CRP Gateway Downloads

Upgrade Steps

• Refer to CRP Gateway Patching Guide v2.0 or above

Bug Fixes

• Fixed encryption certificate upload to CRP from Account Management being rejected because the Effective End Date Time was sent as the certificate's Valid Until value exactly. CRP requires the effective end to fall before the certificate expiry; the gateway now sends Valid Until minus one second, consistent with the existing one-day offset applied to the effective start date.
• Fixed PMDS prescribed consent list download failing when CRAOC returns an empty list (no_of_records=0) as a ZIP containing a 0-byte CSV. The JDK ZIP reader could not decompress this archive, so no file was written to the share folder and no file record was created. Decompression now uses the Apache Commons Compress in-memory reader, producing the expected 0-byte CSV.

Upgrade Steps

• Refer to CRP Gateway Patching Guide v2.0 or above

Bug Fixes

• Fixed non-deterministic SFTP file routing where a structured Credit Report Enquiry file (ENQIR) could be picked up by the PMDS Credit Report Enquiry channel (or vice versa) when the unstructured TUEF default was enabled. The unstructured .tuef / .tudf fallback now skips any file whose name already matches another channel's structured pattern.
• Fixed Symmetric Key Enquiry Request in File Management always reporting missing required fields even when File Names and Original Message ID were filled. The form now correctly updates the store when File Names is edited, and the request type label uses title case ("Symmetric Key Enquiry Request").
• Fixed certificate Valid From / Valid Until not displaying in the List Certificate API (Account Management) after upgrading from v1.x. Legacy certificate dates stored as epoch milliseconds inside the encrypted secret were misread as epoch seconds once the datetime fields migrated from java.util.Date to java.time.Instant, producing out-of-range values. The shared ObjectMapper now reads integer timestamps as milliseconds, so legacy and newly created certificate dates display correctly with no data migration required.
• Fixed datetime handling on Microsoft SQL Server that caused Activity Logs to fail to persist and timestamps to be returned with an incorrect Z (UTC) offset after upgrading from v1.x. Hibernate 6 maps Instant to TIMESTAMP_UTC (resolving to datetimeoffset on SQL Server), which is incompatible with the existing DATETIME columns. The gateway now forces the Hibernate 5 compatible plain TIMESTAMP binding (hibernate.type.preferred_instant_jdbc_type=TIMESTAMP) for SQL Server only, applied automatically from the datasource detected at startup; this requires no schema change and leaves MySQL behaviour unchanged.

Upgrade Steps

• Refer to CRP Gateway Patching Guide v2.0 or above
• Run SQL patch: 18-v2.3.0-msg-signing-key-notification/configuration_tbl_add_email_v2.3.0.sql
  • Adds configuration for Message Signing Key Expiry notification email recipients
  • Configure crp.gateway.smtp.mail.addr.msg-signing-key.expiry property with comma-separated recipient email addresses
• Run SQL patch: 18-v2.3.0-crp-message-log/add_crp_message_log_role.sql (MSSQL and MySQL)
  • Adds CRP_MESSAGE_LOG_READ role for CRP Message Logs feature
• Download and extract email-templates_2.3.0.zip
  • Place the extracted email-templates folder in ${baseDir} (same directory as crp-gateway-2.3.0.jar)
  • If you already have email-templates folder from a previous version, extract email-templates_2.3.0.zip and copy only the submission.error.noti.etpl file into your existing email-templates folder

New Features

• CRP Message Logs
  • View and search ICL CRP message history with related messages
  • Search, filter, paginate, and drill into message details and history
• Unified Account Management API
  • New /api/v1/account-management endpoints for CRP credential operations with server-side validation and orchestration
  • OAuth2 client secret amendment — amend via CRP with automatic local credential update on success
  • Message signing key regeneration — request new key from CRP with participant code auto-populated from license
• Message Signing Key Expiry Email Notification
  • Automated email notification when CRP sends message signing key expiry warning
  • Template-based system with recipients configured via crp.gateway.smtp.mail.addr.msg-signing-key.expiry property
• Portal-Based Message Signing Key Management
  • Visual status indicators: Active (green), Expiring Soon (yellow, <30 days), Expired (red)
  • "Regenerate" button (with refresh icon) available for active/expiring keys — automatically requests new key from CRP and refreshes page on success
  • "How to Renew" button (with info icon) shown for expired keys — displays manual renewal instructions
  • Manual secret replacement with optional expiration date/time validation (requires both date and time)
  • New signing keys immediately applied to all subsequent outbound messages
• Message Signing Key Expiry Warning Banner
  • Alert banner displayed on Home and Account Management pages when the message signing key is expired or expiring soon
  • Red alert for expired keys, yellow alert for keys expiring within the configurable warning threshold (default 30 days)
  • Warning threshold configurable via crp.message-signing-key.expiry-warning-days property

Improvements

• Simplified OAuth2 Credential Model
  • Simplified to single active credential model
  • OAuth2 client configuration now fetches credentials dynamically at runtime instead of caching
• Message Signing Key Always Fetched from Database
  • Removed in-memory caching — signing key retrieved from database on every operation
  • Ensures regenerated keys take effect immediately without application restart
  • Supports distributed deployment with consistent key changes across instances
• Enhanced Message Signing Key Regeneration Response Handler
  • Improved error handling with transaction isolation — message records always persisted even if key update fails
  • Handler never throws exceptions; errors logged with comprehensive context
  • Three-transaction pattern: (1) Request message, (2) Response message, (3) Key update
  • Failed key updates preserve audit trail and allow manual correction
• Refactored Account Management Architecture
  • Both OAuth2 and message signing key operations now routed through Account Management API with proper orchestration
  • Service layer handles license validation, credential lookup, CRP message construction, and post-response updates
  • Portal no longer needs to provide participant code — resolved server-side from license

Upgrade Steps

• Refer to CRP Gateway Patching Guide v2.0 or above

Bug Fixes

• Upgrade TU Converter to v1.6.1 to fix the incorrect handling on the spaces right before the end segment ES02**

Upgrade Steps

• Refer to CRP Gateway Patching Guide v2.0 or above

New Features

• Upgrade TU Converter to version 1.6.0 to support TUEF version 12

Bug Fixes

• Missing ReturnCode Enum Entries
  • Added missing ReturnCode enum entries for complete error code coverage
  • Added Hire Purchase (HPL) codes: HPL00001 through HPL00018
  • Added Historical Message Enquiry (HME) codes: HME00001 through HME00003
  • Added Historical Message Resend (HMR) codes: HMR00001 through HMR00003
  • Added miscellaneous business notification, data listing, footprint listing, and other missing error codes
  • Total of 40+ new error codes added for comprehensive error handling
• Error Log Messages
  • Fixed incorrect and duplicated error log messages in FileManagementApiController
  • Corrected error messages for message signing key regenerate, historical message enquiry, historical message resend, report enquiry, certificate upload, and certificate revoke operations
  • Error logs now accurately describe the actual operation being performed

Improvements

• Session Expiration Handling
  • Fix issue where calling API with expired session causes raw 403 Forbidden error
  • Add session expiration detection and graceful handling in frontend
  • Show user-friendly alert message when session expires
  • Redirect to login page after session expiration alert
  • Improve user experience by providing clear guidance instead of error codes
• Historical Message Enquiry Request UI Enhancement
  • Added informational remark to the Historical Message Enquiry Request form on the date range limits
• License Management
  • Add license management features and UI updates

Upgrade Steps

• Refer to CRP Gateway Patching Guide v2.0 or above

New Features

• Support Multiple Active Encryption Certificates
  • Allow activation of more than one encryption certificate simultaneously
  • System will attempt to map the correct encryption certificate for message symmetric key decryption
  • If no matching certificate is found, system will return CER00001 error to CRP
  • Manual decryption in Account Management will iterate through all active encryption private keys
• Certificate Pair Validation
  • Added validation to ensure uploaded private key and certificate are a correct pair
  • System will verify the cryptographic relationship between private key and certificate before activation

Bug Fixes

• TU Converter Improvements
  • Updated TU converter to version 1.5.1 for better error message display
  • Fixed CSV file processing to trim spaces and detect empty lines
• Empty File Decompression
  • Fixed issue where system would attempt to decompress empty files
  • Added validation to check if decrypted file is not empty before decompression
• Error Message Handling
  • Improved error message storage and display for CRP errors
  • Enhanced error handling for Credit Report Enquiry and Data File Submission operations
  • Refactored error handling methods for better maintainability

Improvements

• Certificate Management
  • Enhanced certificate comparison logic for better accuracy
  • Improved certificate activation and deactivation processes
  • Better error reporting for certificate-related operations
• File Processing
  • Enhanced file validation and processing capabilities
  • Improved handling of various file formats and edge cases

Other Changes

• Updated various module versions to maintain consistency across the codebase
• Enhanced logging and error reporting throughout the system
• Improved code maintainability and error handling patterns

Upgrade Steps

• Refer to CRP Gateway Patching Guide v2.0 or above

Bug Fixes

• Reorder the items in the Name Segment (NA) for converting CSV to TUDF files
• Fix the checking on signing secret for Built-in OAuth2 Service to accept secret longer than 32

Improvements

• Accept UTF-8-BOM encoding for uploaded CSV conversion (TUDF / TUEF)

Upgrade Steps

• Refer to CRP Gateway Patching Guide v2.0 or above
• Apply mssql2.1.4.zip for complete database schema updates (combined patches 2.1.0-2.1.4)

New Features

• Support Real-time Credit Report Enquiry for One Connect (LICENSE REQUIRED)
• The feature is currently available for API triggered calls
• Department Code is supported when making API calls for real-time credit report enquiry
• Simple configuration in Gateway Configuration to enable the feature
• Add Manual Decryption in Account Management
• The feature allows user to manually decrypt the encrypted data with encrypted symmetric key

Bug Fixes

• CRAOC Realtime Credit Report Enquiry
  • Return decrypted file for CRAOC realtime channel credit report enquiry in API response
  • Associate the enquiry chain to display the result in CRP Gateway Portal properly
  • Fix handling on the error response from CRAOC of type occra.rlt.cdrp.enqupl.fb.02 in JSON format
  • Fix incorrect signing secret used for submitting realtime credit report enquiry request
  • Fix incorrect value of occra_message.payload.app_header.trans.to in the message sending to CRAOC
• File Management
  • Fix date related issues Certificate Upload Request and Report Enquiry
• Fix Gateway Server Certificate and Encryption Certificate cannot be activated

Improvements

• Display Error Message for Credit Report Enquiry History Detail
• Disable the autocomplete in CRP Gateway for all password inputs

Other Changes

• Extend the maximum length of Message Type from 20 to 50