This Kitewheel Customer Journey Hub release has some exciting new features, upgrades and bug fixes. 

The highlights include: 

• The addition of support for Mutual Authentication in REST Web Services
• Fix bug in login case sensitivity
• Fix bug in Schema filtering not returning all results
• Security fix to address XSS vulnerability

Mutual Authentication for REST Web-Services 

Mutual authentication or two-way authentication refers to two parties authenticating each other at the same time. This is an added security protection that is often implemented for internal business application servers but is becoming more common in internet applications. By default the Transport Layer Security (TLS) protocol only proves the identity of the server to the client using X.509 certificate and the authentication of the client to the server is left to the application layer.

TLS also provides for client-to-server authentication using client-side X.509 authentication. This requires provisioning of the certificates to the clients. Mutual TLS authentication (mTLS) is widespread in business-to-business (B2B) applications as it ensures that only a limited number of programmatic and homogeneous clients are connecting to specific web services, the operational burden is limited and security requirements are greater.

For information on enabling Mutual Authentication please see the REST WEB Service documentation.

Bug Fixes

The following bug fixes are included in this release:

• KIT-2267 Login email address is no longer case sensitive
• KIT-2142 Schema Search now properly returns results.
• KIT-2220 A cross-site scripting vulnerability in the Hub application has been fixed.