Release 5.2.3 Private Cloud

Progress® Rollbase® Version 5.2.3 Release Notes

 

Release Date

August 20th, 2018

Fixed Issues

Case ID Defect ID Description
00455628 RB-8454 Views throw error when using CURR_USER in view filters

  • For information on supported platforms, see here.
  • For Third party acknowledgments, refer product documentation or the installation directory.



Rollbase 4.4.4

Enhanced Hashing and Encryption Algorithms for Rollbase Private Cloud

SHA‐512 as Hashing Algorithm

Rollbase has upgraded its password hashing mechanism to SHA‐512. Each hashing process combines plain‐text password with random salt generated using cryptographically secure pseudo‐random number generator (CSPRNG). Existing passwords will be re‐hashed using SHA‐512 after user login.

Encryption Algorithm Private Key

Rollbase supports encryption for text, phone, and email fields, and contents of file upload fields. All these data are by default encrypted using AES (Advanced Encryption Standard) with 128‐bit key size.

When the system restarts after upgrading to 4.4.4, a private.key file that contains the secret key unique to your Rollbase instance is generated and saved in your Rollbase config folder on your master machine at <ROLLBASE_HOME>/config/security.

NOTE: Store a copy of the generated key in a secure place so that it is available for situations such as disaster recovery, or machine changes. This file is created and managed by Rollbase and should not be edited locally.

All fields currently encrypted using default encryption algorithm (AES‐128) will continue to function correctly. They will be decrypted and then re‐encrypted using your preferred algorithm and generated secret key the next time they are edited and saved.

AES‐256 Encryption Algorithm Support

Rollbase now also supports encrypting data using AES with 256‐bit key size. This is a system wide choice and managed through the shared property ‐ ‘EncryptionType’.

To make use of AES‐256 on a Rollbase Private Cloud:
  1. Set value of shared property ‘EncryptionType’ from 0 to 1. This is a one‐time setting. Once set to 1, reverting to 0 is not recommended. If no value is specified, ‘EncryptionType’ uses its default value, 0. No additional changes are required if you want to continue using AES‐128.
  2. Install Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files 8 to enable the 256‐bit Key Size used by AES‐256. For download and usage instructions, see here.

Note: If these JCE files are not installed and the property ‘EncryptionType’ is set to 1, encryption attempts will fail with the exception: Illegal Key Size.

Important: Support for unique constraint validation on encrypted fields has been deprecated. Thus, unique checks on encrypted fields will not work. Encrypted fields cannot be audited, marked unique or indexed as part of the search engine. Once set, this option cannot be removed.