Emond Papegaaij 10/02/2023 6 min read

Topicus KeyHub 24

We are proud to announce Topicus KeyHub 24. This release contains a number of enhances that greatly simplify the maintenance of a Topicus KeyHub installation. Also, with the addition of a new dashboard for service accounts, security officers get even more insights into the security of the organization. As usual, a number of assorted smaller changes and bug fixes are also included.

 

Service accounts dashboard

TKH-2194 A third dashboard displaying service accounts is now available to security officers. This dashboard gives an overview of all service accounts, the systems on which they resides and their settings. Detailed information is available with just a single click. Of course, all this information can be exported to CSV.

Topicus-KeyHub-Service Accounts

Service accounts dashboard

 

Logins from multiple IP addresses

TKH-2095 When switching between IP addresses, for example after enabling VPN, Topicus KeyHub 23 would prompt for renewed authentication every time. This can be a nuisance when it happens often. Therefore, Topicus KeyHub 24 will now remember for which IP addresses re-authentication has been performed within a session and not prompt for these addresses again. This greatly reduces the number of times you have to authenticate.

 

Support dumps and hotfixes

TKH-1891 Sometimes things do not go as expected and troubleshooting is required. This often involves collecting log files and system statistics. When running in a clustered setup, this process must be repeated on all nodes. We now offer the creation of a support dump with just a few clicks. This dump will contain all logs for a given date and statistics for all nodes in the cluster. Furthermore, the dump can be encrypted for safe transport.

Support dumps

 

TKH-2366 In the event of an acute issue, such as an important security incident, it may be required to apply a hotfix to an installation. In Topicus KeyHub 24, we added the abillity to apply certified hotfixes. These fixes are signed by Topicus Security and can therefore not be tampered with. Also, these fixes can be applied without any technical know-how.

 

Changes to the licensing

TKH-2097 TKH-2355 TKH-2369 TKH-2372 With Topicus KeyHub 24, we introduce our fourth iteration of our licensing model. In this iteration, some features are better aligned with the user expectations. We've also removed some parameters that only caused confusion. It is now possible to configure a user reserve under the notification centre and have Topicus KeyHub send warnings when your installation is about to run out of seats.

Licensed features

 

Small improvements

The following smaller improvements and bug fixes were made:

  • TKH-847 Some improvements were made to tests to better match with actual use of KeyHub.
  • TKH-2181 The file date is now shown next to the backup name.
  • TKH-2190 Service accounts are now also supported on LDAP and Azure.
  • TKH-2328 It is now possible to place the same port in multiple firewall zones.
  • TKH-2333 Permissions are now enforced more strictly on queries on the Topicus KeyHub backend. This prevents cicumstantial data gathering.
  • TKH-2354 Password recovery shares are now linked to the group from which they originated and are revoked immediately when a share holder leaves that group.
  • TKH-2359 The error message for missing vault access has been improved and now also mentions the name of the group.
  • TKH-2362 An error was fixed when performing a TOTP time synchronization when 2FA is restricted on the directory.
  • TKH-2363 It is no longer possible to remove the keyhub user from the KeyHub Administrators group.
  • TKH-2364 Python 3.6 is now completely removed from the OS, only the platform Python and Python 3.9 remain.
  • TKH-2365 The directories for offline updates are now cleared on systems that do not use offline updates.
  • TKH-2367 Switching from online to offline now correctly disables automatic updates.
  • TKH-2368 Normal members of a group can no longer remove shares for vault records.
  • TKH-2371 An error was fixed that could cause invalid signatures when a migration of the vault cryptography was performed.
  • TKH-2376 A textual error was fixed in the password recovery mails.
  • TKH-2377 Offline installs no longer try to connect to online Almalinux repositories.
  • TKH-2379 An error was fixed when creating a new application.
  • TKH-2380 OAuth2 clients can now get permission to assign group classifications.
  • TKH-2381 A styling error was fixed on the vaults page that caused the end date to be unreadable.
  • TKH-2383 TKH-2398 The query to fetch audit records for the dashboard was improved significantly to improve performance, memory usage and fix a potential overflow.
  • TKH-2384 Changes to the network settings made directly on the terminal after installation were not applied correctly.
  • TKH-2386 The message shown when trying to leave a group as the only (or last) member was improved.
  • TKH-2391 Navigation between shared vault records and the shares has been improved.
  • TKH-2392 Stability of the database replication has been improved significantly when changing the layout of a cluster.
  • TKH-2400 Memory usage of the application has been reduced by not initializing some unneeded components.
  • TKH-2402 Removing members from groups with nesting caused incorrect audit records to be written.
  • TKH-2403 Some translations for validation errors were missing.