Today we are releasing a new major version (v6) of the CipherMail Email Encryption Gateway. This is a significant update that delivers many new features, modernizes the technology stack, and improves reliability and maintainability. It has been developed over the past few years.
Why a major update was needed
The previous version had accumulated technical debt. It depended on libraries that were only supported on older Java versions (Java 11 or lower) and used technologies that were state-of-the-art in 2008 but no longer meet current best practices. For example, the front end and back end communicated via SOAP, whereas REST is the modern standard. Some libraries were no longer maintained and required extensive workarounds to keep them functioning with newer Java releases. A major rewrite was therefore necessary to ensure long-term supportability and to take advantage of modern frameworks and tooling.
What’s new in this release
The user interface has been rebuilt. The Java-based front end has been replaced with a React-based front end for a more responsive and maintainable experience.
The back end now runs on Spring Boot and exposes a REST API. The React front end communicates with the back end over this API. This separation makes the system easier to scale, integrate, and automate.
A complete command-line interface (CLI) is now available. With the CLI, you can fully manage the gateway from the shell. This enables automated installation, configuration, and day-to-day administration using scripts and configuration management tools.
Authorization has moved to the back end with a highly granular permission model. Previously, permissions were enforced in the Java-based front end, which made it impossible to apply the same model to the CLI. In the new release, all authorization is handled centrally by the back end. The permission model is very fine grained, with approximately 1,700 distinct permissions. Each property has separate read and write permissions at user, domain, and global levels. Every REST operation requires the appropriate permission. This ensures consistent, least-privilege access across the web UI, the CLI, and any integrations.
Availability
The professional edition of the CipherMail Email Encryption Gateway has been running in production for some time. We are now making the open-source community edition publicly available as well. The community edition can be found on our public GitLab repository, where you can access the source code, RPM/DEB packages, and virtual appliances.
Upgrading from the previous version
This release includes breaking changes, including changes to the database schema and system internals. As a result, in-place upgrades from the previous version are not supported.
To move to the new version, install it as a fresh deployment and then migrate your data. You can export certificates and keys from your existing installation and import them into the new one. Plan the migration to include configuration, policies, users, and any integrations. If you have a paid support contract and need assistance, please contact us for guidance with planning and execution.
What to expect during migration
- Prepare a new environment that meets the new system requirements.
- Install the new version.
- Export data and cryptographic material (for example, certificates and keys) from the old system.
- Import data and cryptographic material into the new system.
- Recreate or migrate configuration settings and verify permissions align with the new model.
- Test mail flow, encryption/decryption, signing, and administrative workflows (UI and CLI).
- Cut over production traffic when validation is complete.
Some links: