Skip to content

Release Notes - eSignature DSS - Version 5.5.RC1

Pre-release
Pre-release
Compare
Choose a tag to compare
@pvandenbroucke pvandenbroucke released this 27 Aug 04:19
· 3307 commits to master since this release
5.5.RC1
49c412d

Bug

  • [DSS-1223] - Augmentation of ASiC-E CAdES with long term availability
  • [DSS-1272] - Adding a sencond archive timestamp to LTA signatures does not add the validaton material for validating the first archive timesatmp
  • [DSS-1273] - Revocation information of archive time-stamp when a new archive time-stamp is added to an ASiC-E container
  • [DSS-1344] - A CAdES signature validated by DSS as incomplete is reported as valid after extension using DSS
  • [DSS-1421] - Archive time-stamp NO_SIGNING_CERTIFICATE_FOUND error in ASIC-E with CAdES
  • [DSS-1461] - CRL signature verification not handled properly
  • [DSS-1469] - CAdES archive timestamp is reported as broken after extension using DSS
  • [DSS-1538] - Cannot analyze signatures Exception Error
  • [DSS-1541] - TOTAL_PASSED although CRYPTO_CONSTRAINTS_FAILURE
  • [DSS-1543] - Exception when signing a PDF's existing signature field using LTA level.
  • [DSS-1546] - KeyStore entry instance type should be checked before casting
  • [DSS-1551] - DSS indicates that the certificate is not qualified, but I do not see any TLS overrules in the report
  • [DSS-1565] - Certificate Chain Validation
  • [DSS-1583] - CommonsDataLoader with LDAP URLs...
  • [DSS-1585] - Some IDs in XAdES signatures are not unique
  • [DSS-1586] - BER encoding used on timestamps instead of DER
  • [DSS-1601] - The AbstractPdfSignatureService implementations are package-private
  • [DSS-1602] - Certificate's digest algorithm not properly recognized. Signatures rejected with CRYPTO_CONSTRAINTS_FAILURE.
  • [DSS-1610] - Document with LTA level signature is not valid (NO_POE) anymore after signature certificate expiration.
  • [DSS-1617] - NullPointerException in RepositoryRevocationSource
  • [DSS-1619] - ATSv2 Message imprint mismatch when signeddata has 2 signerinfos
  • [DSS-1627] - Pdf content in PdfBoxSignatureService log
  • [DSS-1628] - Insecure RNG used
  • [DSS-1630] - CertificatePool : certificate conflict by SubjectName
  • [DSS-1632] - DetailedReport schema not matching actual reports
  • [DSS-1635] - XAdES signature is no longer considered valid after the first of the two archive timestamps expired
  • [DSS-1636] - Exception when trying to validate DETACHED XAdES with contentTimestamp when not providing the original documents
  • [DSS-1639] - ZIP bombing
  • [DSS-1651] - Validation of containers which have no mimetype
  • [DSS-1656] - No null check for XmlXCV leads to NullPointerException when signature was altered
  • [DSS-1661] - NullPointerException in ReferenceDataExistenceCheck and ReferenceDataIntactCheck if XmlDigestMatcher has null type
  • [DSS-1663] - Fix for DSS-1630 costs 30% performance
  • [DSS-1666] - Invalid WSDL for Validation service
  • [DSS-1669] - CRL signature validation with ECDSA fails
  • [DSS-1670] - CAdES signature is no longer considered valid after the first of two ATSv2 archive timestamps expired
  • [DSS-1671] - Add an empty SignatureField to a PDF document Before signing using DSS
  • [DSS-1679] - CHAIN_CONSTRAINTS_FAILURE leads to TOTAL_FAILED. Shouldn't it be INDETERMINATE ?
  • [DSS-1686] - XAdES signature is no longer considered QESig after the first of the two archive timestamps expired
  • [DSS-1690] - Unstable validation result for a PAdES signature with two document timestamps
  • [DSS-1693] - Extension of XAdES-LTA signature copies old instead of embedding current revocation data
  • [DSS-1694] - Detailed report shows OUT_OF_BOUNDS_NO_POE for earlier timestamps even when properly covered by a valid archive timestamp
  • [DSS-1696] - Extension of PAdES signatures removes the earlier CRL and certificate references (when there are duplicates)
  • [DSS-1709] - ASiC validators do not report when they could not parse the provided file
  • [DSS-1715] - eSig DSS 5.4.1 vulnerable to pdf-insecurity.org Signature Wrapping Attack
  • [DSS-1716] - SignatureImageAndPositionProcessor does not take zoom into account
  • [DSS-1717] - Revocation data freshness constraint checking not enforced
  • [DSS-1719] - CAdES: Improve Id generation
  • [DSS-1725] - Issue to validate the DK TL
  • [DSS-1729] - CAdES LTA with ASiC_E container fails validation if signature and archive timestamp servers are different
  • [DSS-1731] - OCSP validation issue
  • [DSS-1740] - AlgoExpirationDate of ECDSA192 inconsistent in default policy

Improvement

  • [DSS-1157] - AdvancedSignature with added info lost in reports
  • [DSS-1264] - Improve cryptographic constraint
  • [DSS-1388] - DSS is Adding Signature Tags Same Line at XAdES
  • [DSS-1392] - OCSP - cache implementantion
  • [DSS-1433] - Support text in PDF visible signatures
  • [DSS-1445] - Demo : allows to replay a diagnostic-data
  • [DSS-1548] - Needed more options to generate XAdES signatures. More parameters in XAdESSignatureBuilder?
  • [DSS-1554] - Get XAdES signature policy "Description" field
  • [DSS-1573] - Abnormal increase in CPU utilization when executing the XAdES signature of documents containing thousands of xml nodes
  • [DSS-1581] - Use the validation pool from the CertificateVerifier for XAdES and CAdES extension.
  • [DSS-1590] - Signature creation with NONEwithXXX
  • [DSS-1598] - New default Validation Policy
  • [DSS-1629] - Version conflict in one of transitive DSS dependencies
  • [DSS-1652] - Allows to use DSS with Xalan
  • [DSS-1675] - On PDF signature verify not found a getReason() function
  • [DSS-1685] - TSLLoader.call doesn't log sufficient information to analyse TSL download issues
  • [DSS-1698] - Implementation of the ETSI Validation Report (TS 119 102-2)
    • [DSS-1699] - Generation of the model for the ETSI VR
    • [DSS-1700] - Improve the data extraction
    • [DSS-1704] - Add the ETSI VR in the result of the SOAP/REST services
    • [DSS-1705] - Allow to optionally execute the ETSI VR
  • [DSS-1702] - Support of zero-sigPolicyHash
  • [DSS-1706] - Java 12 support
    • [DSS-1659] - Module support for JDK12
    • [DSS-1677] - Does not work with the Java Module System
    • [DSS-1707] - Remove the reflexion
    • [DSS-1732] - JAXB modules harmonization
  • [DSS-1712] - Bundle : replace the provided JRE with OpenJDK (JRE)
  • [DSS-1713] - Expose a REST/SOAP webservice to validate certificates
  • [DSS-1720] - Check revocation thisUpdate time is before the bestSignatureTime
  • [DSS-1722] - No way to customize DocumentBuilderFactory built in DomUtils
  • [DSS-1733] - PAdES Visible Sig: add support of CMYK images
  • [DSS-1735] - XAdES: update certificate/revocation sources on LTA level extension
  • [DSS-1736] - Include PDF signature field name in validation results
  • [DSS-1738] - ASiC-E CAdES : check digest of signed files
  • [DSS-1742] - Certificate validation reports (un)marshalling

Task

  • [DSS-1728] - Move MOCCA to the dss-demos
  • [DSS-1744] - Update OJ / LOTL / Keystore

Support

  • [DSS-1323] - Certificate validation model (chain / shell)
  • [DSS-1562] - XAdES: treating URI attribute when
  • [DSS-1566] - SimpleRepost does not containt INDICATION when validating cert and national TL is unavailable
  • [DSS-1644] - Qualification recognition problem after update to 5.4
  • [DSS-1683] - Foxit Reader Digital Signature
Assets 2
Loading