Skip to main content
Skip table of contents

EJBCA 9.3.3 Release Notes

JULY 2025

The EJBCA team is pleased to announce the release of EJBCA 9.3.3.

This maintenance release contains corrections and improvements in various areas, including CMP, CVC certificates, database connections, LDAPS with MSAE, and OAuth. 

For available deployment options and associated versions, refer to Supported Versions

Announcements

Security Issue

EJBCA 9.3.3 resolves a security issue affecting EJBCA versions 9.3.2 or lower, deployed in a distributed environment. The issue does not affect Single-node EJBCA installations, or EJBCA installations where each CA node uses a separate database. 

Keyfactor rates the issue as having a severity level of medium as the circumstances under which this vulnerability can occur are unlikely as well as time limited.

Once EJBCA 9.3.3 has been generally available across all platforms for at least two weeks, a CVE with the identifier CVE-2025-49602 will be published.

Upgrade Information

Review the EJBCA Upgrade Notes for important information about this release. For upgrade instructions and information on upgrade paths, see Upgrading EJBCA.

Change Log: Resolved Issues

The following lists implemented features and fixed issues in EJBCA 9.3.3.

Issues Resolved in 9.3.3

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close