-
Notifications
You must be signed in to change notification settings - Fork 14
/
changes.txt
3294 lines (2383 loc) · 180 KB
/
changes.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
SecureBlackbox - version 12.0.258 - Released August 15, 2014
---------------------------------------------------------------------------
What's new:
[ Legend: ]
[ + Added feature ]
[ * Improved/changed feature ]
[ - Bug fixed ]
^^^^^^^^^^^^^^^^^^^^
^^^ Version 12.0 ^^^
^^^ ^^^
^^^^^^^^^^^^^^^^^^^^
---
August 15, 2014
Version 12.0.258. Maintenance update
+ [All] (FTPS) TElSimpleFTPSServer now supports wildcards for NLST command. This allows "mget *.*" command to work.
+ [Java] (PDF) TinySignerPKCS11 sample added.
- [All] (Base) TElCustomCertStorage.LoadFromBufferJKS method fixed to report error if wrong password provided.
- [All] (Base) FileSystemAdapter incorrectly processed UNC paths. Fixed.
- [All] (PKI) TElMessageTimestamper.Timestamp produced invalid timestamps. Fixed.
- [VCL] (LDAP) Fixed a bug when search operation failed. The bug was introduced in first 12th version builds.
---
August 2, 2014
Version 12.0.257. Maintenance update
- [All] (Base) PEM decoding fixed.
- [All] (DC) Fixed URL composing which is used to post back signature results in ActiveX control
- [All] (HTTP) Digest authentication fixed.
- [All] (SSL) Server was incorrectly choosing a session certificate in certain ciphersuite configurations, leading to handshake failures. Fixed.
- [All] (SSL) Fixed occasional GCM cipher failures in SSL/TLS client
- [VCL] Due to a bug in C++Builder compiler certain parts of SecureBlackbox code were unusable. Workaround has been added.
- [.NET, Java] (FTPS) foPreallocateStorage in TElSimpleFTPSClient didn't work due a typo error. Fixed.
- [.NET] (Base) When using a workaround in UNC path handling, the error code was not reset. Fixed.
---
July 23, 2014
Version 12.0.256. Maintenance update
* [All] Documentation updated to reflect the replacement of BufferType with ByteArray.
* [.NET] (Base) The mechanism to open files behind a UNC path has been improved.
- [All] (HTTPS) URL with parameters (the part after ?) were passed by TElHTTPSClient to the server with an extra question mark. The issue appeared in build 255 due to last-minute changes. Fixed.
---
July 19, 2014
Version 12.0.255. Official release
! [All] BufferType type has been replaced with ByteArray.
! [VCL] Delphi 5 (yes, that old one) support dropped
+ [VCL] RAD Studio XE6 support added
+ [All] (PKI) Added support for trusted timestamps (TSP protocol) to Authenticode
+ [All] (HTTPS) Added handling of response code 308 as per RFC 7238
+ [All] (FTPS) TElSimpleFTPSServer.OnBeforeSendReply event added.
+ [All] (SSH) InactivityPeriod property added for forwarding classes that tells the component to close the forward if there were no activity for some time.
+ [All] (SSL) Added support for signaling ciphersuite value (SCSV), a compatible method for indicating support for renegotiation info extension.
+ [All] (PKI) Added SHA2 support to PKCS#5
+ [All] (MIME) Added AlignEncryptedKey property that allows to fix a compatibility issue with old software in encrypted mail messages
* [All] (Base) TElMessageEncryptor/TElMessageDecryptor improved to support RSA-OAEP with non SHA-1 MGF1 functions.
* [All] (Base) TElMessageEncryptor and .NET EnvelopedCms compatibility improved.
* [All] (Base) Processing of X.509 CRL Distribution Points and Name Constraints extensions significantly reworked and improved.
* [All] (Base) TElDSAKeyMaterial.LoadPublic improved to load PEM-encoded keys in OpenSSL format.
* [All] (PKI) TElCertificatePoliciesExtension improved to handle policies with multiple qualifiers correctly.
* [All] (XML) Added workaround for parsing TSP info if a data contains TSP reply.
* [All] (FTPS) TElSimpleFTPSServer changed to return 550 code in case of file absence on DELE request.
* [All] (SFTP) Improved upload speed with Bitvise WinSSHD server.
* [All] (PKI) TElTSPServer class improved to clear AuthenticatedAttributes on subsequent requests.
* [All] (MIME) Removed the Offset parameter in the TElMessageHeader.Parse method
* [All] (Base) TElMessageEncryptor/TElMessageDecryptor improved to support RSA-OAEP with non SHA-1 MGF1 functions.
* [All] (Base) TElMessageEncryptor and .NET EnvelopedCms compatibility improved.
* [All] (Base) Processing of X.509 CRL Distribution Points and Name Constraints extensions significantly reworked and improved.
* [All] (SSL) Server name extension is now automatically sent on TLS 1.0-1.2, which aims to improve compatibility with newer SSL and HTTPS servers.
* [.NET] (Base) Improved cryptographic code efficiency with regard to garbage collection
* [.NET, C++, VCL] (Base) Improved error reporting in DiskFileSystemAdapter - now the error code is [attempted to be] returned more precisely and not just "Access Denied" as before.
* [Java] (XML) Optimized xml canonicalization and saving.
- [All] (XML) Fixed NullPointerException in TElXAdESVerifier.ExtractAllCertificates method.
- [All] (Cloud) A minor fix to shared access signatures calculation in debug mode
- [All] (HTTPS) When sending the request using the inherited methods of TElRESTClient, output stream was not cleared before the second request.
- [All] (HTTPS) Multiple cookies put to HTTPClient.RequestParameters.Cookies were sent not correctly. Fixed.
- [All] (HTTPS) 204, 205 and 304 response codes were not handled right if connection was kept and not closed by the server. Fixed.
- [All] (PKI) Fixed CompleteChainValidation parameter in TElX509CertificateValidator.Validate method.
- [All] (PDF) Fixed extra newline in signature widget for numeric OID values generated by TElPDFPublicKeySecurityHandler.GetSignatureInfo method.
- [All] (Charsets) Fixed charset conversion.
- [All] (XML) Fixed XPath processing.
- [All] (SOAP) Ensures that a Header element is always created before Body element.
- [All] (SSL) The TLSv1.2-only client did not reject servers rolling back to TLSv1.0 or TLSv1.1. Fixed.
- [All] (MIME) Fixed a bug in parsing mail headers with empty field bodies
- [VCL] (Base) Fixed TElRandom.Randomize implementation.
- [VCL] (Base) Fixed import and export of keys to Windows system stores, broken in one of SBBv12 betas.
- [VCL] (PDF) Fixed decryption with TElPDFPublicKeySecurityHandler.
- [.NET] (SSL) Fixed broken SSLv2 implementation.
- [.NET, Java] (SSL) TElSSLServer didn't work with some TLS1.2 ciphersuites. Fixed.
- [.NET] (Office) Fixed constructor visibility for some encryption handlers.
- [Java] (Base) Fixed JNI.java not to include the JNI native library extension - Java doesn't expect the extension by default and doens't work in some cases when the extension is specified.
- [All] (Office) Fixed RC4 decryption for binary documents.
- [C++] (Office) Fixed signing of .docx, .xps documents for Mac/iOS
---
May 28, 2014
Version 12.0.253. Release candidate 2
! [All] (PKI) PKCS#11 constants and types have been renamed from CK?_ (eg. CK_LONG, CK_RV) to SB_CK?_ (SB_CK_LONG etc.)
! [All] (HTTPS) NewURL parameter in OnRedirection event of TElHTTPSClient can now be changed by the event handler.
+ [All] (FTPS) TElSimpleFTPSServer.OutgoingLocalBinding property added that allows to set outgoing address and port for active transfer mode.
+ [All] (FTPS) Added support for EPRT and EPSV commands to FTPS server.
+ [All] (FTPS) Added support for SITE command in FTPS server.
+ [All] (SSH) Added port knocking functionality to SSH forwarding components.
+ [.NET] (PKI) PKCS#11 is now available for Windows CE
+ [C++] (PKI) PKCS#11 is now available for static PKCS#11 libraries on iOS.
+ [Java] (PKI) PKCS#11 via JNI is now available for Android.
* [All] (FTPS) FTPS server now reports error code to a client in case of exception inside OnTransferCompleted event handler.
- [Java] (Base) Fixed a bug in JCE cryptoprovider that caused invalid signatures generation.
- [Java] (Office) Fixed signing/verification using CryptoAPI signature handler for some binary documents.
---
May 4, 2014
Version 12.0.251. Release candidate 1
! [All] (Cloud) SkyDrive component has been renamed to OneDrive
! [C++] Static libraries for iOS and MacOS requires compiler and library support for the ISO C++ 2011 standard.
! [.NET] (FTPS) RemoteCharset property has been removed from TElSimpleFTPSClient
+ [All] (PKI) Added HMAC-Based One-Time Password and Time-based One Time Password
+ [All] (Cloud) Added support for Box.com cloud storage
+ [All] (FTPS) Added support for HOST command.
+ [All] (FTPS) Added QuoteParameters property to the client component which specifies, when to wrap the parameter of the FTP command with QuoteParamChar property
+ [All] (FTPS) TElSimpleFTPSServer.OnCommandUnhandled event added.
+ [All] (XML) Added TElXMLSOAPClient component.
+ [Java] (PKI) JNI module and code improved to allow usage of PKCS#11 devices on Linux x86/x64/Mac OS X.
* [All] (OpenPGP) Code improved to use the latest keys expiration date for malformed keys with wrong packets sequence.
* [All] (SSH) Added support for global (non-channel-wise) keep-alive signals.
* [All] (PKI) Added csoUseGenericSigAlgorithmOIDs flag for better control over signature algorithm written down to the CMS structure.
* [All] (PDF) Improved invisible signature to conform to PDF/A requirements.
* [All] (SSL) Added support for client-side authentication with EC certificates.
* [All] (FTPS) FTP server improved to accept "MODE S" command.
* [NG] (iOS, MacOS) Fixed a memory management issue caused by a revised implementation of core TList class on NG platform. The problem led to occasional memory access errors (AV's etc.) on iOS and MacOS platforms.
* [VCL, .NET] (SSH) TElSSHServer closed connection after EOF packet was received from a client. Now this behaviour can be controled using TElSSHTunnelConnection.OnEOF event.
* [VCL, .NET] (SSH) TElShellSSHSubsystemHandler worked incorrectly when input data was sent from a client using pipe. Improved.
* [VCL] (Base) Optimized UTF-16 to UTF-8 conversion for non-Win32 platforms.
* [C++] Improved/fixed wide char/wide string handling for Linux, MacOS and iOS platforms.
* [VCL] (SSH) GSS-API can now be used under Linux and MacOS X.
- [All] (Base) Fixed a bug when certificate policies extension of TElX509Certificate was read incorrectly.
- [All] (SSL) Fixed a bug in TElSessionPool.Remove that may cause a deadlock.
- [All] (ZIP) Fixed bugs with adding a directory into the archive for non Windows systems and with uncleaned list of directory signatures after archive has been closed
- [All] (Office) Fixed loading of xml signatures if ManifestHashAlgorithm element is not present in the signature info.
- [All] (PKI) Fixed occasional 'Invalid key length' exception thrown by TElMessageEncryptor and Cloud components.
- [All] (SSH) TElSSHServer.OnAuthFailed was not fired. Fixed.
- [All] (XML) Minor fix in decryption transform.
- [All] (FTPS) FTP server errroneously returned 225 code instead of 226 for ABOR command. Fixed.
- [VCL, C++] (Charsets) Fixed charsets initialization on POSIX systems, if cwstring unit initialized after charsets.
- [Java] (XML) Possible "[B cannot be cast to..." exceptions fixed in XAdES classes.
- [Java] (XML) Fixed saving of serial number in IssuerSerial element, if zero is present in decimal representation at position multiple of 9.
- [Java] (ZIP) Fixed StringIndexOutOfBoundsException exception on file open.
- [NG] (Base) Calling wrong iOS pthread library fixed. Fixed incrementing of GlobalLockCSFlag.
---
March 10, 2014
Version 12.0.247. Beta version.
+ [All] (PKI) RSA computations involving private keys are now protected from timing attacks
+ [All] (XML) Added support for AES-GCM authenticated encryption algorithm in XML encryption.
+ [Java] (Base) Added DNSSEC support for Android target.
+ [Java] (PKI) TElJavaCertStorage added that allows to manage certificates in MY and ROOT stores on Windows and AndroidKeyStore on Android.
+ [Java] (PKI) TElCustomCertStorage enhanced with LoadFrom*BKS methods that allow to load certificates from BKS storages.
* [All] (Base) Socket shutdown sequence changed from proper to compatible with buggy servers which don't handle partial socket shutdown properly.
* [All] (FTPS) Some servers respond to Delete command with wrong response code 200 (while 250 is required by specification). The client component now accepts such response.
* [All] (FTPS) TElSimpleFTPSClient.ParseFileListEntry parsed time in Windows file listings incorrectly. Fixed.
* [All] (Mail) SMTP client changed to use the most secure authentication scheme first on login.
* [All] (SOAP) Added TElXMLSOAPBaseSignatureHandler.ReferencesDigestMethod property that specifies default digest method for newly added references.
* [All] (PDF) Added workaround that fix error in the document structure when 'endstream' keyword is absent.
* [Java] (Base) TElX509Certificate.FromX509Certificate/GetPrivateKey improved to work with non-exportable keys.
- [All] (FTPS) TElSimpleFTPSServer didn't take into account return codes of underlying file system adapter on file open operations. Fixed.
- [All] (PDF) An empty signature field widget was overridden incorrectly when signing the field in IgnoreExistingAppearance mode, causing the old widget to be prioritized over the new one by some readers.
- [All] (SSH) Fixed a bug in TElSimpleSSHClient.ExecuteCommand() which erroneously made the component discard STDERR output.
- [.NET] (HTTPS) A bug in TElCookieManager resulted in NullReferenceException's in TElHTTPSClient. Fixed.
- [.NET] (PKI) Fixed a recently introduced glitch in TElPKCS11CertStorage that was 'hiding' the contents of the device from the user (x64 platforms only).
- [VCL, .NET] (Mail) NTLM authentication for SMTP fixed.
- [VCL] (Charsets) Fixed memory leak in ASCII charset.
---
January 31, 2014
Version 12.0.245. Alpha Version
![All] All code has been reworked for more efficient memory management and better speed.
! [All] (HTTPS) TElHTTPSClient.Post overload for web forms renamed to PostWebForm.
! [Java] Methods names changed to lowerCamelCase.
+ [All] (PKI) Added support for CAdES baseline profiles and Archival Timestamp V3
+ [All] (SSH) TElSSHServer.SSHAuthOrder/AuthTypePriorities properties added to control authentication types priority.
^^^^^^^^^^^^^^^^^^^^
^^^ Version 11.0 ^^^
^^^ ^^^
^^^^^^^^^^^^^^^^^^^^
---
June 3, 2014
Version 11.0.252. Maintenance update
- [.NET] (Cloud) A minor fix to shared access signatures calculation in debug mode
- [.NET] An issue in charset initialization routine indirectly led to a variety of string conversion problems on .NET CF platform. Fixed.
- [.NET] Fixed a charset resource processing issue on WP8 platform
---
April 26, 2014
Version 11.0.250. Maintenance update
+ [All] (EDI) Added support for SHA-2 (SHA-224, SHA-256, SHA-384, SHA-512) digests in AS2/AS3 signed messages and signed receipts
+ [All] (PKI) An external CAdES signer (e.g. TElCAdESSignatureProcessor) can now be attached to ASiC signatures for automated creation of compliant ASiC/CAdES signatures
* [All] (FTPS) FTP server errroneously returned 225 code instead of 226 for ABOR command. Fixed.
* [All] (FTPS) FTP server improved to accept "MODE S" command.
* [All] (MIME) Removed checking for "micalg" parameter in multipart/signed messages. Now this parameter is optional.
- [All] (Base) Fixed a bug when certificate policies extension of TElX509Certificate was read incorrectly.
- [All] (Cloud) Shared access signatures were calculated incorrectly after a change in Amazon's algorithms. Fixed.
---
March 30, 2014
Version 11.0.248. Maintenance update
! [C++] Static libraries for iOS and MacOS requires compiler and library support for the ISO C++ 2011 standard.
+ [All] (EDI) Added ability to turn on/off usage of indefinite lengths in encrypted and signed AS2/AS3 messages.
+ [All] (MIME) Added ability for each mail message part to have its own charset specified on message assembling.
+ [All] (SSH) Added TElShellSSHSubsystemHandler.SendEOF/IgnoreClientSessionClosure properties.
* [All] (SSH) Added support for global (non-channel-wise) keep-alive signals.
* [All] (PKI) Added csoUseGenericSigAlgorithmOIDs flag for better control over signature algorithm written down to the CMS structure.
* [All] (PDF) Improved invisible signature to conform to PDF/A requirements.
* [All] (SSL) Added support for client-side authentication with EC certificates.
* [VCL, .NET] TElSSHServer closed connection after EOF packet was received from a client. Now this behaviour can be controled using TElSSHTunnelConnection.OnEOF event.
* [VCL, .NET] TElShellSSHSubsystemHandler worked incorrectly when input data was sent from a client using pipe. Improved.
* [VCL] (Base) Optimized UTF-16 to UTF-8 conversion for non-Win32 platforms.
* [C++] Improved/fixed wide char/wide string handling for Linux, MacOS and iOS platforms.
- [All] (MIME) Fixed quoting of header fields parameters in e-mail messages
- [All] (SSL) Fixed a bug in TElSessionPool.Remove that could cause a deadlock.
- [All] (ZIP) Fixed bugs with adding a directory into the archive for non Windows systems and with uncleaned list of directory signatures after archive has been closed.
- [All] (MIME) Fixed quoting of header fields parameters in e-mail messages.
- [All] (Office) Fixed loading of xml signatures if ManifestHashAlgorithm element is not present in the signature info.
- [All] (PKI) Fixed occasional 'Invalid key length' exception thrown by TElMessageEncryptor and Cloud components.
- [All] (SSH) TElSSHServer.OnAuthFailed was not fired. Fixed.
- [All] (XML) Minor fix in decryption transform.
- [FPC] (Charsets) Fixed charsets initialization on POSIX systems, if cwstring unit initialized after charsets.
- [Java] (XML) Possible "[B cannot be cast to..." exceptions fixed in XAdES classes.
- [Java] (XML) Fixed saving of serial number in IssuerSerial element, if zero is present in decimal representation at position multiple of 9.
---
March 1, 2014
Version 11.0.246. Maintenance update
! [C++] (Base, SFTP) Renamed SBSftpCommon.fmCreate constant to sfmCreate and SBSystem.fmCreate to filemodeCreate
+ [All] (PKI) RSA computations involving private keys are now protected from timing attacks
+ [All] (XML) Added support for AES-GCM authenticated encryption algorithm in XML encryption.
+ [Java] (Base) Added DNSSEC support for Android target.
* [All] (FTPS) Some servers respond to Delete command with wrong response code 200 (while 250 is required by specification). The client component now accepts such response.
* [All] (FTPS) TElSimpleFTPSClient.ParseFileListEntry parsed time in Windows file listings incorrectly. Fixed.
* [All] (Mail) SMTP client changed to use the most secure authentication scheme first on login.
* [All] (SOAP) Added TElXMLSOAPBaseSignatureHandler.ReferencesDigestMethod property that specifies default digest method for newly added references.
* [All] (PDF) Added workaround that fix error in the document structure when 'endstream' keyword is absent.
* [C++] (Base) Fixed string values for some constants in sbconstants header.
- [All] (PDF) An empty signature field widget was overridden incorrectly when signing the field in IgnoreExistingAppearance mode, causing the old widget to be prioritized over the new one by some readers.
- [All] (SSH) Fixed a bug in TElSimpleSSHClient.ExecuteCommand() which erroneously made the component discard STDERR output.
- [.NET] (HTTPS) A bug in TElCookieManager resulted in NullReferenceException's in TElHTTPSClient. Fixed.
- [.NET] (PKI) Fixed a recently introduced glitch in TElPKCS11CertStorage that was 'hiding' the contents of the device from the user (x64 platforms only).
- [VCL, .NET] (Mail) NTLM authentication for SMTP fixed.
- [VCL] (Charsets) Fixed memory leak in ASCII charset.
---
February 15, 2014
Version 11.0.245. Maintenance update
+ [All] (MIME) Added TElMessageHeader.ParseAddresses property which allows to disable message addresses parsing in order to process them as other header fields.
* [.NET] (Base) Changed TElDiskFileSystemAdapter to be able to use UNC path as a base path.
- [All] (EDI) Fixed the bug with disabled receipt request in loaded AS2/AS3 messages even if a receipt is actually requested.
- [Java] (Base) Fixed a bug with uninitialized parameters in TElX509CertificateValidator.OnAfterCertificateValidation event.
- [.NET] (HTTP) Exception was thrown inside TElCookieManager.ValidateCookie on some conditions. Fixed.
---
January 27, 2014
Version 11.0.244. Maintenance update
+ [All] (Mail) Added AllowAuthentication property to the SMTP component.
+ [All] (PDF} Added TElPDFSignatureInfo.FieldFlags property that returns field flags common to all field types.
* [All] (Base) SB_OID_SHA1_RSAENCRYPTION2 was not taken into account in some places. Fixed.
* [All] (FTPS) TElSimpleFTPSClient.ListDirectory improved to skip CWD command if its Path parameter is empty.
* [All] (OpenPGP) Decryption and signing operations by a particular key are now thread safe, allowing the same key to be used for several concurrent decryption/signing operations
* [All] (PKI) TElPKCS11CertStorage.OnSlotEvent can now return Slot=nil/null/Nothing to map reports from drivers that indicate card reader removal in this way
* [All] (PKI) TElCRLManager.UseCache property is enabled by default now (as it was before build 243).
* [All] (PDF) Page number for newly created signature is set based on empty signature field page number.
* [All] (PAdES) On load all certificates from CMS signature added into TElPDFAdvancedPublicKeySecurityHandler.Certificates property.
* [.NET] (Base) Minor improvement to FromX509Certificate2 method that eliminates the need to manually attach the win32 cryptoprovider to the certificate object
- [All] (Base) TElPublicKeyCrypto.VerifyDetached() incorrectly tried to decode the plaintext from base64 when InputEncoding was set to pkeBase64
- [All] (FTPS) TElSimpleFTPSServer fixed to process multiple files downloads with resumption correctly.
- [All] (PDF) Fixed adding of attachments for specifically formatted pdf documents.
- [All] (XML) Fixed detecting of TElXMLVerifier.SignatureType property when reference URI is empty string.
- [All] (XML) Fixed enveloped signature transform of the document element when the xml document contains processing instructions.
- [All] (SSH) TElSSHServer improved to work with buggy JSch client.
- [All] (MIME) Added equal sign to the specials list that require a string to be enclosed in double quotes.
- [All] (Mail) Changed behavior of authentication in SMTP component to not use SASL if no mechnism is configured.
- [.NET] (FTPS) TElSimpleFTPSClient.GetFileSize didn't work correctly in some conditions. Fixed.
- [VCL] (Base) Fixed UnixTimeToDateTime method in FreePascal.
- [VCL] (Office) Fixed signing/verifying using CryptoAPI signature handler for some binary documents.
- [C++] (Base) Fixed setting datetime properties for non Win32 platforms.
---
December 31, 2013
Version 11.0.243. Maintenance update
+ [All] (PKI) Added possibility to turn off the cache in CRLManager. Disabling the cache can be used if you want to implement your own cache based on CRL locations (URLs) rather than on Issuer property.
+ [All] (XML) Added ExclusiveCanonicalizationPrefix property for TElXMLC14NTransform and TElXMLSignedInfo classes.
* [All] (Base) TElMessageEncryptor used default key lengths for symmetric algorithms. Now variable key length can be set using its BitsInKey property.
* [All] (Base) EElSocketError exception instances didn't include error code is some cases. Fixed.
* [All] (Base) Improved loading of EC private keys to conform to recent RFCs
* [All] (HTTPS) TElHTTPSClient: improved DELETE response handling.
* [All] (PKI) Minor compatibility enhancements in CAdES signature processing
* [All] (PKI) Added TElX509CertificateEx.PreferredHashAlgorithm property to allow the user choose the desired certificate signature hash algorithm
- [All] (PKI) Fixed a bug when distribution point reason flags in CRLDistributionPoints extension were written and read incorrectly.
- [All] (HTTPS) Fixed a bug when incoming data was not decompressed when TElHTTPSClient.Use100Continue property was on.
- [All] (HTTPS) Subsequent requests with one instance of TElHTTPSClient failed on some conditions. Fixed.
- [All] (LDAP) LDAP CRL retriever fixed to work correctly with URLs that contain slash character in DN part.
- [All] (XML) Fixed AV in enveloped signature transform when binary data is passed.
- [All] (FTPS) TElSimpleFTPSClient.UploadStream fixed to work in ftmAppendToEnd mode.
- [All] (Mail) Fixed a bug in SMTP with sending an invalid message end mark if a message is not ended with CRLF
- [All] (Mail) Fixed a bug in SMTP with sending lines with leading dots
- [All] (Mail) Fixed usage of TElSimpleMIMEMessage class with SMTP component; address aliases have been sending to SMTP servers in MAIL FROM and RCPT TO commands
- [VCL] (Base) TElClientIndySSLIOHandlerSocket didn't work with Socks proxies. Fixed.
- [VCL] (Base) TElX509Certificate.LoadFromBuffer freezed on some specific conditions. Fixed.
- [VCL] (Base) TElDiskFileSystemAdapter.DirectoryExists did't work correctly for root directories on Windows XP. Fixed.
- [MacOS] (Base) Fixed setting socket timeout on Mac OS.
- [iOS] (Base) Fixed to not loose accuracy in timestamp conversion on iOS/arm
---
November 22, 2013
Version 11.0.242. Maintenance update
! [.NET] Assemblies for different platforms are now signed with different strong name keys
+ [All] (Mail) Added support for Sender message field. Now if a message contains Sender field, the address from this field will be used in MAIL FROM command.
* [.NET] (Base) Socket.Listen backlog value was set to 1 which could cause some connections to be refused in TElSimpleFTPSServer class.
* [Java] (Base) Improved TElCustomFSAdapter to detect path separators correctly.
* [All] (XML) Improved exclusive canonicalization. Added TElXMLSigner/TElXMLVerifier.InclusiveNamespacesPrefixList property.
* [All] (PDF) Workaround that fix error in the document structure when indirect object 'obj' keyword not followed by an EOL marker.
* [All] (SSL) TElSessionPool is now capable of storing user session-related information
* [VCL] (PKI) Added workaround for PKCS#11 drivers that return invalid procedure addresses via C_GetFunctionList.
- [All] (Base) X.509 certificates reading procedure went into infinite loop in some conditions. Fixed.
- [All] (Base) Fixed a bug when Digest WebTunnel proxy authentication didn't work in some conditions.
- [All] (Cloud) Fixed TElGoogleDriveDataStorage.List method with one parameter.
- [All] (MIME) Fixed mail addresses corruption on message reassembly.
- [All] (MIME) Fixed bug in quoting and unquoting strings in e-mail addresses.
- [All] (HTTPS) Cookies without specified path are accepted correctly now
- [All] (PKI) OtherExtensions were not written in PKCS#10 request if there were no "known" extensions set. Fixed.
- [All] (PKI) Fixed generation of X.509 certificates carrying EC keys in PreserveKeyMaterial mode
- [.NET] (Base) Fixed a build issue in Windows Phone 8 assemblies that caused occasional field access exceptions
- [.NET] (HTTPS) TElHTTPSClient didn't work correctly with longer TLS buffers in Windows Phone 8 , which resulted in connectivity problems with certain HTTPS servers. Fixed.
- [Java] (Base) TElSymmetricCrypto.Encrypt/Decrypt methods could throw ArrayIndexOutOfBoundsException in some cases. Fixed.
- [C++] Compilation fixes for Visual Studio 6.0 (1998)
---
October 25, 2013
Version 11.0.241. Maintenance update
+ [All] (PKI) TElX509CertificateValidator got new event (OnOCSPResponseSignerValid) related to check of the signer of an OCSP response
+ [All] (FTPS) TElFTPSServer/TElSimpleFTPSServer now reports upload progress correctly if a client sends ALLO command before file transfer.
* [All] (Base) TElX509CertificateValidator improved to report vrCRLNotVerified validity reason in all cases.
* [All] (Base) 3DES keys are now generated with parity bit set (this bit is checked by certain outdated hardware)
* [All] (PKI) TElX509CertificateValidator improved to follow new wording of RFC 6960 (paragraph 4.2.2.2, related to check of applicability of OCSP signing certificate)
* [All] (FTPS) Data socket is now properly disposed of in Active mode if an error happens.
* [All] (FTPS, SFTP) Improved cleanup of RegexProcessor variable.
* [All] (Mail) TElSMTPClient.Send speed optimized.
* [CPP] Fixed threading support for unix systems
- [All] (Base) Fixed a bug when TElMessageVerifier.Verify processed detached signatures as valid.
- [All] (Cloud) Fixed several security-related bugs.
- [All] (Mail) Fixed a bug in TElPOP3Client.GetMessageSize method.
- [All] (PKI) Fixed memory leaks in TElFullPKIRequest.GetControlAttribute and TElFullPKIResponse.GetControlAttribute methods.
- [All] (Office) Fixed distributed signing of a secondary,... n-ary signatures using binary xml signature handler.
- [All] (XML) Fixed issue with not flushing data in TElXMLDOMDocument.SaveToStream overloaded method that accept TElXMLCodec as parameter.
- [.NET] (PKI) TElPKCS11CertStorage destructor threw exception in .NET 4.5 due to security attribute missing. Fixed.
- [.NET] (SSH) AuthAgent authentication type didn't work in .NET 4.0 and 4.5 due to security attribute missing. Fixed.
- [.NET] (HTTP) TSP and OCSP clients didn't work correctly when Turkish locale was set on Windows. Fixed.
- [VCL] (FTPS) Use of the regular expression in ListDirectory caused an AV due to unnatural design of RegularExpressions RTL unit. Fixed.
---
October 6, 2013
Version 11.0.240. Official Release
+ [All] (Cloud) Certificate-based signing is now available for embedded metadata mode.
+ [All] (EDI) Added overloaded Save methods in TElASMessage and TElASReceipt to allow to store headers and bodies of messages and receipts to separate streams.
+ [All] (SSH) Added a set of overloads of TElSimpleSSHClient.ExecuteCommand() methods that allow to re-use the established SSH connection
+ [All] (XML) TElXMLSigner now supports easy-to-use external signing with OnRemoteSign event
+ [CPP] Added auto detection of platform/OS
* [CPP] Fixed name collision in C headers with zlib library and others.
* [.NET] Updated the set of WinRT samples
- [All] (ZIP) Fixed a bug that caused 'Invalid type cast' exception for some kind of archives.
- [All] (Cloud) A couple of minor bug fixes
- [All] (Charsets) Fixed UTF-7 encoding (when special character '-' is a last character in the buffer).
- [All] (SOAP) Fixed reference Id generation for WSS signature handler.
- [VCL] (Base) Fixed memory leak in SBRSA, SBASN1, EUC charset.
- [VCL] (HTTP) Fixed memory leak in TElHTTPCompressedProcessor.
- [Java] (Base, SSL) TElX509Certificate.Chain was not assigned correctly in some conditions. Fixed.
- [.NET] (FTPS) Fixed a bug when TElSimpleFTPSClient.RemoteCharset/RemoteCodepage properties didn't work correctly when set in design time.
---
September 17, 2013
Version 11.0.239. Release Candidate 2
+ [VCL] Added RAD Studio XE5 support.
+ [All] (Cloud) Added data storage components for SkyDrive and Google Drive
+ [All] (Cloud) Added support for in-object metadata storing. Dropbox component now uses this mode by default. SkyDrive and GoogleDrive components use only this mode.
* [All] (Base) TElWin32CryptoProvider improved to process ERROR_CANCELLED correctly.
* [All] (Office) Added workaround for binary and encrypted OOXML documents with invalid root directory entry's name.
- [All] (Mail) Separator space between RCPT TO command and parameters was missing. Fixed.
- [.NET] (Base) Fixed a bug when TElWinCertStorage worked incorrectly on Windows 8 x64 with .NET 4.5.
- [.NET, Java] (PKI) TElX509Certificate could lose a character of Issuer ID and Subject ID in some rare cases. Fixed.
- [Java] (Base) Fixed Access Violation error in JNI module that occured during signing operations using CNG keys from Windows stores.
- [VCL] (PDF) Fixed compliance with the PDF/A standard if a document was reassembled.
- [.NET, Java] (SSH) Some types of requests didn't work in SSH 1 (obsolete and not recommended for use). Fixed.
- [.NET, Java] (SSH) Window Change request didn't work in SSH 2. Fixed.
- [Java] (SSH) Publickey-Agent authentication didn't work in SSH2.
---
August 24, 2013
Version 11.0.238. Release Candidate 1
! [All] (All) We are moving to new evaluation restrictions mechanisms. Evaluation delays are no longer in force. Instead, limited numbers of operations for each component are allowed (with exceptions thrown once a particular limit is exceeded).
! [.NET] .NET CF support has been returned.
+ [All] Added support for ASiC (Associated Signature Container, ETSI TS 102 918). ASiC support requires SecureBlackbox Data Security or SecureBlackbox Professional package.
+ [All] (XML) Added ECDSA and RSASSA-PSS signature algorithms support in XMLDSig (see RFC 6931)
+ [All] (PKI) Added support for multipart ASN.1 content in PKCS#7 SignedData
+ [All] (FTPS) Added keep-alive to prevent command channel from being closed by NATs during long data transfer. Keep-alive is enabled by setting new TransferKeepAliveInterval property to non-zero value (300 000 is a great value for keep-alives). Note, that not all servers handle keep-alives correctly.
+ [.NET] Added Xamarin.iOS assemblies
* [All] (SSH) Added workaround for server that identifies it-self as "f7u12".
* [All] Socket-based components are now more tolerant to extra spaces in addresses and URLs. Previously an extra typed space caused an error to happen, now those spaces are trimmed.
* [All] (FTPS, SFTP, WebDAV, OpenPGP, ZIP) When filesystem error happens in components that access local filesystem via FileSystemAdapter, error message now contains the path (file name or directory path) for which the error happened.
* [All] (SSH) AuthenticationTypes property value changed in all components to a combination of SSH_AUTH_TYPE_PUBLICKEY, SSH_AUTH_TYPE_KEYBOARD and SSH_AUTH_TYPE_PASSWORD.
* [All] (DAV) Added TElWebDAVClient.List method overload that allows to specify depth parameter.
* [All] (Office) Added UpdateSignature method that allows to extend XAdES info after signing.
* [All] (XML) Optimized memory usage of TElXMLDOMNode class on 20-30%
* [All] (EDI) Improved usage of UseFolding property value when composing AS2/AS3 receipts (MDNs) bodies
* [Java] (Base) ESecureBlackboxError parent class changed from java.lang.Throwable to java.lang.Exception.
* [Java] (Base) TElSocket incoming connections backlog increased to improve server behavior under heavy load.
* [Java] (Base) Minor performance optimizations.
* [.NET] .NET CF assemblies are now compiled with Constrained Device option enabled, thus consuming less memory for various buffers.
- [All] (Base) Fixed a bug when WebTunnel proxy authentication failed if server sent responses longer than 2KB.
- [All] (SSH) Updated SimpleSSHClient to correctly send keepalives during command execution
- [All] (Office) Fixed signing issues with some kind OOXML and ODF documents.
- [All] (PDF) Fixed document decryption with owner password for AES/128 bits encryption algorithm.
- [Java] (Base) TElJCECryptoProvider generated invalid signatures in some cases (e.g. when used with PDFBlackbox). Fixed.
- [Java] (FTPS) Some fixes in FTPSServer code and sample
- [Java] (SSL) Fixed a bug when TElSimpleSSLClient.SetUseInternalSocket caused stack overflow.
- [.NET] (Base) Fixed a bug when turning Nagle algorithm on for UDP sockets (mainly for DNS client) resulted in exception.
- [.NET] (SSH) The components behaved incorrectly with servers offering different sets of ciphers for inbound and outbound directions (NET 4.5 only). Fixed.
---
July 4, 2013
Version 11.0.237. Beta version
! [All] (FTPS) OnFileOperation and OnFileOperationResult events (types and parameters) of TElSimpleFTPSClient class have been changed to include operation type (Upload, Download, Deletion).
+ [All] (Base) Added OnTSPError event to TElTSPClient class. The event is triggered by Timestamp method when the result is non-zero.
+ [All] (Base) Added Whirlpool hash algorithm implementation and RSA-Whirlpool signature scheme
+ [All] (XML) Added DSA-SHA256 signature algorithm (see XMLDSIG-CORE-11)
+ [All] (FTPS, SFTP) Added CopyMode parameter to DownloadFiles and UploadFiles methods. This parameter tells the component to delete the source files after they have been successfully transferred.
+ [All] (FTPS, SFTP) Added ftmOverwriteIfDiffSize transfer mode for DownloadFile/UploadFile and DownloadFiles/UploadFiles method. This mode is a conditional overwrite which is performed only when size is different. NOTE: file size is determined using chosen transfer type (ascii/binary). If you are using ASCII mode, file size can be determined not correctly and you should not use conditional overwrite then.
+ [All] (FTPS) Added RemoveFiles method for recursive deletion of files and directories
+ [All] (PKI) Added OnBeforeSign, OnBeforeAddTimestamp, OnBeforeAddValidationTimestamp events to TElCAdESSignatureProcessor to allow more flexible tune-up.
+ [All] (PKI) Added RevocationCheckPreference property to TElX509CertificateValidator, allowing to choose between revocation source types to use.
+ [Java] (Base) TElJCECryptoProvider implemented that uses native JCE crypto for certificates and keys which can not be imported.
+ [.NET] (Office) Added distributed signing sample.
* [All] (HTTP) TElHTTPSServer improved to write GZip footer for compressed responses.
* [All] (PKI) TElPKCS11Manager improved to work with PKCS#11 drivers that require initialized template parameter for C_FindObjectsInit.
* [All] (Office) Improved distributed signing (automatically embed signing certificate and XAdES changes).
* [All] (XML) Improved distributed signing for XAdES.
* [All] (Cloud) Added MultipartUploadThreshold property to TElAWSS3DataStorage
* [All] (SSL) Implemented proper countermeasures for Lucky Thirteen and, more generally, Oracle padding attacks.
* [VCL] (Base) DirectoryMake function of DiskVirtualFileSystemAdapter didn't create parent directories in the path (i.e. for the path of c:\d1\d2\d3\d4, if you wanted to create it. d1..d3 were required to exist). Now it does.
- [All] (Base) SplitPath function of VirtualFileSystem adapter didn't work (though was never used). Fixed.
- [All] (Base) Fixed loading of ISO-8859-9 charset.
- [All] (SSL) Handshake was not completed right when SSL2 was enabled (issue introduced in build 236). Fixed.
- [All] (FTPS, SFTP) Fixed some minor mistakes related to use of FileSystemAdapter in UploadFile*() and DownloadFile*() methods.
- [All] (HTTP) 307 redirection code was not returning data streams (for POST, PUT, custom commands) to the outgoing queue to be sent, so redirected resource was called with no data. Fixed.
- [All] (PDF) Fixed loading of document timestamp signature for encrypted documents.
- [All] (XML) Fixed CounterSignature loading for further processing
- [All] (XML) Fixed issue with timestamping in XAdES.
- [.NET] (SSL) Fixed a bug when "aObject is nil in call to SetLength" exception occurred in TElSSLServer and components based on it.
---
June 10, 2013
Version 11.0.236. Beta version
! [All] (SSL) The default set of enabled versions was extended with TLS1.1 and TLS1.2 (except TElSimpleFTPSClient that still defaults to SSL3.0 + TLS1.0)
+ [All] (Base) Added support for IPv6 addresses in Subject Alternative Name extension for X.509 certificates
+ [All] (Base) Added support for IPv6 addresses in certificate validator when checking on SSL handshake
+ [All] (Base) TElX509Certificate.SaveKeyTo*PKCS8 methods implemented.
+ [All] (EDI) Added Features property in AS2/AS3 message classes which represents EDIINT-Features header field according to RFC 6017
+ [All] (FTPS) Added foPreallocateStorage option to TElSimpleFTPSClient.Options property that makes the client announce the size of the data being uploaded to the server before upload takes place.
+ [All] (FTPS) Added TElSimpleFTPSClient.ExtOPTSUTF8Supported property which can be used to check whether server supports OPTS UTF8 ON command
+ [All] (SSH) Added TElSSHKey.FingerprintMD5String and TElSSHKey.FingerprintSHA1String properties that return a fingerprint formatted into a string.
+ [All] (HTTP) TElRESTClient component added that implements a standard REST client.
+ [All] (Office) Added OnBeforeSign, OnAfterSign and OnPrepareSignature events for XML signature handlers of binary, OOXML, XPS and ODF documents.
+ [All] (XML) Added TElXMLWSUTimestamp class.
+ [Java] (Base) TElX509Certificate.FromX509Certificate/ToX509Certificate/GetPrivateKey methods added to simplify certificates import and export.
* [All] (EDI) Improved handling of version 1.2 for AS2/AS3 protocols
* [All] (FTPS) Some servers report that they don't support ASCII mode even for listings. Workaround has been added for such servers.
* [All] (FTPS) Improved parsers for Unix and Windows listings to better handle listings with mistakes (eg. TAB instead of spaces as separator).
* [All] (SSL) Improved SSL/TLS compatibility with GnuTLS
* [All] (DAV) TElWebDAVServer fixed to process XML special characters in file names correctly.
* [All] (DAV) TElWebDAVClient improved to accept 'creationdate' attribute in RFC1123 format. E.g. this format is erroneously used by SabreDAV.
* [All] (PKI) Improved compatibility with Italian DigitPA DSS CAdES service
* [All] (PDF) Added a collection of properties for better control over signature widget appearance
* [All] (PDF) Improved decryption of documents that contains encrypted object streams.
* [All] (Office) Workaround that ignores an empty encrypted summary stream. Such documents are created by MS Office 2003 when RC4 encryption handler is used.
* [VCL, .NET] (SSH) TElShellSSHSubsystemHandler improved to allow to use CurrentDirectory and Command together.
- [All] (HTTPS) Cookies without specified domain are accepted correctly now
- [All] (MIME) Fixed Base64 decoding; when the last decoding block contained only padding symbols, the data was truncated to the last fully decoded part.
- [All] (PKI) Fixed a bug when exception was thrown if a PKCS#11 compliant token doesn't support C_GetObjectSize() function.
- [All] (PDF) Fixed SignerInfo value auto-generation in signature widget appearance for non-common RDNs.
- [All] (Office) Fixed reading info (like: suggested signer) from a signature line for OOXML documents.
- [.NET] (Base) Fixed a socket issue that was causing [fairly rare] 'Internal Error' errors during SSL communications
- [.NET] (Office) Fixed Reset method for Agile encryption handler.
---
May 21, 2013
Version 11.0.235. Beta version
! [All] All code has been reworked for more efficient memory management.
! [VCL] VCL edition is now compiled with FPC 2.6.2 (previously FPC 2.6.0 was used). FPC 2.6.2 includes certain minor changes in syntax parser.
! [.NET] .NET CF support has been dropped. Use SecureBlackbox 10 if you need .NET CF.
+ [All] (Base) Added TElPortKnock component which can be used together with socket-based client components to "knock" to the server before connection and after disconnection. For more information about port knocking see http://www.zeroflux.org/projects/knock/
+ [All] (HTTP) WebSockets (RFC 6455) support added. Both client and server components for WebSockets are available.
+ [All] (SSH) Added support for SSH key exchange obfuscation, as defined in https://github.com/brl/obfuscated-openssh
+ [All] (EDI) Added UseFolding properties to AS2/AS3 message and receipt classes. By default, folding is not used anymore.
+ [All] (EDI) Added content digests calculation on AS2/AS3 message saving. See GetContentDigest(Algorithm) method.
+ [All] (ZIP) Added property ElZipReader.CaseSensitiveFilenames and overloads for ElZipArchiveDirectoryEntry.EntryWithName/EntryWithPath/RemoveEntry to allow case-insensitive operations
+ [All] (PDF) Added support of 256-bit AES encryption revision 6 (Acrobat X) for password encryption handler.
+ [All] (PDF) Added possibility to add images into the signature widget.
+ [All] (PDF) Added possibility to lock signature fields on signing.
+ [All] (PDF) Added FontResourceName property to TElPDFSignatureWidgetText class.
+ [All] (Office) Added support of hardened encryption key generation for binary RC4 CryptoAPI encryption handler.
+ [VCL] VCL edition of SecureBlackbox can now be used with FreePascal for Android. Precompiled units are included.
+ [Java] Trusted-Library attribute is now added to JAR manifests to be compatible with the latest Java 7 version.
* [All] (Base) TElPKCS7Message improved to parse malformed messages generated by Comodo timestamp server.
* [All] Added smExplicitManual SSL/TLS mode in TElSimpleFTPSClient, TElPOP3Client and TElSMTPClient. In new mode TLS is not activated by Login automatically and your code needs to do this by calling EstablishSSLSession method which is to be called before Login method. You can catch SSL/TLS exceptions that happen during execution of EstablishSSLSession method and handle them as needed.
* [All] (EDI) Messages and receipts classes now do not convert time from local to universal.
* [All] (Mail) Changed TElSMTPClient.OnProgress event to show message transfer progress in bytes, not in lines.
* [All] (Cloud) File data storage functionality significantly extended and optimized
* [All] (Cloud) WinAzure data storage now supports locking and awaitable copying
* [All] (SSH) Simple forwarding components are now capable of opening shell tunnel before setting up the forwarding (needed by certain server implementations)
* [Java] (Base) JNI.initialize() methods improved to load JNI library from applets correctly.
* [Java] (SSL) Code optimized to speed-up SSL handshake on Android.
- [All] (Base) Fixed charsets initialization issue in mutithreaded environments.
- [All] (EDI) Fixed hanging up if encrypted data does not contain a MIME-header.
- [All] (HTTP) Fixed a bug when response content was supressed in some conditions when TElHTTPSClient.UseDigestAuth was on.
- [All] (SMIME) Fixed TElMessagePartHandlerSMime.EncoderSignRootHeader property.
- [All] (Cloud) Fixed handling of non-ascii names of folders and files in Dropbox data storage.
- [All] (Cloud) Fixed handling of spaces in folder and file names in Dropbox data storage.
- [All] (SSH, SFTP) When Close(Silent = true) was called and internal socket was used, socket shutdown was still performed (which could close delay in closing a socket with some buggy servers). Fixed - now Silent flag is respected when the underlying socket is closed.
- [All] (XML) Minor fix in canonicalization (when XPath element dsig prefix differs from the Signature element prefix).
- [Java] (Base) TElSocket.Close() method fixed to close listening socket correctly.
- [Java] (Base) Fixed a bug in TElSocket that caused SSH dynamic port forwarding to work incorrectly.
- [Java] (PDF) Fixed a bug when PDF document version was parsed incorrectly.
- [VCL] (Base) Punycode ToASCII routine worked incorrectly when the user specified the domain with unicode characters not of current system charset (eg. Cyrillic characters on Chinese Windows) in non-Unicode Delphi only. Fixed.
- [VCL] (HTTP) TElCookieManager could not be placed on the form in designer. Fixed.
- [NET] (DAV) Fixed a bug when paths with spaces were processed incorrectly by TElWebDAVServer intergrated into IIS.
^^^^^^^^^^^^^^^^^^^^
^^^ Version 10.0 ^^^
^^^ ^^^
^^^^^^^^^^^^^^^^^^^^
---
February 28, 2013
Version 10.0.233. Maintenance update
! [Java] FreePascal for JVM compiler upgraded. This resulted in some getter and setter name changes.
+ [All] (Cloud) Added parsing for Dropbox account information.
+ [All] (PDF) Added TElPDFSignature.IsDocumentSigned() method that checks if a signature covers the entire document.
+ [All] (PDF) Added TElPDFDocument.OwnActivatedSecurityHandlers property that controls if a component should free auto activated security handlers.
+ [All] (PDF) Added TElPDFAdvancedPublicKeySecurityHandler.DocumentTimestamp property that gives access to timestamp object of DocumentTimestamp signature.
+ [Java] (DAV) Added possibility to intergrate TElWebDAVServer into servlets (Java EE).
* [All] (Base) Relative paths were not handled (were blocked instead) by TElDiskFileSystemAdapter. The component was improved to allow relative paths usage.
* [All] (PDF) AuthorName signature dictionary key can now be suppressed
* [Java] (Office) TElOfficeDocument improved to work with Java native streams.
* [.NET] (FTPS) Removed occasional one-minute hangup at the end of file transfer in Silverlight
- [All] (MIME) Including of certain header fields into signed/encrypted data of S/MIME messages caused thouse fields to be duplicated by some mail client applications on messages decrypting.
- [All] (MIME) Removed data conversion for text attachments on message parsing.
- [All] (HTTP) Digest and NTLM authentication didn't work for HTTP proxies. Fixed.
- [All] (HTTP) Calling TElHTTPSServer.Send100Continue() didn't work properly and caused AV/Exception. Fixed.
- [All] (HTTP) Fixed a bug when TElHTTPSServer didn't process subsequent requests correctly after a previous one was rejected.
- [All] (FTPS) UseSIZECmd was ignored when GetFileSize method was called explicitly. Fixed.
- [.NET] (FTPS) AdjustPasvAddress property didn't work in Silverlight, Windows Phone and Windows RT. Fixed.
- [.NET] (Cloud) Parameters encoding in Dropbox component worked incorrectly.
- [VCL] (PDF) Fixed memory leak in TElPDFSignature.
- [VCL] (PKI) TElPKCS11Manager could not be placed to the form. Fixed.
---
February 5, 2013
Version 10.0.232. Maintenance update
+ [All] (PKI) Added TElPKCS11CertStorage.Sessions and TElPKCS11CertStorage.SessionCount properties.
* [All] (PDF) Improved encryption of malformed documents with missing objects.
- [All] (Base) If the document with specified charset contained a character not valid for this charset, in some cases loading of such document was stopped. Fixed.
- [All] (MIME) Fixed handling of Subject fields when their values were formatted like headers
- [Java] (Base) Fixed a bug in charsets loading procedure.
- [.NET] (OpenPGP) Improved memory management, making the components consume less memory when protecting and unprotecting documents
---
January 27, 2013
Version 10.0.231. Maintenance update
! [All] (PDF) Replaced TElPDFSignatureWidgetText.FontSize property with FontSizeX and FontSizeY properties.
+ [All] (PKI) Added support for loading/saving multiple PEM-encoded certificates to certificate storages.
* [All] (PKI) TElCAdESSignatureProcessor now supports 'base' CAdES-XL signatures (containing whole sets of validation values but no validation timestamps)
* [All] (PKI) Added pcsoNoImplicitSlotInfoUpdates PKCS#11 storage option to omit refreshing slot details for the sake of increased performance
* [All] (PKI) Added OperationPIN PKCS#11 cryptoprovider option to allow passing per-operation PINs to the HSM for CKA_ALWAYS_AUTHENTICATE keys
* [All] (FTPS) Implemented a workaround for a buggy IBM FTPS server (exact version unknown) that stops responding after a period of inactivity on control channel
* [All] (SSL) Added SessionID property to TElSSLServer
* [All] (PDF) Added TElPDFDocument.SignatureCustomDataName property that specifies a custom dictionary key name for TElPDFSignature.CustomData
* [All] (XML) Added TElXAdESSigner.SigningCertificatesDigestMethod property that specifies the digest algorithm in CertID element.
* [All] (XML) Added TElXAdESProcessor.TimestampCanonicalizationMethod property that specifies canonicalization method for newly created timestamps.
- [All] (FTPS) Fixed parsing of unix file list entries without the year specified.
- [All] (SSL) Fixed ECDHE-RSA key exchange algorithm
- [Java] (Base) Fixed a bug in charsets loading procedure that caused malfunction of the dependent components.
- [Java] (Office) Fixed a bug that caused invalid signatures generation.
- [VCL] (All) TElSharedResource refactored for Linux target, eliminating occasional deadlocks in client-side SSH components
---
December 16, 2012
Version 10.0.230. Maintenance update
+ [All] (XML) Added support for encryption using SEED algorithm, and for key wrapping using Camellia and SEED algorithms.
+ [.NET, VCL, ActiveX, Library] (SSH) Added Pageant and ssh-agent authentication mechanism.
* [All] (PDF) Optimized processing of pdf documents that consist from many small objects.
* [All] (PKI) Minor compatibility improvements in PKCS#11 cryptoprovider (optional alignment of encrypted value to match the key length; primarily addresses SafeNet LunaSA HSM decryption specifics)
* [.NET] (Base) Fixed a bug when security exception appered when NTLM authentication was used in .NET 4.0.
* [.NET] (Base) Win32 cryptoprovider can now be created with specific set of options
- [All] (PDF) Fixed memory leak for MDP signature. Fixed sign and encrypt issue with MDP signature.
- [VCL] (SFTP) Fixed memory leak in TElSimpleSFTPClient.DownloadFiles method.
- [.NET] (Base) Static methods of TElWinCertStorage class (GetSystemStores() in particular) incorrectly threw SecurityException on .NET 4 and above. Fixed.
- [ActiveX] (All) A lot of fixes for compiler change originating memory management issues that might have resulted in unstable work of the components
---
December 2, 2012
Version 10.0.229. Maintenance update
! [.NET] Separate assembly set is now available for use in Windows Store applications. Such applications are not allowed to use external DLLs so this assembly set doesn't include Windows Certificate Storage, PKCS#11, NTLM and SSPI/GSS-API functionality.
+ [All] (Cloud) Dropbox components added.
+ [All] (WebDAV) TElWebDAVClient.ReadProperty method added that allows to read a single object property easily.
+ [.NET] Classes in Windows RT assemblies have got Async variants for most methods.
* [.NET] Built-in sockets didn't work in Windows RT assemblies due to compiler glitches. Now the compiler has been fixed, so sockets work.
* [All] (HTTP) TElHTTPTSPClient improved to be compatible with servers that send standard incompatible responses.
- [All] (FTPS) RestartFrom parameter in methods, which upload data (Send() and Upload*()), was in fact 32-bit. Now it's 64-bit.
- [Java] (SSL) Fixed a bug when SSL connection to our server component failed when SSL2 was enabled on client side.
- [Java] (SSL) Fixed a bug when TLS1 connections failed with some ciphersuites.
- [Library] (VC++) Fixed AV in debug mode for properties that returns pointer to a class instance.
---
November 15, 2012
Version 10.0.228. Maintenance update
* [All] (PDF) Improved signature blob size estimation for huge timestamp cases
* [.NET] (All) Added automatic switch off of Win32 cryptoprovider in non-elevated Silverlight environments
* [.NET] (All) Added automatic switch off of Win32 cryptoprovider in non-elevated Silverlight environments
* [.NET] (Charsets) InitCharsets method made thread safe.
- [All] (PAdES) Fixed signature size estimation in async mode for TElPDFAdvancedPublicKeySecurityHandler.
- [All] (HTTP) One of the previous changes to TElHTTPSClient caused its slowdown in some conditions. Fixed.
- [All] (HTTP) Fixed upload issue on 2Gb+ files. The issue affected HTTPBlackbox and CloudBlackbox components.
---
October 29, 2012
Version 10.0.227. Maintenance update
* [All] (DC) Java applet is compiled with JDK 1.5 and can be used with Java 1.5 and later (previously it required Java 1.7)
* [ActiveX] (SSH) Added support for encrypted SSH keys
- [All] (PKI) 'Shortened' TElX509CertificateValidator.Validate() method was defaulting to local times when checking certificate validities instead of UTC. Fixed.
- [All] (PKI) TElCAdESProcessor's UpgradeToC() methods ocassionally corrupted existing signature timestamps. Fixed.
- [All] (HTTPS) "Accept" parameter in TElHTTPSServer.OnRequestHeadersReceived event didn't work properly. Fixed.
- [All] (MIME) TElMultipartList.AddPart method didn't make a copy of the part despite the value of Copy parameter set to true. Fixed.
- [ActiveX] (Base) Fixed error with PEM encryption/decryption
- [VCL/MacOS] (Base) Fixed error with @rpath/c import in Delphi XE2/XE3 for MacOS X
- [VCL] (SSH) Fixed rare error with SSH.COM private keys loading
- [.NET] Fixed a bug where web tunneling didn't work in Silverlight environment
- [.NET] Fixed a ZIP issue which led to 'verification exceptions' in different components on Windows Phone platforms
- [All] (XML) Fixed saving a text with a special characters created by CreateTextNode method.
---
October 10, 2012
Version 10.0.226. Official release
+ [All] (HTTPS) HTTPS client now supports non-HTTP URLs when HTTP Proxy is enabled (UseHTTPProxy = true).
This allows to use TElHTTPSClient to retrieve FTP URLs via HTTP proxies.
* [All] (Base) TElX509Certificate.View method improved to show certificates that are not stored in Windows stores.
* [Library] Added "SB_" prefix to all constant defines.
- [All] (Base) TElWinCertStorage fixed to work with memory stores properly.
- [All] (XML) Fixed XPath transform processing when the transform chain has several XPath transforms and/or signature enveloped transforms.
- [Java] (Base) Fixed a bug when some TElX509Certificate extensions were not processed properly.
---
September-October, 2012
Versions 10.0.223-225. Internal builds
---
September 27, 2012
Version 10.0.222. Release Candidate 3
+ [VCL] Added Delphi XE3 and C++Builder XE3 packages.
+ [All] (PKI) Added support for Certificate Management over CMS (CMC) protocol (RFC 5272)
+ [All] (XML) Added SOAP signing components. SOAP Security Extension and Web Service Security (WSS) are supported.
+ [All] (PDF) Added TElPDFSignature.DisableDocMDPTransformDigestValue and DisableFieldMDPTransformDigestValue properties
* [All] (PDF) Speed of PDF document loading significantly increased (doubled for managed components and increased by 20 per cent for native code components)
* [All] (PDF) Added workaround for correct processing of signatures not referenced from AcroForm
- [All] (HTTPS) Fixed a bug introduced in build 9.1.215 where TElHTTPSClient generated malformed POST requests when posting both a web form and file(s) (trailing multipart boundary was inserted before the end of data)
- [All] (LDAP) Fixed a bug that caused infinite loop during SASL authentication
- [AX] (PGP) Fixed AV occurring in ElPGPReaderX if OnTemporaryStream/OnTemporaryFile event handlers are not assigned
- [Java] (ZIP) Fixed a bug causing java.lang.VerifyError to be thrown in the internals of TElZipProcessor
- [.NET] (PKI) Fixed a bug in PKCS11 driver that resulted in 'PKCS#11 error CKR_ARGUMENTS_BAD in function C_GetSlotList' error when loading PKCS#11 storage
- [.NET] Added a fix for intermittent VerificationException in assemblies targeting WinRT framework
---
September 3, 2012
Version 10.0.221. Release Candidate 2
! [.NET] Dropped .NET 1.1, .NET CF 1.0, Silverlight 3.0, Windows Phone 7.0, Mono 1.0 support. Users who need to target these platforms can use SecureBlackbox 9.1 which will remain available for download.
! [VCL] Dropped Delphi 4 support.
+ [.NET] Added assemblies for .NET 4.5/WinRT.
+ [All] (FTPS) Added DataPortRangeFrom/To properties to SimpleFTPSSever, to limit port range for incoming data connections.
+ [All] (PGP) Added ElPGPReader.ProcessedLength property, so user can know how much data was processed in multi-message PGP file.
- [Java] Pascal-to-Java compiler fixed to generate byte-code that is compatible with Eclipse's built-in Java compiler.
This change fixes the problem when "Illegal class modifiers in class Main: 0x209" exception occured with our samples.
- [Java] Fixed a bug when license keys with lifetime upgrade option were reported as incorrect.
---
August 3, 2012
Version 10.0.220. Release Candidate 1
+ [All] (Base) Added ShutdownSocket method to TElSocket and also improved socket closing procedure. ShutdownSocket method is optional (it's called internally by Close if it has not been called before).
+ [All] (Base) Added TElSASLDigestMD5Client to SBSASL unit/namespace.
+ [All] (Base) Added BCrypt password hashing algorithm
+ [All] (ZIP) Added ability to process somehow corrupted zip files
+ [All] (ZIP) Added option to restore file attributes on unpack/save attributes on packing
+ [All] (ZIP) Added support for Unix file attributes
+ [All] (PGP) Added support for Elliptic Curve algorithms (ECDSA/ECDH)
+ [All] (SSH) Added support for HMAC-SHA2 schemes (RFC 6668) for better security of SSH communications.
+ [All] (SSL) Added support for Heartbeat extension (RFC 6520). SendKeepAlive method and OnKeepAliveResponse event added to both TElSSLClient/TElSimpleSSLClient and TElSSLServer.
+ [All] (Office) Added XAdES support for binary and OOXML documents (XAdESProcessor property and GenerateXAdES method in TElOfficeBinaryXMLSignatureHandler and TElOfficeOpenXMLBaseSignatureHandler classes).
+ [.NET, VCL, Java] (Base) TElWinCertStorage.Select/ImportWizard and TElX509Certificate.View methods added to simplify CryptUI usage.
+ [.NET, VCL, Java] (Base) TElHashFunction.Hash() methods added for quick hashing of data.
+ [.NET, VCL, Java] (Base) TElSymmetricCrypto.Encrypt() and TElSymmetricCrypto.Decrypt() methods added for quick encryption and decryption of data.
+ [.NET, VCL, Java] (PDF) TElPDFSignature.CustomData property added that allows to attach custom data to a signature.
+ [.NET, VCL, Java] (PDF) TElPDFSignatureInfo enhanced with the next properties: Height, Width, OffsetX, OffsetY, Page, Invisible that allow to get width, height and location of an empty signature area.
+ [.NET, VCL, Java] (HTTPS) TElHTTPSServer enhanced with ParseMultipartFormData methods that allow to parse multipart/form-data contents.
* [.NET, VCL, Java] (Base) TElSocket.Bind now accepts optional second parameter named ReuseAddress which tells the socket to set SO_REUSEADDR option on the socket.
- [All] (LDAP) Fixed a bug when TElLDAPSClient failed to connect to Active Directory servers and assembled wrong search requests.
- [All] (ZIP) Fixed hang with corrupted zip file
- [Java] (Base) Fixed a bug when some charsets didn't work properly.
- [.Net] (Office) Fixed bug in TElOfficeBinaryXMLSignatureHandler class for specific binary documents.
---
June 24, 2012
Version 10.0.219a. Beta version
+ Library edition Preview added.
---
June 18, 2012
Version 10.0.219. Beta version
! [.NET, VCL, Java] Refactoring of SBUtils unit / namespace has been conducted. Constants have been moved to SBConstants unit/namespace, and basic type declarations have been moved to SBTypes.
Most string-related functions have been moved to SBStrUtils unit / namespace.
! [.NET, VCL, Java] SSL-related constants have been moved from SBConstants unit/namespace to SBSSLConstants.
+ [All] (Base) Added CertificateRetriever helper classes for Certificate Validator. Those classes download CA certificate if the one can not be found by TElX509CertificateValidator during validation of certificates.
+ [All] (PDF) Added support for Adober Reader X 'locking' signatures
+ [All] (PDF) Added accurate signature blob size estimation to PAdES signatures
+ [.NET, VCL, Java] (Base) Added TElMessageTimestamper and TElMessageTimestampVerifier classes which let you timestamp the data without signing as defined in RFC 5544.
+ [Java] (Base, PKI) Added PKCS#11 and Win32 crypto provider support.
+ [Java] (PKI) Authenticode support added.
+ [.NET] (DAV) Added possibility to intergrate TElWebDAVServer with Microsoft IIS.
* [All] (DAV) TElWebDAVServer improved to work with NetDrive client.
* [All] (SSH) Improved compatibility with mod_sftp/0.9.7 server
* [All] (PKI) Added better control over insertion of certificate references and values to TElCAdESProcessor class
- [.NET] (Base) SecurityCritical attribute was not set for TElX509Certificate.FromX509Certificate2/ToX509Certificate2 methods. Fixed. The attribute is needed in .NET 4.0 to convert the certificate from/to .NET class.
---
May 21, 2012
Version 10.0.218. Beta version
+ [All] (HTTPS) Added OAuth2 authentication
+ [All] (Base) Added support for CNG (Cryptographic API / New Generation) keys on Windows Vista and later
+ [All] (PKI) TElSymmetricKeyMaterial extended with password-to-key conversion methods
* [All] (DAV) Minor improvements made to TElWebDAVClient to process buggy servers responses.
* [All] (PKI) Added an option to perform revocation check for root CA certificates
* [All] (PKI) Validation of certificates of CRL and OCSP services now respects revocation element creation times
* [All] (FTPS) Changed TElSimpleFTPSClient.Login method to a function that returns welcome message as a result
* [.NET] Added Silverlight 5 assembly set that works on non-Windows platforms (previously SL5 assemblies could work only on Windows due to platform-specific functionality used).
- [All] (Base) TElX509CertificateValidator chose inappropriate CRL retriever under some conditions. Fixed.
- [All] (PGP) Changed mistyped property names and a constant from "preffered" to "preferred"
- [All] (DAV) Client digest authentication didn't work properly. Fixed.