We are happy to announce the release of Topicus KeyHub 18.1 at the start of summer. With this release we offer the ability for an additional authorization step for group membership requests, leaving final approval up to a different group altogether. We also did some preparatory work for an upcoming "social recovery" feature for account passwords, including vault access, and we took some steps in the automation of our release pipeline. As usual, we implemented a number of smaller improvements and fixes for several issues.

Important notice: Undisclosed security vulnerability

TKH-1729 TKH-1731 Internal auditing revealed that under some conditions permissions were not correctly checked against the right policies when operating directly on our back end. We strongly recommend all installations to be upgraded to 18.1. Topicus KeyHub customers can inquire for more information.

Authorizing groups for group membership

TKH-1687 TKH-1721 We've added the ability for group managers to link a different KeyHub group to their group to authorize group memberships as an optional extra step. This enables organizations to have group membership approved by accounts who are not themselves a member of the requested group, such as department heads who are responsible for certain access privileges, but are not supposed to have or need that access themselves.

Group managers will still be responsible for the initial evaluation of a group membership request. After approval by a group manager, a subsequent request will be made to managers of the authorizing group (if configured). Only after this final approval will the requested membership be granted.

Upcoming "social recovery" feature

TKH-1741 We're in the process of adding an exciting new feature that will enable users to recover their account, including vault access, if they lost their password. After discussion with expert panels formed by some of our customers we designed a protocol based on Shamir's secret sharing. With this release we make some preparations in the back-end code to prepare for this functionality, which we expect to deliver in the coming months.

Small improvements

The following smaller improvements and bug fixes were made:

  • TKH-1651 We limited the set of commands available through the Salt API in an effort to harden the security of our appliance.
  • TKH-1670 TKH-1671 TKH-1672 We improved our release pipeline by automating most steps so that they can be run from our build server.
  • TKH-1673 We now show the username as it will be used for a specific provisioned system, next to that system on a user's profile page.
  • TKH-1692 The appliance manager no longer "hangs" in an incorrect state on a node newly added to a cluster.
  • TKH-1699 We upgraded SaltStack to version 3003.
  • TKH-1701 We now collect the exact versions used for every library, package and module during the build process as an aid in determining software security risks.
  • TKH-1705 Pgpool should now be able to recover its connection automatically when a database becomes available again.
  • TKH-1712 An error was fixed that prevented users from accessing a shared vault record when they're not allowed to see the group it is being shared from.
  • TKH-1713 TKH-1738 We fixed the description for several types of audit records.
  • TKH-1714 The appliance should now automatically reboot after installing upgrades (if required).
  • TKH-1715 We removed stacktrace logging for requests that lead to 4xx http response codes. Client errors should not result in log spam.
  • TKH-1716 With help from several of our users we identified and fixed a possible login-loop when using SSO against KeyHub with a security key.
  • TKH-1717 We added proper input validation checking in some query parameters of our REST API where it was missing.
  • TKH-1719 Sending invalid JSON to our REST API now properly results in a HTTP 400 response.
  • TKH-1723 Schedules for backups and updates are now validated before applying and invalid schedules result in proper error feedback.
  • TKH-1725 Attempting to upload a license whose limits you've exceeded will now result in proper error feedback.
  • TKH-1726 Audit records concerning a request will now contain a reference to that request so they can be grouped together more easily.
  • TKH-1732 Accounts are now properly deprovisioned when removing a group on system, rather than showing an error.
  • TKH-1733 We marked several properties throughout our REST API as read-only.
  • TKH-1735 Pgpool has been upgraded to 4.2.3.
  • TKH-1736 We improved the stability of several of our automated tests related to the activation of groups on the dashboard.
  • TKH-1742 Removing a node from the cluster should no longer result in errors in the appliance manager that can only be resolved by logging out and in again.
  • TKH-1745 We increased the early warning period for expiry of KeyHub's IDP certificate from two weeks to three months.
  • TKH-1746 We improved the reliability of the url switch during KeyHub's installation process.
  • TKH-1751 An issue was fixed that could cause a user to get stuck during re-registration.
  • TKH-1758 Login via SSO on the appliance manager now also works when running multiple instances in a cluster.