Untitled :: MTG Documentation

Release 3.8.0

Date: 2025-08-12

Bugfixes

MTG KMS-SERVER
- When using a Galera cluster with mariadb, the error “Deadlock found when trying to get lock” may occur. By repeating the transaction, the deadlock is now resolved. The deadlock is still displayed as a warning in the log file.
- According to mariadb.com/kb/en/mariadb-galera-cluster-known-limitations, a delete statement is not supported on tables without a primary key. Therefore, one was introduced on all tables with mariadb where the primary key was missing. This mainly affected the history tables.
MTG Mini-CA
- According to mariadb.com/kb/en/mariadb-galera-cluster-known-limitations, a delete statement is not supported on tables without a primary key. Therefore, one was introduced on all tables with mariadb where the primary key was missing. This mainly affected the history tables.

All MTG Java Application Projects

none

Features and updates

All MTG Java Application Projects

List of all MTG Java Application Projects see [MTG_ERS_JAVA].

Supported Operating Systems [OS].

Spring boot version increased to 3.5.4 (includes tomcat 10.1.43).
For all ERS-KMS components, the documentation is now available at docs.mtg.de/enterprise-resource-security-kms/latest/introduction.html With the next release only the online documentation will be available.
MTG KMS-SERVER
- Update Audit Handling for KMIP-ERROR
- For new timeout values for the connection to MTG Mini-CA, see the installation manual.
  - minica.connection-timeout-in-seconds
  - minica.read-timeout-in-seconds
- For new timeout values for the connection to KeyCloak, see the installation manual.
  - openid.client.connection-timeout-in-seconds
  - openid.client.read-timeout-in-seconds
- The timeout value openid.client.admin.timeout-in-seconds is no longer valid, has been replaced by openid.client.read-timeout-in-seconds, and the old property can be deleted.
- Health check no longer checks the connection to Keycloak by default, but can be reactivated via management.health.openID.enabled=true.
- New chapter Galera Cluster with MariaDB inside installation manual.
MTG KMS Crypto API
- New timeout values for connecting to MTG KMS Server Kmip API, see installation manual.
  - kms.server.kmip.connection-timeout-in-seconds
  - kms.server.kmip.read-timeout-in-seconds
- New timeout values for the connection to KeyCloak, see installation manual.
  - openid.client.connection-timeout-in-seconds
  - openid.client.read-timeout-in-seconds
- By default, health check no longer checks the connection to the MTG KMS server Kmip API, but can be reactivated via management.health.kms.enabled=true.
MTG KMS-BYOK
- New timeout values for connecting to MTG KMS Server Kmip Api, see installation manual.
  - kmip.connection-timeout-in-seconds
  - kmip.read-timeout-in-seconds
MTG KMS-PKCS#11 Server and MTG KMS-TTLV Proxy
- Timeout values for connecting to MTG KMS Server Kmip Api deprecated removed from installation manual.
  - kms.timeouts.response
  - kms.timeouts.write

MTG KMS-PKCS#11-Library

Support of OpenSSL versions, see [OpenSSL_compatibility].

Supported Operating Systems [OS_PKCS11].

The version of the BOM formats from CycloneDX was increased from 1.3 to 1.4.

MTG KMS-UI

Upgraded libraries.

Installation instructions

MTG KMS-SERVER , MTG Mini-CA
- In case of using a Galera cluster, before starting the MTG KMS-Server and the MTG Mini-CA, the contents of the history tables must be archived if necessary, and then all contents of the history tables must be deleted, otherwise the automatic generation of the primary keys will not work! This manual step is necessary because deletion without primary keys only works reliably manually.