination of Merchant name and Merchant ID
[#404] FixFixed an issue for users with a merchant role being unable to access dashboard
[#494] ChangeRemoved padding from Base64url encoding as per EMVCo bulletin
[#542] EnhancementAdded support for importing Merchant and Acquirer profiles from ActiveMerchant
[#546] ChangePurchase amount on transaction reports are now shown and searched for in major units rather than minor units
[#561] EnhancementImproved indexing for database table performance
[#581] EnhancementAdded a warning dialogue to restart instance when a DS certificate is added
[#583] EnhancementAdded a new Admin URL setting to allow separate access to the administration interface
[#590] EnhancementImproved the process of keystore initialisation during server startup
[#599] ChangeRemoved the global settings for Cache refresh interval, Preparation Response (PRes) timeout and Preparation Response (PRes) timeout. These settings can still be managed per card scheme on the DS settings page
OtherMinor bug fixes, performance and security enhancements

ActiveServer v1.1.4

[Release Date: 27/09/19]

ChangeDescription
[#559] EnhancementUpdating the External URL will now automatically update all 3DS Server URLs in the Directory Server settings if they have an empty value
[#579] FixFixed database index errors that occurred during Mastercard automated compliance testing
OtherMinor bug fixes, performance and security enhancements

ActiveServer v1.1.3

[Release Date: 20/09/19]

ChangeDescription
[#573] FixFixed an issue concerning key generation for certain HSMs
[#574] EnhancementAdded a confirmation dialogue when rotating keys
OtherMinor bug fixes, performance and security enhancements

ActiveServer v1.1.2

[Release Date: 19/09/2019]

ChangeDescription
[#383] EnhancementThe ActiveServer EULA is now accessed from the administration UI about page and has been removed from the release package
[#424] ChangeManaging Acquirer BINs via the Admin API now uses string values rather than UUID's of Acquirers in the system. As such, the Acquirer Admin API endpoints have been removed. The administration UI now takes either an existing Acquirer BIN or a value can be entered
[#450] ChangeSetting the admin.port now restricts all administration interface UI requests to that port number
[#507] EnhancementAdded dsTransID and messageVersion to API responses for BRW, APP and 3RI channels
[#519] EnhancementAdded a Master Auth API client certificate which can be used to authenticate on behalf of any merchant in the system
[#547] EnhancementAdded additional warning dialogues for users when there is a possibility of overriding existing private keys on Directory Server certificate page
[#548] EnhancementAdded a new challenge status API endpoint (/api/v1/auth/challenge/status), allowing the 3DS Requestor to optionally provide a cancel reason when cancelling a challenge request
[#552] EnhancementEnhanced the performance of installation wizard
[#555] ChangeChanged a listener port opened by ActiveServer to be internally used only
[#557] ChangeRemoved the CRes and ACS Method timeout settings as they correspond to 3DS SDK timeouts
[#560] ChangeChanged the Admin API endpoints for Merchants (certificate export/revoke and key rotate) and removed unused parameters from request and responses. Also removed the Admin API endpoints for settings
[#565] FixFixed an issue where a user was able to exceed the session failed attempts amount
[#569] FixFixed an issue causing the PReq not to be sent if the PReq value was not set in Directory Server settings
OtherMinor bug fixes, performance and security enhancements

ActiveServer v1.1.1

[Release Date: 30/08/2019]

ChangeDescription
[#509] EnhancementAdded a new monitoring endpoint for timing out non-completed transactions to support 3DS Requestor sample code v1.1
[#537] EnhancementAdded an optional merchant name field to authentication APIs to allow the merchant name in a merchant profile to be overridden
[#541] EnhancementAdded sample database connector settings to application-prod.properties for DB2 and PostgreSQL
OtherMinor bug fixes, performance and security enhancements

ActiveServer v1.1.0

[Release Date: 16/08/2019]

ChangeDescription
[#151] EnhancementAdded functionality to import CA certificate chain during client/server certificate installation if included in certificate
[#152] EnhancementAdded functionality to specify a separate PReq endpoint if DS provider requires this setup
[#371] FixFixed a bug causing the administration interface session timeout not to work, this setting is now in the configuration properties
[#425] ChangeChanged audit log reports to better show what values have been changed
[#447] EnhancementRReq and RRes messages are now shown on Transaction Details page
[#461] EnhancementAdded support for PostgreSQL type databases
[#483] EnhancementAdded timed logs for auth API messages for debug log level
[#487] EnhancementAdded functionality to override the 3DS Server reference number when performing Mastercard compliance testing
[#488] EnhancementRedesigned the DS Certificate page to more easily manage CSRs as well as streamlining buttons
[#493] ChangeDefault Test Merchant is no longer able to be deleted, as it is used for test purposes
[#497] EnhancementAdded support for DB2 type databases
[#499] EnhancementCommon name of DS CSRs will now be pre-filled if 3DS Server URL is available
[#505] ChangeWhen browser info collecting or the 3DS method is skipped, actual error message with required fields missing is now shown
[#508] EnhancementAdded ECI value to be shown on Transaction Details page
[#516] ChangeChanged error message on login page to eliminate risk of username enumeration
[#520] ChangeChanged the moment.js file to be loaded locally rather than from an external CDN
OtherMinor bug fixes, performance and security enhancements

ActiveServer v1.0.5

[Release Date: 04/07/2019]

ChangeDescription
[#322] FixFixed issue that could cause times and dates on administration interface to not display in users local time zone (set from user profile)
[#378] EnhancementAdded functionality to download CA certificate bundle from merchant details page
[#401] ChangeFor new installations, changed the default system keystore filename pattern to be as_sys_"randomUUID.jks"
[#402] FixFixed issue causing "3DS Server Transaction ID", "Min purchase amount", "Max purchase amount" not to display correct transaction search results
[#412] FixFixed issue causing a user to not lock after exceeding maximum password attempts
[#422] FixFixed issue causing incorrect value to be displayed for Directory Servers > Settings > HTTPS callback port
[#428] ChangeUpdated /api/v1/auth/3ri auth API request to require a {messageCategory}
[#433] ChangeRemoved .html suffix from all pages
[#446] EnhancementImproved error messages for invalid values on merchant details page
[#448] EnhancementImproved logic and error handling for importing Directory Server certificates
[#449] EnhancementChanged system labels for improved readability - Directory Server > Settings > 3DS Server URL (previously External URL), Directory Server > Settings > HTTP listening port (previously HTTPS callback port), Settings > 3DS2 > API URL (previously Auth API URL)
OtherMinor bug fixes, performance and security enhancements

ActiveServer v1.0.4

[Release Date: 31/05/2019]

ChangeDescription
[#386] FixFixed an issue that could cause an error during the activation process when a HSM is being used
[#390] EnhancementAdded functionality to change the HSM PIN via the Settings > Security page
[#380] EnhancementAdded Amazon Aurora MySQL 5.7 to compatible databases

ActiveServer v1.0.3

[Release Date: 27/05/2019]

ChangeDescription
[#376] ChangeUpdated enrol API response to provide result enumeration as 00 or 01 values
[#379] FixFixed issue that could cause dashboard historical data not to display
[#380] FixFixed issue causing merchants with old DS enum values to show an error when accessed

ActiveServer v1.0.2

[Release Date: 24/05/2019]

ChangeDescription
Database SupportAdded support for MSSQL Server 2017
[#301] EnhancementUpdated the Admin API endpoints to use .x509 authentication
[#349] ChangeChanged log file format from as.dd-mm-yyyy.log to as.yyyy-mm-dd.log and to be stored in base logs folder
[#356] ChangeChanged default values for DS ports in application-prod.properties to be in the 9600 range
[#368] FixFixed issue that was causing enrol API to return an Internal Server Error
[#373] EnhancementAdded CA certificate download to User Profile page to be used with API requests

ActiveServer v1.0.1

[Release Date: 17/05/2019]

ChangeDescription
[#326] FixFixed issue causing side menu to load slowly on some browsers
[#327] FixFixed compatibility issue when using Oracle DB
[#328] ChangeAdded acsReferenceNumber to the AuthResponseApp API
OtherMinor bug fixes, performance and security enhancements

ActiveServer v1.0.0

[Release Date: 09/05/2019]

ChangeDescription
ReleaseInitial release