General

General release notes affect the PASS application, but not necessarily a specific module.

General tasks may be found in TP4 release notes or in TP6 release notes.

Version Type Description ID
TP6 21.17.0.0 ENH
Updates have been made to Trapeze6 security defaults:

  • Default password complexity rules have been updated in Properties:

    • Core/Security/Policy/Minimum Password Length: Minimum length in characters of a valid password. A value of 0 allows empty passwords. Default value is 8.

    • Core/Security/Policy/Password Required Character Types: Specifies character types that must be included in all passwords. This property depends on other password policy context properties. Options are: Upper case alpha character, Lower case alpha character, Symbol character, and Number character. By default, all four character types must be used.

    • Core/Security/Policy/Password Hashing/Algorithm. Select the way passwords are hashed and stored in the CoreIdentity table:

      1. TCF1 (64-bit hash). Original algorithm used for backward compatibility when older client and server applications that do not support newer algorithms are connected to the same database.

      2. PBKDF2 (192-bit hash). Industry-standard password hashing function, used to produce a 192-bit hash incorporating a 192-bit cryptographically random salt. (Default.)

    • Core/Security/Policy/Password Storage/Algorithm: Applies to stored passwords in context properties and Service Shell profile files. Select one of the following values:

      1. AES256 (Private key) - Select for stronger encryption using a randomly generated private key. (Keyfile.bin in the Config folder)

        This will require manual copying of the Keyfile.bin to other application installation folders if there is more than one installation sharing the same database. Otherwise, the other applications won't be able to decrypt the stored passwords. If this file is lost then the stored passwords will not be retrievable and will have to be re-entered using a new Keyfile.bin.

      2. AES256 (System key) - Select for stronger encryption using the system key built into the application framework. (Default)

      3. TCF1 - Select this for backward compatibility for older versions that do not have this option.

        Note:
        If Core/Security/Policy/Enforce Password Policy on Next is selected, users may need to reset their passwords to meet new default requirements the next time they sign in.
 DEVCORE3-5470
TP6 21.17.0.0 ENH

Descriptions for the following Service Shell switches have been updated:

  • Core/Security/Authenticate: Turn OFF to disable username/password authentication and permission checks. DEPRECATED! This switch may be removed in a future version.

  • Core/Security/Check Permissions: Turn OFF to disable permission checking (even if Authentication is still ON.) DEPRECATED! This switch may be removed in a future version.

 DEVCORE3-5470