Skip to content

Release Notes 1.17.0

CEP 1.17.0 implements our new container design, based on Center for Internet Security (CIS) guidelines, and resolves several issues.

What Has Been Improved

CIS-Based Container Design

The container design has been updated to align with CIS guidelines. This includes changes to the base image, user permissions, and file system structure to enhance security and compliance. As part of this change, the application port changed from 443 to 8443. Therefore it is nessary to update your docker-compose configuration to reflect this change.

Update Instructions

To update your docker-compose configuration, adjust the port mapping in your existing docker-compose.yml file as follows:

docker-compose.yml
services:
  cep:
    # The CEP container does not require any additional capabilities to function 
    # properly, and dropping all capabilities can help mitigate potential risks.
    cap_drop:
      - ALL
    ports:
      # The target application port has changed from 443 to 8443.
      - "8443:8443"

To improve security and reduce the overall attack surface, the new container design removes most command-line tools from the container. As a result, undocumented commands will no longer be available. We have also streamlined the container's webserver and removed most modules to further minimize the attack surface. If you use custom headers configurations that depend on specific modules, please review the new container design and update your configuration accordingly.

New App Store and Play Store Screenshots

The Opentext Advanced Authentication screenshots for the App Store and Play Store have been updated.

Resolved Issues

Issues

  • Serial number automation for HOTP tokens did not work with algorithms other than YubiKey. This has been fixed, and the configured serial number length is now respected when using Swissbit and other vendors' HOTP tokens. For all non-YubiKey algorithms, the CEP_HOTP_SERIAL_LEN parameter is now respected.
  • Fixed inconsistent URL generation that could lead to incorrect or broken links in some parts of the interface.
  • Fixed an error in the device handling flow that occurred when the required device services were not available.
  • Fixed Windows Hello enrollment when the comment field is disabled.
  • Fixed the image selection in the FIDO2 enrollment view.
  • Added missing translation strings and corrected German translations.