We are proud to announce the 17.1 release of Topicus KeyHub. This release brings private groups and restricted accounts, the ability to increase the disk space available to KeyHub, several improvements in the upgrade process and we upgraded python to version 3. In addition, a number of smaller improvements have been made and several issues have been fixed.
Note: Due to some major upgrades behind the scenes, the update process can take longer than usual, up to 15 mins after creating the backup.
Improved update process
TKH-1553
TKH-1557
TKH-1558
TKH-1559
TKH-1562
TKH-1565
TKH-1569
TKH-1572
TKH-1581
We've worked hard to stabilize and improve the upgrade processes, both "online" and "offline". Among other things we fixed problems in for "offline" upgrades, problems when upgrading the database from an older KeyHub version and we stabilized applying system updates for salt so this process should be less finicky. We thank our customers for their patience and assistance with troubleshooting and resolving the issues we ran into.
Private groups and restricted accounts
TKH-1505
We added the ability to mark a group as private. Private groups are not visible to users unless they are a member of the group. Normal users can not request to join a private group and have to be added by one of the group's managers.
We also reworked the "restricted accounts" feature. An account that is marked as restricted ("Can request group access" is set to "No") can not see any groups they are not already a member of. In essence, every group is marked private from their point of view.
Users who can't see a particular group (whether because the group is private or their account is restricted) are also unable to do things like move vault records to such a group.
KeyHub administrators and auditors will always be able to see all groups, but only on their role-specific pages (such as the auditor dashboard).
Increase and allocate available disk space
TKH-1410
TKH-1571
If your KeyHub installation is nearing the end of available disk space you can now give it a larger disk.
After increasing the size of the disk available to the VM, you can then allocate the newly-available space from the appliance manager.
Small improvements
The following smaller improvements and bug fixes were made:
TKH-1393
It is now possible to import PKCS#12 certificate containers (.p12) as an alternative to PEM files.TKH-1431
We upgraded Python to major version 3.TKH-1509
We improved the feedback on invalid combinations of certificate/networking options during installation or configuration.TKH-1534
The initial certificate generated during first boot will no longer have a not-before value in the future in case of timezone difficulties.TKH-1536
You will no longer be logged out during installation if the initial and eventual url for the appliance manager are the same.TKH-1542
We added support for U2F/CTAP1 security keys.TKH-1543
KeyHub should no longer send an unusable 2FA notification to the KeyHub app on your phone if you're using security keys.TKH-1544
We improved the styling of the 2FA pages during login and registration.TKH-1548
A self-signed certificate generated during install will now use the correct hostname.TKH-1549
KeyHub will now give more meaningful feedback if the uploaded certificate fails to validate due to certificate chain errors.TKH-1550
Vault records containing only a comment can once again be opened.TKH-1552
We renewed the install license that comes with the KeyHub installer.TKH-1554
To assist with restrictions on the devices used, it is now possible to disable manual configuration of 2FA. Users can then only set up one 2FA method, and can only configure a new one after a reset request has been accepted by the helpdesk group.TKH-1555
KeyHub now generates some extra characters at the end of the rotating password to improve compliancy with password complexity restrictions.TKH-1556
Webhooks can now be given a name to better characterize their function.TKH-1561
We limited the memory usage of the login page.TKH-1564
KeyHub now forces a password sync as soon as it detects a mismatch between the password used for KeyHub and the password in the source directory.TKH-1567
We fixed the permissions for a configuration file that lead to errors while applying a change in the KeyHub configuration.TKH-1573
We fixed a bug where editing a vault record could result in an error.TKH-1574
The TOTP code field should no longer suggest it is optional.TKH-1575
The Topicus KeyHub MTA container should restart less often after configuration updates.TKH-1583
A race condition was fixed that could cause a user session to become unusable.