Signotaur 1.0 Version History

v1.0.0.507

August 1st, 2025

Changes

Server

  • Fix: A regression bug introduced in v1.0.0.502 caused a database migration to be omitted, resulting in an error after upgrading from a version earlier than v1.0.0.444.

v1.0.0.505

August 1st, 2025

Changes

Server

  • Fix: Auto refresh toggle button was not shown on first load of the Events page.
  • Fix: Default store location when loading website SSL certificate by subject was CurrentUser and did not match text in installer selection which was LocalMachine.
  • Update: Added StoreLocation to config file to enable loading of SSL certificate from a different store location.

Core

  • Updates to third party packages.

 

v1.0.0.502

July 24th, 2025

Changes

Server

  • Feature: New Events page providing administrators with visibility into signing activity, certificate usage, authentication attempts, warnings, and errors.
  • Feature: Added a Service Details button to the website footer. Clicking this provides information about the server operating system, server user account, .NET framework and runtime. This is only visible when logged in as an administrator.
  • Fix: The log file was not rolling over to a new file when the file size limit was reached.

Client

  • Update: Added --verify-cert-chain option to SignotaurTool sign command. This used to turn on certificate chain verification. The existing options --ignore-untrusted-root and --revocation-mode are only relevant to signing when this option is enabled.
  • Update: Added --revocation-mode option to SignotaurTool verify command. The verify command will now check the certificate chain by default unless --revocation-mode is set to 'NoCheck'.
  • Update: Added --strict-lifetime option to SignotaurTool verify command. This can be used to strictly enforce signature validity to the certificate’s validity period when a timestamp is present.

Installer

  • Fix: If the SSL website certificate was defined by subject in the installer, the subject was lost when upgrading with the option to keep existing settings.

Core

  • Updated to .NET SDK version to 9.0.302
  • Updates to third party packages.

 

v1.0.0.459

May 14th, 2025

Changes

  • Update: The Library tab on the Add Certificate dialog has been renamed to Hardware, and the description has been updated to clarify that this is for PKCS#11-compatible hardware tokens.

  • Fix: The Update Certificate Password dialog now closes after successfully updating the password.
  • Fix: Fixed rare error about referencing a delegate that has been garbage collected by native code and possible memory leak.
  • Fix: The password reset process now allows sending the email even if the email address is not confirmed.
  • Fix: The email address is now automatically confirmed when resetting the password from a password reset link.
  • Fix: The email settings are now still marked as configured when the username and password is blank.
  • Fix: The platform not supported error is now handled better when the append signature option is used on Windows 10 or earlier.

  • Updates to some third party packages.

 

v1.0.0.444

April 8th, 2025

Changes

  • Fix: We were not checking whether a user was locked out, disabled or password was expired when logging in
  • Fix: Temporary password status was not reset after password change, resulting in redirection to change password page
  • Fix: Issue where a user cannot be deleted if it has been assign certificate access
  • Fix: Installer now ensures all parent directories are created to prevent error when copying server SSL certificate
  • Fix: Issues with certificate access dialog boxes on users and certificate administration pages not being populated on first open and refreshing after save and reopen
  • Fix: User enabled/disabled status was not updated in database when editing user details

  • Update: Expiration times for temporary passwords, email verification, password reset links, remember me and 2FA remember code can now be specified in the server configuration file. The defaults are 30 minutes for password reset, 12 hours for email verification, one hour for temporary passwords, 14 days for remember me and 30 days for 2FA remember code.
  • Update: Now displaying an icon on the users administration page to indicate if a user has been locked out or disabled.
  • Update: Added --revocation-mode option to client, for specifying how to check for certificate revocation when building the certificate chain. This can be 'Online' to perform live checks (default); 'Offline' to skip online checks using cached data. This can significantly improve signing speed when firewall or network issues block CRL/OCSP requests; or 'NoCheck' to disable all revocation validation, increasing the risk of accepting revoked certificates.
  • Update: Installation is now aborted on unsupported operation systems. Signotaur currently supports Windows 10 / Server 2016 and above.

  • Updates to some third party packages.

 

v1.0.0.423

March 11th, 2025

Changes

  • Feature: Added support to client tool for an enhanced file list format with descriptions and URLs for each file. Each line in the file list now follows the format: FilePath|Description|URL. See --file-list option in (sign command documentation for further details.

  • Update: Email settings now allow configuration of a server without authentication, e.g. with blank username and password.
  • Update: Added secure sockets mode selection to email settings for specifying the type of the SSL and/or TLS encryption that should be used when connecting.
  • Update: Removed "Use HTTPS" option from installers. HTTPS is required.
  • Update: Added --encoding option to all command lines. This can be set to one of UTF8, UTF16, OEMCodePage or CodePage### where ### is the number of the code page to use. The default is UTF8. Note: This is a change to the previous command output which was set to Unicode/UTF16.
  • Update: Added minor hints and information to client tool command line.

  • Fix: Validation errors were not displayed when sending a test email message. This has now been corrected.

  • Updates to some third party packages.

 

v1.0.0.360

December 19th, 2024

Changes

  • Update: Added timestamp command to client tool.
  • Update: Added verify command to client tool.
  • Update: Added fallback timestamp server and verify options to sign command in client tool.
  • Update: Added ability to update the registered token password/pin for PKCS11 library certificates.
  • Update: Added eye to all password fields.
  • Update: Improved the port available check in the installer and added "I know what I'm doing" checkbox to bypass port validation.
  • Update: Improvements to session locking and cache handling when signing using PKCS11 libraries.
  • Update: Error handling improvements.
  • Update: Some minor UI improvements.
  • Updates to some third party packages.

 

v1.0.0.329

December 4th, 2024

Initial Release

Note that if you had the RC or earlier beta build installed, you will need to uninstall and re-install to fix an installer issue - contact support before doing this (we are contacting beta testers and RC customers).

 

v1.0.0.319 Beta

November 18th, 2024

RC 1