We are pleased to announce Topicus KeyHub 15.2. This is a smaller release that brings some user interface enhancements, better integration with OIDC providers and some overall security improvements. As usual, a number of smaller improvements have been made and several issues have been fixed.

Searching vault records on the dashboard

TKH-1307 TKH-1322 When searching for vault records on your dashboard, records that have a name starting with your query are displayed first. Next, records containing your search query in the name are displayed, followed by all other records that match in other parts (like the username, URL or filename). In addition, the name of the vault is now also shown.

Security improvements

TKH-1146 TKH-1277 TKH-1323 TKH-1340 We are continuously working on the security of Topicus KeyHub. In this release, we focused on Topicus KeyHub via the browser by further restricting the Javascript APIs that are available. Also, we've upgraded JQuery to the latest version. Our TOTP implementation now has replay protection, which will block an attacker that is somehow copying your keyboard actions.

For OIDC directories, you can now specify acr_values. When your OIDC provider supports this attribute, this will force the OIDC provider to perform a certain level of authentication, such as two factor. Topicus KeyHub will assert that the returned acr claim in the id_token contains one of the specified values.

Small improvements

The following smaller improvements and bug fixes were made:

  • TKH-1262 The auditor dashboard now shows a marker for groups that are more than one month overdue for their periodic audit.
  • TKH-1319 The virtual appliance now has better handling of DNS updates via DHCP.
  • TKH-1324 The experimental native CLI is now compiled with the latest version of GraalVM and no longer needs a JRE installed.
  • TKH-1325 The installer is now more reliable when transferring the browser to the new URL.
  • TKH-1326 The size of the artifacts has been reduced greatly. For example, the netinstall ova went from 1378 MB to 1011 MB, a reduction of almost 27%.
  • TKH-1328 The statistics page has been renamed to about.
  • TKH-1331 It is now possible to configure the sender address for e-mail sent by Topicus KeyHub.
  • TKH-1332 Some textual changes were made to the My groups page.
  • TKH-1336 The configuration of the internal Postfix daemon has been improved dramatically, supporting SASL authentication and allowing custom parameters.
  • TKH-1341 A bug was fixed where a user could get a permission denied when request technical administration on a group.