ActivID ActivClient 8.3 Release Notes

Bug Fixes in ActivClient 8.2.1

• Fixed PIV API call (pivCrypt method) (Case #00008535)

• Fixed PIN caching issue causing problems with authentication (Cases #00008518, #00008645)

• Fixed card profile loading on some older cards — Crescendo C11xx, Cyberflex Access 64K V2c (Cases #03473835, #00007969, #03494662)

• Installer — Fixed PIN handling for 32-bit applications (Case #00008778)

• Installer — Fixed Calais registry script invalid format handling

• Installer — Fixed localization issue with Users group resolving

Bug Fixes in ActivClient 8.2

• Thales IDCore 3230 support - PIVEP mode failed to send signed email

• Installation - Install ActivClient path under system env variables (#00007842)

• Installation - Change in internal PowerShell script signing (#00008124)

  Details: In order to sign the inner PowerShell scripts, we are now signing directly using the Advanced Installer in-built signing feature.

• Improved compatibility with some Crescendo cards

New Features and Bug Fixes in ActivClient 8.1.0

• Pass credentials for RDP connections

• Support for Thales IDCore 3230 including VCI (Virtual Contact Interface)

• Do not store public key if ActivClient also stores certificate (Case #03228411)

• Fix unlock of cards with custom XAuth profile (Case #03291662)

• Fix structure of GPO policy file HIDGlobal.ActivClient.admx

• Do not auto-initialize empty cards in AC minidriver

• Advanced Diagnostics reader driver not shown

ActivClient 8.1.0 MSI Installer Improvements

• Mozilla Thunderbird PKCS#11 configuration feature removed

• Software Auto Update feature removed

• The GPO list provided by the SettingsManagement feature has been updated to remove policies that are no longer relevant.

• Azure multi-session OS support: when installed in a multi-session by one user, ActivClient is immediately accessible to everyone. For example, upon installation, the smart card agent is started automatically in each user session. This is carried out by the task scheduler. Similarly, uninstalling removes the software for all users and leaves the machine clean (without a need to reboot).

• Upgrade by direct install of the new version should by fully functional. No reboot needed neither before nor after, and no need to uninstall ActivClient beforehand.

• During interactive upgrade/uninstall, warnings about resources being used will no longer be displayed. Also no reboot warnings should be visible.

  Note: During interactive upgrade, this change will become visible only later, when upgrading from 8.1.0 (because this behavior is also caused by the version from which you are upgrading).

• In case of interactive install, in the Setup type dialog box, the Next button is enabled with the predefined Typical install action.

ActivClient 8.1.0 MSI Installer Bug Fixes

• In some cases, the minidriver install step was failing due to the minidriver signing certificate not being imported to the certificate store successfully. Fix modifying relevant custom action PowerShell script.

• •In rare cases, the minidriver Calais registry was not properly distributed/cleared due to a minor error in a PowerShell script.

• TransactionTimeoutMilliseconds registry entry moved to correct registry key, in other words, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Base Smart Card Crypto Provider.

• When version 7.4.3 was installed, all ActivClient DLL files and binaries were installed as shared components. This was occasionally resulting in ActivClient not being completely removed upon uninstall/upgrade. This happened when the shared DLL registry entries got corrupted.
  
  Since version 8.0.0, ActivClient no longer register components as shared. In addition, version 8.1.0 implements a check and automatically fixes the corrupt state.

• An inconvenient PowerShell API was used to write a larger amount of a registry value, which prolonged the installation by more than-20 seconds. This bottleneck was entirely removed, thus significantly speeding up installation.

• The UAC prompt during the ActivClient install now displays the correct MSI name.

• Minor bugs related to upgrading from 8.0.0 to 8.1.0 were fixed.

Bug Fixes in ActivClient 8.1.1

• Fixing the corner case in installation script when Calais registry was in unexpected state (Case #03358358)

• Fixing the corner case incompatibility issue in installer scripts execution policies

• Added support for the Virtual Contact Interface (VCI), a NIST security requirement to allow the non-card management operations to be carried out over contactless interface in a highly secure manner.

• ActivClient 8.0.0 is a major release, featuring streamlined installation, enhanced compatibility, improved performance, and advanced security. ActivClient strongly recommends that customers refer to the documentation during the upgrade and installation process to fully leverage these enhancements while ensuring a smooth transition.

• Support for new HID Global Crescendo Devices

  ActivID ActivClient 7.4.3 now supports Crescendo 3000 smart card and Crescendo Key V2 USB token.

• Enhancement: Support for Enterprise Crescendo profiles

  ActivID ActivClient now supports Enterprise Crescendo device profiles available with "ActivID Credential Management System 5.8 (coming end of August 2022)", the new profiles are compatible with Crescendo 2300 cards and Crescendo Key and offer more flexibility.

• ActivClient won’t install due to a revoked certificate

  To fix installation issues due to the revoked code signing certificate used with ActivClient 7.4, a new base release 7.4.1 is created to support customers installation of ActivClient. This version supports upgrades from ActivClient 7.1 till ActivClient 7.4 to ActivClient 7.4.1.

• TransactionTimeoutMilliseconds in HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Calais is set to 5000ms to give the maximum allowed time for each individual Smartcard API call to execute without any timeout.