Release notes Topicus KeyHub 35

We are proud to announce Topicus KeyHub 35. This release brings a variety of smaller and larger improvements throughout the entire suite. One of the most notable changes is the use of a new icon set throughout the application. Of course we also made a lot of other important changes, such as a total overhaul of all permissions related to administration of linked systems and a new release of the browser extension.

Styling and user experience

New icon sets

TKH-2979 Topicus KeyHub 35 features a whole new icon set. These new icons are much cleaner and better blend in with the rest of the application. Also, this set allowed us to pick better matching icons in several occasions.

Password visibility toggle

TKH-1237 TKH-1498 TKH-1749 TKH-2953 To encourage users to use longer, complex passwords, NIST recommends to allow users to show the password. This allows the user to verify the passwords while typing. This also makes it a lot easier to type a long password on a mobile phone. KeyHub now features a visibility toggle on almost all password fields. Not only does this help to user to type the correct password, it also gives a distinct look to password fields, preventing confusion.

Browser extension

Version 7.1.0 of the browser extension was released for all supported platforms. This version not only features the new iconset, it also includes a few bugfixes and improvements:

• TKH-2568 The browser extension can now be used in an incognito window in Google Chrome and other Chromium based browsers.

• TKH-2815 When many hits are found for a page, the fill popup now correctly selects the first.

• TKH-2990 Input fields with type="text" and autocomplete="current-password" are now correctly detected as password fields.

Administration of linked systems

TKH-2850 TKH-2851 TKH-2852 TKH-2853 TKH-2854 TKH-2911 TKH-2929 TKH-2970 TKH-2971 TKH-2972 TKH-2973 TKH-2974 All permissions and pages for administration of linked systems and applications were reviewed and re-aligned. Many small tweaks were made to allow the different roles involved with a linked system to view all data related to that system. Also, add buttons were added to all pages related to groups on systems. The large number of changes should make these pages more predictable and easier to work with.

Assorted improvements

The following larger and smaller improvements and bug fixes were made:

• TKH-2756 TKH-2932 An error was fixed in our tool to generate licenses to better handle licenses with old or without features.

• TKH-2807 TKH-2980 Our incoming SCIM endpoint now supports updates and deletes.

• TKH-2859 It is now possible to connect groups on systems to access profiles for provisioning.

• TKH-2880 Excessive logging in the OpenTelemetry Collector container was fixed.

• TKH-2885 Our test infrastructure was improved to cleanup group memberships between tests.

• TKH-2891 It is now possible to stream syslog over TLS when the certificate on the receiving end is not globally trusted.

• TKH-2892 The group export on the auditing dashboard now also contains information about nested groups.

• TKH-2893 The migration of the recovery fallback group to a setting under organisational unit was completed.

• TKH-2906 TKH-2912 Many improvements were made to how the appliance managers shows and deals with updates when running in offline mode.

• TKH-2910 It is now mandatory to provide the vault recovery key when using the KeyHub Administrator override to add a new manager to a group.

• TKH-2927 KeyHub Administrators can no longer change the settings of the root organisation unit when it is owned by a different group.

• TKH-2935 When requesting a new group, the placeholder is now correctly set when a user has multiple organisational units.

• TKH-2936 The SCIM endpoint now gives correct HTTP status codes for errors.

• TKH-2937 Via SCIM created accounts are now placed in a pending accounts directory.

• TKH-2941 Vault record metadata (i.e. strength and whether it's a duplicate) is now also shared with auditors for sub organisational units.

• TKH-2942 A check was added to prevent duplicate group names when using namespaces.

• TKH-2943 Translations were fixed when adding a group to a service account.

• TKH-2944 A permission check was fixed that prevented managers from creating launchpad tiles.

• TKH-2945 TKH-2985 We now build with and for Java 21.

• TKH-2946 It is no longer possible to nest a group directly in itself.

• TKH-2949 The AWS integration now uses IMDSv2 for all calls.

• TKH-2955 A missing translation was added on the node recovery page.

• TKH-2959 An error was fixed in our test cleanup infrastructure.

• TKH-2961 Tests were added to ensure all resources are properly filtered on all permission types.

• TKH-2967 Notifications about old API versions being used can now be dismissed directly from the dashboard.

• TKH-2968 All types of subject alternative names are now displayed for a certificate in the appliance manager.

• TKH-2983 Invalid bind credentials will now cause a provisioned system to be reported as offline.

• TKH-2984 An error was fixed when unfolding folders on the dashboard in multiple browser tabs at the same time.

• TKH-2986 TKH-3009 An error was fixed that would prevent certain old requests from being cleaned up.

• TKH-3000 Encrypted backups can once again be restored from during a fresh installation.

• TKH-2880 TKH-3005 The opentelemetry collector container no longer spams in uncompressed log files.

• TKH-3008 Serviceaccounts that have their password rotation scheme set to 'manual' will no longer be inadvertently rotated if their technical administrator group also administrates automatically-rotating serviceaccounts.

• TKH-3017 Configuring the overload protection factor to be higher will now be picked up by the KeyHub application.