We are proud to announce Topicus KeyHub 24. This release contains a number of enhances that greatly simplify the maintenance of a Topicus KeyHub installation. Also, with the addition of a new dashboard for service accounts, security officers get even more insights into the security of the organization. As usual, a number of assorted smaller changes and bug fixes are also included.
Service accounts dashboard
TKH-2194 A third dashboard displaying service accounts is now available to security officers. This dashboard gives an overview of all service accounts, the systems on which they resides and their settings. Detailed information is available with just a single click. Of course, all this information can be exported to CSV.
Service accounts dashboard
Logins from multiple IP addresses
TKH-2095 When switching between IP addresses, for example after enabling VPN, Topicus KeyHub 23 would prompt for renewed authentication every time. This can be a nuisance when it happens often. Therefore, Topicus KeyHub 24 will now remember for which IP addresses re-authentication has been performed within a session and not prompt for these addresses again. This greatly reduces the number of times you have to authenticate.
Support dumps and hotfixes
TKH-1891 Sometimes things do not go as expected and troubleshooting is required. This often involves collecting log files and system statistics. When running in a clustered setup, this process must be repeated on all nodes. We now offer the creation of a support dump with just a few clicks. This dump will contain all logs for a given date and statistics for all nodes in the cluster. Furthermore, the dump can be encrypted for safe transport.
TKH-2366 In the event of an acute issue, such as an important security incident, it may be required to apply a hotfix to an installation. In Topicus KeyHub 24, we added the abillity to apply certified hotfixes. These fixes are signed by Topicus Security and can therefore not be tampered with. Also, these fixes can be applied without any technical know-how.
Changes to the licensing
TKH-2372 With Topicus KeyHub 24, we introduce our fourth iteration of our licensing model. In this iteration, some features are better aligned with the user expectations. We've also removed some parameters that only caused confusion. It is now possible to configure a user reserve under the notification centre and have Topicus KeyHub send warnings when your installation is about to run out of seats.
The following smaller improvements and bug fixes were made:
TKH-847Some improvements were made to tests to better match with actual use of KeyHub.
TKH-2181The file date is now shown next to the backup name.
TKH-2190Service accounts are now also supported on LDAP and Azure.
TKH-2328It is now possible to place the same port in multiple firewall zones.
TKH-2333Permissions are now enforced more strictly on queries on the Topicus KeyHub backend. This prevents cicumstantial data gathering.
TKH-2354Password recovery shares are now linked to the group from which they originated and are revoked immediately when a share holder leaves that group.
TKH-2359The error message for missing vault access has been improved and now also mentions the name of the group.
TKH-2362An error was fixed when performing a TOTP time synchronization when 2FA is restricted on the directory.
TKH-2363It is no longer possible to remove the
keyhubuser from the KeyHub Administrators group.
TKH-2364Python 3.6 is now completely removed from the OS, only the platform Python and Python 3.9 remain.
TKH-2365The directories for offline updates are now cleared on systems that do not use offline updates.
TKH-2367Switching from online to offline now correctly disables automatic updates.
TKH-2368Normal members of a group can no longer remove shares for vault records.
TKH-2371An error was fixed that could cause invalid signatures when a migration of the vault cryptography was performed.
TKH-2376A textual error was fixed in the password recovery mails.
TKH-2377Offline installs no longer try to connect to online Almalinux repositories.
TKH-2379An error was fixed when creating a new application.
TKH-2380OAuth2 clients can now get permission to assign group classifications.
TKH-2381A styling error was fixed on the vaults page that caused the end date to be unreadable.
TKH-2398The query to fetch audit records for the dashboard was improved significantly to improve performance, memory usage and fix a potential overflow.
TKH-2384Changes to the network settings made directly on the terminal after installation were not applied correctly.
TKH-2386The message shown when trying to leave a group as the only (or last) member was improved.
TKH-2391Navigation between shared vault records and the shares has been improved.
TKH-2392Stability of the database replication has been improved significantly when changing the layout of a cluster.
TKH-2400Memory usage of the application has been reduced by not initializing some unneeded components.
TKH-2402Removing members from groups with nesting caused incorrect audit records to be written.
TKH-2403Some translations for validation errors were missing.