Release Notes

This page provides the latest information about the ActivID Validation Responder.

What's New

  • Software Upgrade

  • Log4j2 Support

    • ActivID Validation Responder now supports Log4j2.

  • Platform Support

    • Windows Server 2022

  • HTTPS Directory Support

    ActivID Validation Responder now can be configured with an HTTPS directory URL as a proof list source. This helps securely exchange the proof list source data when the directory option URL is chosen.

  • IPv6 support

    ActivID Validation Responder now supports IPv6. For full compatibility with IPv6, all the components of Validation Suite must be in version 7.3.

  • Security Improvement

    ActivID Validation Responder now also supports audit logs for user management to meet security requirements.

  • Latest Environment Support

    ActivID Validation Responder now supports Microsoft Windows Server 2019 (64-bit) or Redhat Linux v8 (64-bit).

Hotfix Information

Tomcat upgraded through a hotfix (FIXS2406000) to fix the vulnerabilities. For details on the Tomcat upgrade and how to install this hotfix, refer to the readme file that comes with the hotfix zip package.

Important: Before you apply this hotfix, ensure that you have installed the Validation Responder 7.4.

List of Tested Configuration

For this release, the following are the list of tested JDK and Operating System combinations.

Operating System JDK Version
Windows Server 2016 OpenJDK 11.0.2
Windows Server 2019

OpenJDK 11.0.2/15.0.2

Oracle JDK 11.0.12/15.0.2
Windows Server 2022

OpenJDK 11.0.2/15.0.2

Oracle JDK 11.0.12/15.0.2
RHEL 7

OpenJDK 11.0.2

Oracle JDK 11.0.12/15.0.2
RHEL 8

OpenJDK 11.0.2

Oracle JDK 11.0.12

SSL Ciphers

Validation Responder Appliance is configured by default with the following list of ciphers – used with TLS 1.2 protocol.

  • ECDHE-RSA-AES256-GCM-SHA384

  • ECDHE-RSA-AES128-GCM-SHA256

  • ECDHE-RSA-AES256-SHA384

  • ECDHE-RSA-AES128-SHA256

  • SSL_ECDHE_RSA_WITH_AES_128_CBC_SHA256

  • SSL_ECDHE_RSA_WITH_AES_128_GCM_SHA256

  • SSL_ECDHE_RSA_WITH_AES_256_CBC_SHA384

  • SSL_ECDHE_RSA_WITH_AES_256_GCM_SHA384

  • SSL_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256

  • SSL_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256

  • SSL_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384

  • SSL_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384

  • SSL_DHE_RSA_WITH_AES_256_CBC_SHA256

  • SSL_DHE_DSS_WITH_AES_256_CBC_SHA256

  • SSL_DHE_RSA_WITH_AES_128_CBC_SHA256

  • SSL_DHE_DSS_WITH_AES_128_CBC_SHA256

  • SSL_DHE_RSA_WITH_AES_256_GCM_SHA384

  • SSL_DHE_DSS_WITH_AES_256_GCM_SHA384

  • SSL_DHE_RSA_WITH_AES_128_GCM_SHA256

  • SSL_DHE_DSS_WITH_AES_128_GCM_SHA256

Note: Customers that desire to change these values can do so by modifying the property ciphers in the file C:\Program Files\HID Global\Validation Responder 7.4\responder\conf\server.xml
Note: You might need to adjust the cipher list during the configuration to make sure SSL handshake negotiations end up with the cipher of your choice.

ActivID Validation Responder has been tested with the following web browsers:

  • Google® Chrome

  • Firefox®

  • Microsoft Edge®

Known Problems and Limitations

Important: Before upgrading to version 7.4 from Validation Responder 7.3, you should upgrade to latest browser version.

The Linux installer adds links for "Configure Validation Responder" and "Validation Responder Status" to your home directory. DO NOT USE THEM. Instead, use the appropriate script files as documented in the formal Validation Responder Installation and Configuration Guide.