Esig Dss Versions Save

Main changes

• [DSS-2774] Update xml jakarta.xml.bind-api - support namespace change from javax to jakarta
• [DSS-2838] DSS WebApp : migrate from Spring to Spring Boot
• [DSS-3184] Remove sscd-mocca-adapter

Bug fixes / Issues

• [DSS-3220] KeyEntityTSPSource : add null safe processing

+ All the changes included in DSS 5.13.

NOTE: This release uses "jakarta.*" namespaces. For "javax.*" version please use 5.13.

Bug fixes / Issues

• [DSS-3169] Simple Report: Copy ID button generates a wrong Id for evidence records
• [DSS-3170] Evidence record validation within ASiC-E fails when having more signed objects than referenced by manifest
• [DSS-3171] Detached signed content is not provided to the evidence record validation
• [DSS-3172] Validation of Xml Evidence Record with omitted HashTree fails
• [DSS-3174] Validation of renewed evidence records within ASiC container fails
• [DSS-3177] Pretty-printed XAdES extension from -LT to -LTA fails when having TimeStampValidationData
• [DSS-3179] ASiC-S container with an evidence record file shall not require a manifest file
• [DSS-3183] DSS Standalone : TL-signing generates invalid signature for a non SHA-256 algo
• [DSS-3188] NPE on CertificateRef user-friendly identifier building
• [DSS-3189] Unhandled casting of COSArray in PdfBox implementation
• [DSS-3201] B-level signature validation with an evidence record my cause NPE
• [DSS-3209] KeyEntityTSPSource returns a different signing-time than set productionTime
• [DSS-3211] XMLERS : XML document is not canonicalized for omitted hashtree
• [DSS-3212] Null values from CertEntityRepository are not handled
• [DSS-3214] Add support of LOTL location change workflow

+ All the changes included in DSS 5.13.RC1.

New features

• [DSS-2511] XAdES manifest signature : mime type of referenced entries
• [DSS-2775] JAdES please add support for x5u header
• [DSS-2972] Add optional check verifying a presence and validity of a signature timestamp
• [DSS-3024] XAdES : add support of EdDSA algo
• [DSS-3064] Add docker compose file to demonstrations project
• [DSS-3069], [DSS-3120], [DSS-3146] Introduce offline PKI Factory module to DSS
• [DSS-3090] Add support of XML Evidence Recods

Improvements

• [DSS-2517] XAdES: dss doesn't validate xades:DataObjectFormat
• [DSS-2913] ASiC : introduce CONTAINER_TIMESTAMP type
• [DSS-3017] Add links to referenced standards within cookbook
• [DSS-3044] Add qualification messages to HTML/PDF simple certificate reports
• [DSS-3045] TLValidationJob : extract OtherTSLPointer information to a TL DTO
• [DSS-3056] Add a possibility to define a wildcard within proxy configuration
• [DSS-3060] Align implementation per TS 119 615 v1.2.1
• [DSS-3082] OCSP fails when server does not support "nonce" extension
• [DSS-3096] Make DSSErrorHandlerAlert to retrieve column/line numbers for an error
• [DSS-3098] Process detached timestamp validation with lowest POE time
• [DSS-3099] Add rotation processing on add an empty signature field
• [DSS-3110] Ease signature policy validation constraints
• [DSS-3114] Add support of NoRotate flag on existing annotation position extraction
• [DSS-3158] OCSP error handling
• [DSS-3161] Improve ASiC container type determination

Bug fixes / Issues

• [DSS-2994] Name restriction on an unsupported name form
• [DSS-3004] DSS demo bundle webapp startup time
• [DSS-3036] Utils.fromBase64 condition is not covered
• [DSS-3067] Problem iwth the certificate validation tool at DSS/webapp-demo/certificate-validation
• [DSS-3076] OnlineOCSPSource and nonce length
• [DSS-3083] Default SecureRandomNonceSource should generate nonces of at least 16 octets
• [DSS-3089] Wrong Javadoc for eu.europa.esig.dss.enumerations.Indication.TOTAL_FAILED
• [DSS-3097] ManifestFilePresentCheck shall allow manifest presence for ASIC-S container
• [DSS-3105] esig-dss generates an invalid enveloped XML signature if the origin XML has comments before the root node
• [DSS-3106] esig-dss generates an invalid enveloped XML signature if the origin XML is encoded in latin-1
• [DSS-3111] PAdES : improve LT-level validation
• [DSS-3113] NPE in Diagnostic data builder
• [DSS-3117] Calls that utilize the ZipUtils class is not thread safe
• [DSS-3119] XAdES Enveloping signature does not incorporate comments within root element
• [DSS-3141] esig-dss generates an invalid enveloped XML signature when using URI "#xpointer(/)" if the origin XML has comments
• [DSS-3148] Wrong RefURI check
• [DSS-3162] ASiC-S : SignedFilesPresentCheck verifies across all files, while should check only root level files

Tasks / Other

• [DSS-2898] Create a key store TSPSource implementation
• [DSS-3009] Upgrade BouncyCastle
• [DSS-3042] Fix TrustService element wording in Diagnostic Data XSD
• [DSS-3061] Update ETSI validation report per TS 119 102-2 v1.4.1
• [DSS-3087] Update maven-jaxb plugin to version 2.x
• [DSS-3163] Upgrade to OpenPdf 1.3.32

This release includes some improvements for Trust Service validation, MRA processing, but also dependency updates and minor issue fixes.

New features / Improvements

• [DSS-2851] - MRA with future TrustServiceEquivalenceStatusStartingTime
• [DSS-2852] - Validation report of a certificate issued by a "withdrawn" TSP
• [DSS-3014] - Report more information on Trust Service validation
• [DSS-3037] - Return information about MRA CertificateContentReferencesEquivalenceList processing
• [DSS-3049] - Update jQuery to 3.6.4
• [DSS-3051] - eSig validation tests : add a possibility to provide a custom access point through arguments

Bug fixes / Issues

• [DSS-3035] - DSS demo is not able to load OCSP request provided the JDBC source is disabled
• [DSS-3043] - DiagnosticData unmarshalling fails for certificate validation with orphan certificates
• [DSS-3047] - NPE on unknown DigestAlgorithm

New features / Improvements

• [DSS-2982] - WebApp : add PDF Download button for Replay Diagnostic Data webpage
• [DSS-2984] - WebApp : add a property to define a custom trusted certificate source
• [DSS-2990] - WebApp : add all world flags to be accessible from css
• [DSS-3001] - Provide a code snippet describing how to create a certification signature
• [DSS-3011] - SubjectAlternativeNames to return GeneralName type
• [DSS-3016] - WebApp: propogate tl.browser.root.url to FOPService
• [DSS-3018] - Add support of SAML metadata XSD
• [DSS-3021] - PdfBox : ensure DocMDP is created as a direct object

Bug fixes / Issues

• [DSS-2975] - Fix unknown MRA equivalence context URI
• [DSS-2977] - xml-apis depedency problematic in Java 11+
• [DSS-2992] - NameConstraints with permitted value and SubjectAlternativeName
• [DSS-2993] - NameConstraints with excluded value and SubjectAlternativeName
• [DSS-2996] - Unrecognized critical extensions
• [DSS-2998] - Disable SHA3 digest algorithms when MSCAPI token is selected
• [DSS-2999] - CAdES signature creation save dialog file filter
• [DSS-3005] - Errata in the DSS CookBook in the Lock Dictionary standard reference
• [DSS-3013] - CAdES-LT signature not compliant with RFC 5940
• [DSS-3015] - Skipping ProspectiveCertificateChain always results to PASSED

+ All the changes included in DSS 5.12.RC1.

New features

• [DSS-2394], [DSS-2609] - Allow signature with external CMS provider
• [DSS-2685] - DSS Standalone : introduce extension feature
• [DSS-2686] - DSS Standalone : introduce validation feature
• [DSS-2689] - PDF/A : add optional structure validation with VeraPDF
• [DSS-2768] - Add multiple documents signature support in the standalone
• [DSS-2802] - PDF : spoofing attack detection
• [DSS-2854] - PAdES : make VRI dictionaries creation optional
• [DSS-2857] - AbstractKeyStoreTokenConnection : add key filter predicate
• [DSS-2861] - Evaluate the possibility to implement a pre-emptive basic authentication on CommonDataLoader
• [DSS-2914] - Add BasicConstraints.CA check for CA certificates
• [DSS-2925] - Reject certificates with unsupported critical extensions
• [DSS-2926] - Reject certificates with not allowed extensions
• [DSS-2927] - Verify Responder Id against found OCSP's issuer
• [DSS-2931] - WebServices: add methods to sign providing a SignatureAlgorithm
• [DSS-2938] - Review expiration of cryptographic algorithms in XML validation policy
• [DSS-2943] - WebServices : add setter of default validation policy
• [DSS-2951] - Add support for Ed25519 signatures in Jades
• [DSS-2964] - Add processing of policy constraints certificate extension
• [DSS-2970] - Add processing of name constraints certificate extension

Improvements

• [DSS-2727] - Avoid loading OutputStream in memory when computing digest
• [DSS-2749] - PAdES : introduce a new PdfByteRangeDocument
• [DSS-2816] - Simple Report : add information about trust anchors
• [DSS-2818] - PAdES : report incorrect ByteRange incorporation
• [DSS-2829] - PAdES : add support of TU/TS entries within VRI dictionary
• [DSS-2841] - WebApp : ensure DTO contain binaries when applicable instead of base64-encoded String
• [DSS-2842] - RepositoryRevocationSource : add a possibility to process multiple revocation data
• [DSS-2846] - Refactor MimeType class
• [DSS-2858] - WebApp Demo : make use of Jdbc repository optional
• [DSS-2869] - Vulnerability report : dependencies update
• [DSS-2870] - Use byte[] or char[] instead of String to provide a password
• [DSS-2872] - PDF : detect ByteRange collision
• [DSS-2873] - PDF : execute related constraints from FC for timestamps
• [DSS-2901] - Cookbook : make HTML documentation offline
• [DSS-2909] - PAdES: create documentId based on a large set of parameters
• [DSS-2910] - AdES validation: return INDETERMINATE/CERTIFICATE_CHAIN_GENERAL_FAILURE if no acceptable revocation found
• [DSS-2921] - Enforce keyCertSign check for CA certificates
• [DSS-2923] - SimpleCertificateReport : include validation messages
• [DSS-2924] - Enforce timestamping ExtendedKeyUsage constraint to FAIL level
• [DSS-2928] - Reject OCSP response with invalid version
• [DSS-2929] - PAdES: add post-processing for timestamps
• [DSS-2941] - PAdES Object modification detection : compare streams directly

Bug fixes / Issues

• [DSS-2821] - PAdES-Baseline-B signature cannot be extended to LT due to hasLTAProfile check
• [DSS-2826] - DLSequence for postalAddress 2.5.4.16
• [DSS-2835] - Not possible to sign an existing signature field
• [DSS-2836] - JdbcCacheConnector : avoid implicit object conversion
• [DSS-2845] - One PDF which is before signing compliant A/2A but after signing is not compliant PDF/A -2A anymore
• [DSS-2850] - Not expected behavior on auto fitting text
• [DSS-2859] - Simple Report - Signatures with indication INDETERMINATE/TRY_LATER are counted as valid
• [DSS-2871] - Vulnerability report : information disclosure
• [DSS-2885] - Fix OID extraction from XML Trusted List
• [DSS-2890] - threads can stuck/hang in NativeDataLoaderCall.call()
• [DSS-2891] - intermediate certs in KeyStoreCertificateSource are not found during path building process
• [DSS-2911] - TLValidationJob: LOTL validation status may get stuck in certain scenario
• [DSS-2916] - Unable to extend a TOTAL_PASSED document with a revoked signing certificate but PoE to an LTA-level
• [DSS-2919] - Invalid signature of document (root) element
• [DSS-2920] - Invalid RefURI causes invalid signature
• [DSS-2947] - Sealing an XML in DSS demo webapp is not working
• [DSS-2957] - Problem in documentation
• [DSS-2958] - Undocumented policy change in 5.9
• [DSS-2968] - IllegalStateException during online LTL refresh: Transition from 'REFRESH_NEEDED' to 'TO_BE_DELETED' is not allowed
• [DSS-2922] - Invalid XPath causes NPE

Tasks / Other

• [DSS-2743] - BouncyCastle 1.72 upgrade
• [DSS-2904] - Add common questions and answers to F.A.Q. in cookbook
• [DSS-2942] - Remove setting of default SSL protocol
• [DSS-2973] - Update HttpClient5 dependency version

This is the Maven Central release: https://mvnrepository.com/artifact/eu.europa.ec.joinup.sd-dss

When upgrading to the version 5.11.1, you no longer need to specify "cefdigital" repository within pom.xml file of your project. For more information about integrating DSS to your project, please see the readme.

Bugs / Issues

• [DSS-2885] - Fix OID extraction from XML Trusted List

Improvements / Tasks

• [DSS-2896] - DSS Version 5.11.1 Maven Central release

This is the first release published on Maven Central: https://mvnrepository.com/artifact/eu.europa.ec.joinup.sd-dss

When upgrading to the version 5.10.2, you no longer need to specify "cefdigital" repository within pom.xml file of your project. For more information about integrating DSS to your project, please see the readme.

Bugs / Issues

• [DSS-2729] - Exception when a not supported encryption algorithm is provided
• [DSS-2885] - Fix OID extraction from XML Trusted List

Improvements / Tasks

• [DSS-2895] - DSS Version 5.10.2 Maven Central release

Bugs / Issues

• [DSS-2839] - DSS WebApp : excluded hosts from properties file are not converted to a List
• [DSS-2859] - Simple Report - Signatures with indication INDETERMINATE/TRY_LATER are counted as valid

Improvements / Tasks

• [DSS-2834] - MRA : add unit tests for KeyUsage and PolicySet within CriteriaList
• [DSS-2837] - Use Maven Central repository for everit-json-schema dependency
• [DSS-2869] - Dependencies update

+ All the changes included in DSS 5.11.RC1.

New features

• [DSS-2659] - ASiC : introduce ZipEntryDocument
• [DSS-2687], [DSS-2713] - ASiC : add merge capability
• [DSS-2692] - PAdES: signing app name for pades signatures
• [DSS-2716] - Demo WebApp : Add a webpage with ASiC merger possibility
• [DSS-2717] - Add a possibility to customize naming of documents within ASiC container
• [DSS-2725] - PAdESService : add new method allowing to define a custom factory to create OutputStream and DSSDocument
• [DSS-2726] - PAdES : introduce temporary document/digest caching
• [DSS-2745] - Demo : Add TL-Signing feature in the standalone
• [DSS-2767] - Demo : Add XAdES manifest feature in the standalone
• [DSS-2779] - Add manifestSignature and embedXML parameters to web-services
• [DSS-2803], [DSS-2819] - Mutual Recognition Agreement
• [DSS-2808] - Add custom qualifier for a CommitmentType

Improvements

• [DSS-2419] - memory heap error on pades signature
• [DSS-2619] - SignaturePolicyStore : add support of sigPol local URI attribute
• [DSS-2674] - CAdES : improve extension naming on signature creation
• [DSS-2732] - Cookbook 5.11 improvements
• [DSS-2748] - PAdES : improve Pdf Modification Detection
• [DSS-2754] - Simple Report - Add SignatureScope ID to SignatureScopes
• [DSS-2769] - SVC : store unsuccessful result of issuer finding
• [DSS-2787] - ETSI VR : add AdditionalValidationReportData to BBB
• [DSS-2824] - Detailed validation report - seemingly inconsistent result when thisUpdate is not in validity range

Bug fixes / Issues

• [DSS-2472] - Excess memory usage by XMLSignatureInput created in DetachedSignatureResolver::createFromCommonDocument
• [DSS-2570] - Signature not found error on PDF with XRef streams
• [DSS-2691] - addNewSignatureField adds a Default Appearance using Helvetica but doesn't embed it into the PDF
• [DSS-2697] - SVC : register POE only from valid timestamps
• [DSS-2761] - LTA signature is indeterminate because no revocations lists found
• [DSS-2712] - DSS PADES library: Secured PDF Signature
• [DSS-2729] - Exception when a not supported encryption algorithm is provided
• [DSS-2731] - JAdES : signature can be created with ECDSA algorithm using a wrong elliptic curve
• [DSS-2752] - Signature Ids in the signature scopes don't use the IdentifierBuilder
• [DSS-2772] - Only the first Qualifier is captured from a TSPService element
• [DSS-2777] - Certificate/Signature qualification determination adjustments
• [DSS-2778] - Validation for ASiC without mimetype returns FORMAT_FAILURE
• [DSS-2780] - Forbid manifest signature for an XML document with Id in the root level
• [DSS-2785] - Skipped AcceptableRevocationDataFound constraint may lead to false positive validation result

Tasks / Other

• [DSS-2393] - Demos : JUnit tests for eSignature validation test cases
• [DSS-2736] - Update cryptographic constraints according to TS 119 132 v1.4.2
• [DSS-2744] , [DSS-2822] - Upgrade OpenPdf 1.3.29
• [DSS-2756] - Upgrade PdfBox 2.0.26

Pull requests

• [#160] - PAdES: signing app name for pades signatures
• [#162] - Fix spelling issue