Release Version: 1.1.5.5-P1
Support: Patch Release
Release Date: 13-July, 2023
The 1.1.5.5-P1 release of MOSIP is a patch release which mainly focuses on performance improvements over the 1.1.5.5 version. This release also includes minor bug fixes.
The link below contains the list of bugs/ issues that have been addressed as a part of this patch release.
To know more, refer Bug fixes for 1.1.5.5-P1.
Repositories
Tags Released
commons
mosip-openid-bridge
audit-manager
keymanager
khazana
packet-manager
admin-services
id-repository
pre-registration
id-authentication
registration
resident-services
registration-client
partner-management-services
durian
biosdk-service
biosdk-client
artifactory-ref-impl
The detailed Test Reports are available at 1.1.5.5-P1 Base platform verification.
This document contains the defect fixes and features that were released as part of various patch versions on top of MOSIP v1.1.5 release.
Fix for removal of user role not getting reflected in registration client has been provided
A new datatype called “date” has been added in the registration client UI specification
Fix for issues in multi-lingual drop downs due to visibility has been provided
The flag for skipping trust validation has been removed from the registration client
Fix for MOSIP signed certificate to be updated in the master.ca_cert_store table instead of the CA-signed certificate has been provided.
Issues related to the thumbprint has been resolved. The key manager will handle both scenarios where a thumbprint is passed or not passed for decryption.
Now in demographic authentication & e-KYC, all the demographic attributes in id schema can be passed (if available in the id-authentication database).
Integration with the latest key manager done, this had the thumbprint fix.
The jaxb-api library dependency was updated for most of the repositories.
The sync API has been modified for making sure that all the certificates are getting uploaded to the registration client certificate trust store.
Fix has been provided for packet priority based fetch when there is more than one packet. Earlier we had observed that if there is more than one packet being used then correct data was not sent.
Fix has been provided so that certificates can get downloaded and stored in the registration client trust validation irrespective of timezone difference in server and client.
Photo is now being sent in e-KYC response
Fix for the registration client not able to detect the devices when started before the SBI has been provided
Fix has been provided to stay on the acknowledgement page after printing so that the user can reprint the acknowledgement. Earlier after the print button was clicked the user was automatically redirected to the home screen hence reprinting was not possible.
The issue in age calculation in the registration client due to different windows region formats has been fixed
Due to recent MDS specification changes we have modified the below sections in IDA.
Thumbprint in IDA now supports both hex and base64URL encoding
Hash validation for biometrics has changed with an option to disable it
Document Scanner
Fix for creation of low-resolution image due to cropping has been resolved
Zoom in and zoom out feature has been added in preview in document screen
Document Scanner screen now has a horizontal and vertical scroll
An option to change the crop area by dragging after crop selection has been added
JPEG compression is done on the scanned or cropped image before converting it into a PDF, which decreases the document size
Biometric Capture Screen
Post capture of Iris and Face we are now showing the captured biometric image in the UI (not the last frame)
Display issue related to good quality image replacing a lower-quality image during multiple capture attempts in biometric capture screen has been fixed
Display issue related to the warning symbol not getting removed after a proper capture has been resolved
The forced capture limit is now, same as the capture limit (it was earlier hardcoded to three)
Adjudication Stage
The stage can now handle multiple technical failures and redirects them for reprocessing. Scenarios,
Any technical failures sent by the adjudication system (when return code is sent as 2)
When an invalid reference ID is sent from the adjudication system
When there is a count mismatch between the count value and reference IDs
The stage also handles a scenario where multiple responses are received from the adjudication system, by just logging the response and not processing it
The adjudication response now supports the modalities section for each reference ID
Readiness Probe for registration processor stages
The readiness probe details in all registration processor VertX stages have been modified to remove the null pointer exception during the restart of the VertX stages
Prometheus endpoints have been added for all the stages
Option to have multiple landing zone folders has been added
Issues in stage level packet priority-based fetch for biometrics has been fixed for uin-generator-stage
Issues related to packet validation failure to reprocessing of multi-source packets has been fixed
Packet manager has been modified to fetch proper biometric data during reprocessing of multiple packets
A flag has been added for the UIN validator for disabling the validation for “repeating numbers for 2 or more than 2 digits”. Due to this change dependency in the below modules has been updated.
registration-client: 1.1.5.4
id-authentication: 1.1.5.4
id-repository: 1.1.5.3
resident-services: 1.1.5.1
Aspect logs have been added
The column bio_ref_id in the idrepo.uin table has been deprecated
The 1.1.5.5 version of MOSIP is a patch release on top of MOSIP's earlier intermediate patches released. This patch has many important bug and performance fixes which are backported from our LTS release.
This release also contains includes some new features such as the alpha version of MOSIP's first mobile application for residents and anonymous profile which are also backported from our LTS release.
Repositories
Tags Released
admin-services
audit-manager
keymanager
khazana
packet-manager
commons
mosip-openid-bridge
durian
websub
pre-registration-ui
pre-registration
mosip-ref-impl
registration-client
registration
id-repository
partner-management-services
id-authentication
resident-services
artifactory-ref-impl
mosip-infra
mosip-config
Bug Fix: In some of the stages in the registration processor, we were using class-level variables due to which packets marked as “supervisor rejected”, were getting processed. Hence, we have removed the use of class-level variables in the registration processor.
Upgrade: The maximum number of landing zones that can be added by an implementor has been increased from three to ten. #MOSIP-15978
Performance Fix: In the registration processor, now we are creating a rest template only once and reusing it for every request to avoid performance issues. #MOSIP-15712
Bug Fix: It was observed that the ABIS Handler stage is getting multiple requests for the same RID. Hence, we have added a fix to ignore duplicate requests coming for the same RID in the ABIS handler stage. #MOSIP-16638
Bug Fix: In the case of an insert request, if ABIS sends an error stating that the reference ID is already existing in its gallery, then we are considering it to be a successful response. #MOSIP-14191
Bug Fix: During packet processing, if a packet is missing in the landing zone we were throwing an error stating that the packet was not found, but if a packet is being reprocessed from the beginning of the militarized zone (from the secure zone notification stage) then the packet might be available in the object store and is deleted from the landing zone. Hence, before throwing the error we are now checking if the packet also exists in the object-store. #MOSIP-17290
Bug Fix: In demo deduplication, now we have added a check to filter out potential duplicates without biometric reference IDs when we go for bio-match in ABIS. In scenarios where a resident is updating only demographic data there is no record for ABIS, hence, if demo duplicates for such records, then, we wouldn’t be able to perform bio-match in ABIS. #MOR-133
Performance Fix: The performance of the reprocessor query has been improved by removing the use of DISTINCT in the query. #MOSIP-17860
Bug Fix: When packets are getting reprocessed in the UIN generator stage, then the system is generating a new perpetual VID and revokes the old one (if VID is already generated). Hence, we have added a check to verify if a perpetual VID is existing before generating a new one. #MOSIP-14704
Upgrade: An option to enable and disable packet processing from the secure zone notification stage based on a configuration has been added. This would help us throttle the records coming from the field using the reprocessor. #MOSIP-12276
Upgrade: An option has been added to stop the processing of packets at any stage based on the configured bus out the address. This would help MOSIP implementors to throttle records based on their desired stage. #MOSIP-18534
Bug Fix: Proper error handling in the packet receiver has been provided to avoid errors due to database null pointer constraint in the registration transaction table. #MOSIP-20110
Bug Fix: A new configuration has been added to disable audit in the registration status service library to avoid VertX thread block. #MOSIP-19982
Bug Fix: It was observed that digital signature validation was failing for child and update packets. A fix was provided for the same (after updating to the latest IDA). #MOSIP-20580 #MOSIP-20615
Bug Fix: Packets with fingerprint authentication of operators were getting stuck. A solution has been added for this. #MOSIP-20867
Upgrade: Health check endpoints have been enabled for printing, packet validator and abis middleware stages. #MOSIP-15842
Bug Fix: Unnecessary storage of temporary files has been removed in the packet receiver stage. #MOSIP-12261
Bug Fix: The child packet was getting rejected when the parent/guardian packet was in the queue for manual verification. Code has been modified to reject child packet only when parent/guardian packet is rejected. #MOSIP-20634
Bug Fix: The request for kernel notification service from the registration processor notification service has been modified to prevent URL encoding errors. #MOSIP-21070
Bug Fix: Code changes have been added to retrieve documents from data share while performing manual adjudication. #MOSIP-20837
Bug Fix: In the 1.1.5.4 version of the registration client, the operator was not able to complete the registration when the applicant had a biometric exception as in some scenarios the operator is not able to see the exception photo capture. #MOSIP-15873
Bug Fix: In the 1.1.5.4 version of the registration client, the operator was not able to complete the registration when the applicant has a biometric exception even though all the biometrics and exception photo was captured. #MOSIP-15871
Bug Fix: In the 1.1.5.4 version of the registration client, the label for any attribute having a “date” and “ageDate“ control type was not visible. #MOSIP-15910 #MOSIP-15909
Bug Fix: In the 1.1.5.4 version of the registration client, the operator was not able to move to the packet upload screen in offline mode, hence, he/she was not able to perform packet export. #MOSIP-16356
New Feature: Support for multiple user logins in the registration client from different windows user accounts has been added. So, if two users are using the same windows, and the registration client is placed in a shared location, now both the user can log in to the registration client but please note that the same application cannot run simultaneously in two accounts. #MOR-113
Upgrade: The data type for the value_json field in the dynamic fields table has been updated to CLOB so that we don’t have size limitations for dynamic fields. #MOR-134
Bug Fix: Multiple fixes were made on the document scanner page to resolve performance issues while scanning documents. The features related to resource(webcam) handling, closing stream, and releasing webcam after capture were fixed.
Upgrade: Taking max and min heap size as command-line arguments
Bug Fix: Unable to launch registration client when upgrading from 1.1.5.4 to 1.1.5.5 as some of the new columns were missing. Hence 1.1.5.5 DB upgrade scripts were added. #MOSIP-20825
Bug Fix: On restart of the registration client the local manifest was not replaced with the server manifest if the local and server version was the same. Hence the minor upgrade in the registration client was not working as expected. #MOR-148 #MOSIP-20824
Bug Fix: If the registration client was failing to identify any document scanning devices or failing to load morena manager, the operator was not able to proceed further from the demographics page. This has been fixed - the operator would be able to proceed to the document scanning page.
Bug Fix: Local dedupe check was working during registration because of a code issue. The fix has been provided.
Bug Fix: Demographics and document page were getting overlapped when navigating back from preview page to documents page. #MOSIP-20474
Bug Fix: In the biometrics details page the captured 'exception photo' disappears if navigating back to the previous screen due to which the operator had to recapture the exception photo. This has been fixed. #MOSIP-20868
Performance Fix: We have modified the current base64 encoding and decoding implementation to JAVA’s native base64 codec because it performs better than the Apache base64 codec (the current implementation). #MOSIP-17298
Performance Fix: The “exists()” method in the Khazana S3Adaptor implementation has been modified to be more performant. #MOSIP-17290
Performance Fix: JAXB Context is instantiated every time in kernel core. And it is observed that 10% of the time is spent on instantiating the JAXBContext for BIRType class in IDA e-KYC. As JAXBContext is thread-safe, we are now initializing it once and reuse to avoid performance issues. And this fix is implemented in all the methods of the CbeffValidator class. #MOSIP-17991
Upgrade: A health check has been added for the ID generator service
Upgrade: A health check has been added for PRID generator #MOSIP-15845
Upgrade: The notification service is updated by adding HTML support in the body of the email which is default by true and can be turned off by making “mosip.kernel.mail.content.html.enable” property to false.
Bug Fix: The reference ID type and reference ID in the kernel audit manager service were made mandatory whereas in the database these columns were optional leading to frequent errors in the service while storing the audit transactions. This has been fixed by modifying the audit manager. #MOSIP-18878
Performance Fix: “The validation factory in audit manager is built for every request and it uses 70% of the processing time for audit calls”. Hence, we are now creating a single instance of the validation factory during the start-up of the audit manager and we are using it for all the audit calls. #MOSIP-17565
Upgrade: The kernel core dependency in kernel-auth-adaptor has been updated.
Performance Fix: The config server health check from the kernel auth adapter has been disabled because every time the health check for the config server was called it was downloading some of the configuration files and was taking around 2 seconds to respond. #MOSIP-18380
Performance Fix: In the validate token API of kernel-auth-service, JWT token decoding is performed in three different places which consume 10% of the time, we have restructured the code to decode the token only once to improve the response time by 6%. #MOSIP-17980
Upgrade: Removed DB properties need for auth manager application. Auth manager is not using any database but due to the old configuration, it needs the database properties to start the application.
Upgrade: RestIntercepter @component annotation removed to create a manual bean to not let it register to all RestTemplates. Authmanager was using two tokens in a single request which was creating auth failures.
Upgrade: Websub design is modified to a new Kafka based implementation.
Upgrade: The web-sub client has been upgraded - for the Kafka based web-sub implementation.
Database Update: In “keymgr-key_alias” table a new column cert_thumbprint character varying(100) has been added.
Bug Fix: Added functionality to get individual id by user id to resolve the issue in performing user onboard in registration client.#MOSIP-20748
Upgrade: Added support to decrypt using the master key in the key manager
Performance Fix: Fixed performance issues in decryption & trust store creation.
Upgrade: Fix for identity schema in admin service has been added for backward compatibility with 1.1.4 identity schema related to changes in language code attribute in the validator.
Upgrade: Sync of gender and resident status was enabled in the sync data service to provide backward compatibility with the 1.1.4 version of MOSIP. #MOSIP-17282
Performance Fix: Cache has been added for the sync data service due to the high response time observed for a few APIs. #MOSIP-17554
Upgrade: The download of device details has been added in sync for backward compatibility with the 1.1.4 registration client.
Upgrade: Websub client version has been updated for connecting with the Kafka based WebSub. #MOSIP-17735
Upgrade: Kernel core version has been updated for the apache base64 codec library used in the kernel has performance issues. #MOSIP-18392
Bug Fix: Error in pre-registration booking appointment when the registration centre selected has location hierarchy!= 5. #MOSIP-17754
Bug Fix: Issue when we create a location with the same name with different parents in the same hierarchy level. #MOSIP-19954
Upgrade: Added a new artifact to docker file cache-provider-redis
Upgrade: The latest mock-SDK is now being used for the latest bioSDK server
Upgrade: The latest auth adapter is now being used for the 1.1.5.5 services
Upgrade: The latest bioSDK client is now being used for internal mock bioSDK server implementation
Bug Fix: Token expiration issue was resolved by deleting the expired token from the cache and fetching the new token and storing it in case of authentication failure. #MOSIP-17599
Upgrade: The thumbprint sent in the e-KYC response would be now HEX encoded and upper case. #MOSIP-16654
Bug Fix: In the 1.1.5.4 version of IDA, when multiple fingerprints were sent to IDA for authentication it was found the system was throwing a hash validation error, which has been fixed. #MOSIP-17106
Performance Fix: The e-KYC endpoint has been moved to the authentication service to make the e-KYC service more performant. #MOSIP-16870
Performance Fix: Started using the JAVA’s native base64 codec encoder and decoder for base64URL encoding and decoding throughout IDA. Base64 URL safe encoding is used for all the API calls except encoding of BDB value inside the CBEFF file where Base64-Plain encoding is used. #MOSIP-16784
Performance Fix: Added fixes to avoid repeated instantiation of WebClient in RestHelper implementation.
Upgrade: Websub client version has been updated for connecting with the Kafka based web sub. #MOSIP-17735
Performance Fix: Until the 1.1.5.4 version of MOSIP, all the biometrics were decrypted and decoded for biometric authentication leading to a higher response time. Now, we are encrypting all the modalities separately and storing - them so that only specific biometric types can be decrypted and decoded during authentication. #MOSIP-17300
Performance Fix: Until the 1.1.5.4 version of MOSIP, all the demographic attributes were decrypted for demographic authentication and e-KYC leading to a higher response time. Now, only the required attributes are decrypted and decoded. #MOSIP-17302
Performance Fix: In 1.1.5.4 we were storing the biometric data in IDA we were storing double encoded biometrics leading to double decoding during authentication. Now we have stopped doing double encoding in credential issuance for better performance.
Bug Fix: Fix has been provided to allow attributes missing in the IDA mapping JSON file for authentication and e-KYC.
Bug Fix: Fix for issue in returning auth token in response based on partner policy.
Upgrade: We have moved to the latest key manager is IDA. #MOSIP-17523
Performance Fix: We have optimized database calls during OTP authentication.
Performance Fix: MOSIP-18523 - Added Caching for Salt during Auth
Performance Fix: The logic for getting the salt key from the UIN/VID is optimized
Database Update: We have added a few indexes in the IDA database for better performance.
Database Update: In “ida-key_alias” table a new column cert_thumbprint character varying(100) has been added.
Upgrade: Websub client version has been updated for connecting with the Kafka based web sub.
Security fix: log4j dependencies have been removed.
Bug Fix: Captcha Service is not working in 1.1.5.x version of MOSIP. #MOSIP-16977
Performance Fix: We were observing high response times for the "/preregistration/v1/applications/config'" API. #MOSIP-16660
Performance FIx: In the pre-registration application service, a new RestTemplate was created for every request. This has been fixed, only one rest templated is created and it is re-used. #MOSIP-18156
Security Fix: In preregistration, the authorization tokens are being received from the server for even Wrong OTPs. #MOSIP-18903
Performance Fix: Storing pre-registration in a single bucket instead of storing in multiple buckets per PRID has been added with backward compatibility.
Security Fix: Delete Appointment endpoint is not checking if the PRID belongs to the user in the token or not. #MOSIP-20309
Bug Fix: In 1.1.5, the edit demographics page was not working in pre-registration when we did not have fullName in ID Schema. #MOSIP-15872
Bug Fix: In 1.1.5 pre-registration, dynamic fields were not called using pagination. #MOSIP-15317
Bug Fix: Captcha Service was not working in 1.1.5.x version of MOSIP. #MOSIP-16977
Upgrade: Websub client version has been updated for connecting with the Kafka based web sub.
New Feature: Ability to generate verifiable credentials as part of MOSIP credential issuance #MOSIP-19079
New Feature: Support for Anonymous Profiling #MOSIP-18179
Bug Fix: Support for resident services to update the status of VID
Performance Fix: Instead of publishing biometric data of individuals in a single CBEFF file, data is split and sent to IDA #MOSIP-17300
Performance Fix: Primary key constraint error seen for few requests in ID repository add identity API #MOSIP-19422
Performance Fix: Caching of salt tables in IDRepo
Performance Fix: To compute a salt key, instead of performing modulo operation, substring operation has been done #MOSIP-18522
Upgrade: The WebSub client version has been updated for connecting with the Kafka based WebSub.
Upgrade: kernel-biometrics-api version has been upgraded to the latest version.
DB Change: Added anonymous_profile and channel_info tables.
Bug Fix: The “individual ID” and “individual ID Type” were taken twice as input for revoking a VID. #MOSIP-15969
Bug Fix: Fixed update of resident data which not working as expected. #MOSIP-19917
Bug Fix: Fixed issue while revoking VID. #MOSIP-19916
Bug Fix: Fixed issues related to jackson dependency.
Bug Fix: Encrypted HMAC IDA internal auth in resident should be base64-URL-safe encoded. #MOSIP-17931
Performance Fix: Started using the JAVA’s native base64 codec encoder and decoder for base64URL encoding and decoding throughout Resident. #MOSIP-18026
Open bugs:
If resident data is captured in multiple languages and in the data share policy, if the language filter is not specified for language-dependent attributes, the same is not displayed properly in the application. The impact of this issue is that the current version of the app displays credential data only in the language specified in the filter attribute set in the policy.
The set of resident attributes shown in the credential is not easily customizable and a change would require code modification.
While downloading a credential if an error is thrown in the UIN/VID selection page, the dropdown selection does not work properly and does not clear previously entered values.