Releases: esig/dss
Releases · esig/dss
Release Notes - eSignature DSS - Version 5.11
Bugs / Issues
- [DSS-2839] - DSS WebApp : excluded hosts from properties file are not converted to a List
- [DSS-2859] - Simple Report - Signatures with indication INDETERMINATE/TRY_LATER are counted as valid
Improvements / Tasks
- [DSS-2834] - MRA : add unit tests for KeyUsage and PolicySet within CriteriaList
- [DSS-2837] - Use Maven Central repository for everit-json-schema dependency
- [DSS-2869] - Dependencies update
+ All the changes included in DSS 5.11.RC1.
Release Notes - eSignature DSS - Version 5.11.RC1
New features
- [DSS-2659] - ASiC : introduce ZipEntryDocument
- [DSS-2687], [DSS-2713] - ASiC : add merge capability
- [DSS-2692] - PAdES: signing app name for pades signatures
- [DSS-2716] - Demo WebApp : Add a webpage with ASiC merger possibility
- [DSS-2717] - Add a possibility to customize naming of documents within ASiC container
- [DSS-2725] - PAdESService : add new method allowing to define a custom factory to create OutputStream and DSSDocument
- [DSS-2726] - PAdES : introduce temporary document/digest caching
- [DSS-2745] - Demo : Add TL-Signing feature in the standalone
- [DSS-2767] - Demo : Add XAdES manifest feature in the standalone
- [DSS-2779] - Add manifestSignature and embedXML parameters to web-services
- [DSS-2803], [DSS-2819] - Mutual Recognition Agreement
- [DSS-2808] - Add custom qualifier for a CommitmentType
Improvements
- [DSS-2419] - memory heap error on pades signature
- [DSS-2619] - SignaturePolicyStore : add support of sigPol local URI attribute
- [DSS-2674] - CAdES : improve extension naming on signature creation
- [DSS-2732] - Cookbook 5.11 improvements
- [DSS-2748] - PAdES : improve Pdf Modification Detection
- [DSS-2754] - Simple Report - Add SignatureScope ID to SignatureScopes
- [DSS-2769] - SVC : store unsuccessful result of issuer finding
- [DSS-2787] - ETSI VR : add AdditionalValidationReportData to BBB
- [DSS-2824] - Detailed validation report - seemingly inconsistent result when thisUpdate is not in validity range
Bug fixes / Issues
- [DSS-2472] - Excess memory usage by XMLSignatureInput created in DetachedSignatureResolver::createFromCommonDocument
- [DSS-2570] - Signature not found error on PDF with XRef streams
- [DSS-2691] - addNewSignatureField adds a Default Appearance using Helvetica but doesn't embed it into the PDF
- [DSS-2697] - SVC : register POE only from valid timestamps
- [DSS-2761] - LTA signature is indeterminate because no revocations lists found
- [DSS-2712] - DSS PADES library: Secured PDF Signature
- [DSS-2729] - Exception when a not supported encryption algorithm is provided
- [DSS-2731] - JAdES : signature can be created with ECDSA algorithm using a wrong elliptic curve
- [DSS-2752] - Signature Ids in the signature scopes don't use the IdentifierBuilder
- [DSS-2772] - Only the first Qualifier is captured from a TSPService element
- [DSS-2777] - Certificate/Signature qualification determination adjustments
- [DSS-2778] - Validation for ASiC without mimetype returns FORMAT_FAILURE
- [DSS-2780] - Forbid manifest signature for an XML document with Id in the root level
- [DSS-2785] - Skipped AcceptableRevocationDataFound constraint may lead to false positive validation result
Tasks / Other
- [DSS-2393] - Demos : JUnit tests for eSignature validation test cases
- [DSS-2736] - Update cryptographic constraints according to TS 119 132 v1.4.2
- [DSS-2744] , [DSS-2822] - Upgrade OpenPdf 1.3.29
- [DSS-2756] - Upgrade PdfBox 2.0.26
Pull requests
Release Notes - eSignature DSS - Version 5.10.1
Bugs / Issues
- [DSS-2722] - DSS-demos : NPE on PAdES sign
- [DSS-2723] - JAdESCertificateSource.getKeyIdentifierCertificates() returns complete certificate references
- [DSS-2733] - asic:XAdESSignatures element is missing in 2nd (and probably any subsequent) signature in ASiC container
- [DSS-2740] - OpenDocument does not sign mimetype and manifest.xml
- [DSS-2747] - PdfBox : avoid float conversion from COSNumber class
Tasks
Release Notes - eSignature DSS - Version 5.10
Bugs / Issues
- [DSS-2704] - Add a content timestamp checkbox ignored when signing a digest
- [DSS-2705] - DSS demo : improve exception escalating on content timestamp creation
Task
- [DSS-2709] - Review CEF links in demonstrations / cookbook
+ All the changes included in DSS 5.10.RC1.
Release Notes - eSignature DSS - Version 5.10.RC1
New features
- [DSS-2430] - Add an Apple signature token
- [DSS-2461] - Add 'user notice' to signature policy
- [DSS-2474] - PAdES : detect prohibited changes
- [DSS-2483] - SimpleReport : add timestamp signature scopes
- [DSS-2494] - Invalid signatures can be made with Revoked and Suspended certificates on level B and T
- [DSS-2532] - SAV : verify if used digest algorithm for signing-certificate reference is reliable at validation time
- [DSS-2541] - PAdES : check if a visual signature field is within page size
- [DSS-2554] - PAdES : alert on restricted signature creation
- [DSS-2645] - SVC : return possible extension time on failed signature augmentation
- [DSS-2652] - Add support for SHA-3 with PLAIN-ECDSA and ED448 signature algorithms
- [DSS-2677] - PAdES : visual signature pre-visualization
Improvements
- [DSS-2493] - PAdES : incorporate validation data with PAdESService.timestamp(...) method
- [DSS-2495] - Alignment with EN 319 412-1 v1.4.4
- [DSS-2516] - DSS XmlDefinerUtils Support factory definition
- [DSS-2521] - Validation process : move revocation processing to a separate block
- [DSS-2548] - Signature extension : ensure extension is not possible with a lower level
- [DSS-2632] - PAdES : reduce number of token builds extracted from /DSS and /VRI dictionaries
- [DSS-2501] - CAdES : include archive-tst hash algorithm to SignedData.digestAlgorithms set
- [DSS-2505] - CAdES : mime-type attribute should be present
- [DSS-2525] - Expose WebServices for TL signing
- [DSS-2529] - Enforce subFilter specific requirements for PKCS7 on SignatureLevel detection
- [DSS-2531] - ASiC : newly created manifests do not contain MimeType for signed data
- [DSS-2542] - ETSI VR : enforce validation of AttributeBaseType elements
- [DSS-2546] - Refactor ASiC Services
- [DSS-2566] - PAdES : ensure message-digest validation against byte range binaries
- [DSS-2620] - JAdESBaselineRequirementsChecker : enforce 'crit' dictionary check
- [DSS-2626] - JAdES : improve 'kid' dictionary handling
- [DSS-2628] - PDF Detailed Report : add final validation conclusion status
- [DSS-2630] - JAdES : add support for signatures containing adjacent line breaks
- [DSS-2634] - ETSI VR : define namespace prefixes according to xsd schema
- [DSS-2655] - PAdES OpenPDF Visible Signature : add support of documents with rotation
- [DSS-2661] - Improve getIssuer method
- [DSS-2670] - SVC : separate revocation freshness check between signatures and timestamps
- [DSS-2671] - Refactor RevocationFreshness constraint
Bug fixes / Issues
- [DSS-2533] - PDF/A compliance issue when a non-stroking color is used
- [DSS-2547] - WebApp : unable to sign when the used encryption algorithm is different from the one used to sign the certificate
- [DSS-2556] - XAdES : avoid NPE when XPath doesn't exists
- [DSS-2560] - Custom TokenIdentifierProvider duplicates SignerData objects in DiagnosticData
- [DSS-2568] - ASiC with XAdES : identical signatures in two different files produce the same unique id
- [DSS-2569] - Error in log when signing PDF in an ASiC-E+XAdES ([Fatal Error] :1:1: Content is not allowed in prolog.)
- [DSS-2571] - Make NativePdfBoxVisibleSignatureDrawer PDFA compabible
- [DSS-2574] - Validator warns on visual difference after adding a 2nd visible signature on a single page document
- [DSS-2575] - CMSCertificateSource nullpointer exception in extractCandidatesForSigningCertificate()
- [DSS-2577] - DSS-demonstrations : run_prettify.js transformed into relative path instead of absolute
- [DSS-2586] - Mimetype of documents always set to application/octet-stream when re-signing ASiC container
- [DSS-2587] - Signature verification report is unreliable if having multiple TrustedListsCertificateSources
- [DSS-2589] - XAdES Enveloping Signature cannot include another Envelopding XAdES when embedXML option is enabled
- [DSS-2595] - Check if best-signature-time is not before for passed basic signature validation
- [DSS-2596] - Validation de signature invalide à travers le site 'https://dss.nowina.lu/validation'
- [DSS-2598] - Past Signature Validation's result shall not be overwritten by Past Certificate Validation
- [DSS-2601] - RevocationFreshnessChecker : enforce check against thisUpdate value
- [DSS-2604] - NPE in CertificateWrapper when timestamp incluce SigningCertificateV2 calculated over another certificate
- [DSS-2605] - Set security provider to Santuario JCEMapper
- [DSS-2608] - Unhandled exception in QcStatementsUtils
- [DSS-2610] - Signature Validation of LT augmented signature doesn't use embedded revocation token
- [DSS-2612] - Visual signature text is not PDF/A compliant. It shouldn't default to DeviceRGB colorspace
- [DSS-2614] - JAdES : NullPointerException on a certificate ref when using a UserFriendlyIdentifier
- [DSS-2615] - PDFDocumentValidator.getOriginalDocuments() does not work for '\r%%EOF' ending
- [DSS-2616] - DSS-Demonstrations : wrongly encodes characters extracted from a document filename
- [DSS-2618] - PAdESUtils::retrieveLastPDFRevision don't returns with content when only CR used after %%EOF
- [DSS-2624] - DSSUtils : fix Date formatting method
- [
Release Notes - eSignature DSS - Version 5.9
Bug
- [DSS-2513] - Certificates embedded into an OCSP response are not timestamped
- [DSS-2515] - JAdES : avoid exception on a detached LTA signature validation without original file
- [DSS-2522] - Unable to augment ASiC-E with CAdES LTA with expired signing certificate
- [DSS-2524] - JAdES : tstVD certificates are not reported within FoundCertificates
- [DSS-2526] - TL-Summary webPage : rows recalculated on a collapse
- [DSS-2530] - JAdES ValidationReport with multiple tstVD
- [DSS-2534] - SVC : check revocation data is known to contain information about certificate
- [DSS-2539] - JAdES : a new added signature with a higher level extends other signatures
- [DSS-2540] - PdfBox : cast exception when signing non-signature field
- [DSS-2545] - Wrong minimal key size for DSA in default validation policy
- [DSS-2547] - WebApp : unable to sign when the used encryption algorithm is different from the one used to sign the certificate
- [DSS-2551] - Revocation data is not acceptable warning is reported on LTV process when a valid revocation is available
- [DSS-2560] - Custom TokenIdentifierProvider duplicates SignerData objects in DiagnosticData
Improvement
Release Notes - eSignature DSS - Version 5.9.RC1
Bug / Issues
- [DSS-1985] - ASIC-E containers with multiple files - Schema issue in validation report
- [DSS-2246] - Revoked QSCD signed PDF report show as TOTAL_PASSED, but shold be FAILED
- [DSS-2275] - Built in OCSP Revocation considered invalid if Certificate expires
- [DSS-2338] - Validating signature with expired OCSP certificate at OCSP token producedAt time
- [DSS-2340] - NPE when algorithm expiration date is missing in XML policy
- [DSS-2344] - Issue in qualification conflict detection
- [DSS-2351] - JAdES tstVD unsigned header parameter misspelled
- [DSS-2352] - JAdES sigTst input of the message imprint computation
- [DSS-2354] - JAdES LTA augmentation removes previous tstVD
- [DSS-2357] - ASiC-S with CAdES packaging attached
- [DSS-2358] - LTA augmented countersigned signature - Schema issue in validation report
- [DSS-2367] - PDF generation produces "#" instead of special characters
- [DSS-2373] - ETSI VR reports a wrong MimeType in case of a JAdES signature
- [DSS-2377] - ASiC-S with CAdES signature and detached timestamp creation issues
- [DSS-2387] - ASiC-E with CAdES augmentation is not coherent
- [DSS-2389] - WebApp TL Summary : resolve variable name issue for pivot loading
- [DSS-2398] - TL-loading page - null NextUpdate issue
- [DSS-2400] - Validator fails format on PDF page count wrongly(?)
- [DSS-2411] - XAdES : issue on resolving URIs to detached files containing '+' character
- [DSS-2416] - Suspended Certificates end up in PASSED conclusion in Long-Term Validation
- [DSS-2422] - PDF hashes are not repeatable, varying with the default timezone
- [DSS-2433] - DocumentValidatorFactory implementations different semantics for isSupported
- [DSS-2436] - XAdES : IndividualDataObjectsTimeStamp message-imprint computation order
- [DSS-2438] - SignatureFieldDimensionAndPositionBuilder returns values in different scales
- [DSS-2440] - OpenAPI descriptor missing the API version element
- [DSS-2448] - Best way to avoid "not all files are signed!" warning on OpenDocument files
- [DSS-2451] - PAdES : avoid to rise an exception in case of byterange overlaps
- [DSS-2457] - PAdES : Validator reports -T level for -LTA signature with overwritten DSS dictionary
- [DSS-2464] - CAdES : allow validation with a digest algorithm defined within SignerInformation
- [DSS-2471] - PAdES : minimal LT requirement check fails because of another signature within PDF
- [DSS-2473] - WebApp : no signature levels is available after a post form submit failure
- [DSS-2477] - Fix non-AdES signature extension with expired certificates
- [DSS-2478] - Allow non-AdES signature validation with provided signing certificate
- [DSS-2480] - PDF : abde revocation info archival values are not timestamped
- [DSS-2482] - DSS Demo : expired session and report generations
- [DSS-2500] - Make ExternalResourcesCRLSource/ExternalResourcesOCSPSource usable in CertificateVerifier
- [DSS-2506] - Inappropriate "signed by" values for NO_SIGNING_CERTIFICATE_FOUND situations
Improvement / New Feature
- [DSS-2155] - Missing validation of TSTInfo tsa field
- [DSS-2300] - Create a bom with all dss version
- [DSS-2314] - Improve readability of the Simple Report
- [DSS-2318] - Incorrect warning for eSeals
- [DSS-2321] - Improve handling of SignatureAttribute
- [DSS-2324] - Review info/warning/error escalation between the detailed and simple reports
- [DSS-2325] - Detailed validation report: make details usable - get rid of tooltips
- [DSS-2326] - Support QcCClegislation QCStatement
- [DSS-2328] - Allow to create an XML Manifest with custom Transforms
- [DSS-2329] - Improve ManifestValidator
- [DSS-2330] - SVC : check certificate revocation based on POE
- [DSS-2331] - Determine final Signature Qualification based on both times
- [DSS-2334] - Refactor QCStatement
- [DSS-2336] - XAdES : allow parallel signature creation for INTERNALLY_DETACHED packaging
- [DSS-2339] - XAdES : add a possibility to add custom ds:Object elements to a signature
- [DSS-2341] - Validation : add optional checks for Certificate QCStatement
- [DSS-2345] - Validation Policy : treat algorithm as infinite if there is no expiration date
- [DSS-2347] - User-friendly IDs in validation reports
- [DSS-2363] - XAdES : SigAndRefsTimeStampV2 and RefsOnlyTimeStampV2 message-imprint computation
- [DSS-2368] - Improve behavior on signing with expired/not yet valid certificate
- [DSS-2369] - Restrict signature extension for an expired certificate/expired POE
- [DSS-2370] - Vulnerability Assessment Report 5.8.RC1 review
- [DSS-2372] - ETSI Validation Report builds elements with empty data
- [
Release Notes - eSignature DSS - Version 5.8
Bug
- [DSS-2338] - Validating signature with expired OCSP certificate at OCSP token producedAt time
- [DSS-2340] - NPE when algorithm expiration date is missing in XML policy
- [DSS-2344] - Issue in qualification conflict detection
- [DSS-2351] - JAdES tstVD unsigned header parameter misspelled
- [DSS-2352] - JAdES sigTst input of the message imprint computation
- [DSS-2354] - JAdES LTA augmentation removes previous tstVD
- [DSS-2357] - ASiC-S with CAdES packaging attached
- [DSS-2366] - Unexpected result signing w/ CAdES T Enveloping a file already signed w/ CAdES B Enveloping
- [DSS-2367] - PDF generation produces "#" instead of special characters
- [DSS-2373] - ETSI VR reports a wrong MimeType in case of a JAdES signature
Task
- [DSS-2332] - Upgrade PDFBox
- [DSS-2335] - Upgrade BouncyCastle
- [DSS-2362] - JAdES : align the code with draft 0.0.7a
Improvement
- [DSS-2318] - Incorrect warning for eSeals
- [DSS-2321] - Improve handling of SignatureAttribute
- [DSS-2331] - Determine final Signature Qualification based on both times
- [DSS-2363] - XAdES : SigAndRefsTimeStampV2 and RefsOnlyTimeStampV2 message-imprint computation
- [DSS-2372] - ETSI Validation Report builds elements with empty data
Release Notes - eSignature DSS - Version 5.8.RC1
Bug
- [DSS-1900] - Unable to init SunPKCS11 with Java 9+ since DSS 5.5
- [DSS-2055] - XAdES Enveloping - Content timestamp not working with Embed XML option
- [DSS-2090] - PAdES visual signature always has whitespace above text
- [DSS-2112] - JAdES : Support of Content Tst with Detached Signature
- [DSS-2116] - ETSI VR: DTBSR in Signature Identification Element
- [DSS-2145] - MessageTag shouldn't contain arguments
- [DSS-2148] - OfflineRevocationSource : use RevocationTokenRefMatcher for references and identifiers comparision
- [DSS-2149] - Extending LTA signatures adds unnecessary revacation info objects
- [DSS-2150] - Incorrect ats-hash-index-v3 creation extending a signature with two archive time-stamps
- [DSS-2156] - X.509 Validation Constraints shall return INDETERMINATE/CHAIN_CONSTRAINTS_FAILURE
- [DSS-2160] - DSS includes manifest entries in the scope when detached documents are not provided
- [DSS-2162] - Extract LevelContraints based on a Context
- [DSS-2186] - XAdES Enveloped Second Signature with LT or LTA and Content Timestamp fails
- [DSS-2190] - XAdES : ArchiveTimeStamp inclusive canonicalization does not include parent namespaces
- [DSS-2199] - Error validating Docusign document on LONG_TERM_DATA level after extending to PAdES_BASELINE_LT
- [DSS-2214] - NPE in the ValidationProcessUtils.getLatestAcceptableRevocationData
- [DSS-2216] - DigestMatcher does not find data for an EnvelopingCountersignature
- [DSS-2227] - Native PDFBox drawer : wrong text position with a custom SignerTextPosition
- [DSS-2228] - The font color is not being applied correctly in the OpenPDF implementation
- [DSS-2239] - PAdES : conflict between signature parameters
- [DSS-2251] - CaDES-LTA signature cannot be applied to document previously signed with CAdES baseline B
- [DSS-2256] - Fails XAdESLevelTIndividualDataObjectTimeStampTest
- [DSS-2257] - The revocation data is not updated for signatures with no timestamps
- [DSS-2279] - XAdES : counter signature serialization issue with JDK 8
- [DSS-2293] - Extraction of signed data fails for xades enveloping signature
- [DSS-2294] - PAdES : level detection issue
- [DSS-2301] - Incorrect warning when both ESSCertID and ESSCertIDv2 are present in QTSA
New Feature
- [DSS-1964] - Implementation of JAdES (part 1)
- [DSS-2075] - JAdES : creation with Complete JWS Serialization format
- [DSS-2076] - JAdES : parallel signature support with JWS JSON Serialization
- [DSS-2077] - JAdES : implementation of unsigned properties (Baseline-T)
- [DSS-2078] - JAdES : Detached signature implementation ('sigD' element)
- [DSS-2079] - DSS-2075 JAdES : creation with Flattened JWS Serialization format
- [DSS-2102] - Introduce JAdES in the webapp
- [DSS-2107] - JAdES : implementation of unsigned properties (Baseline-LT)
- [DSS-2108] - JAdES : implementation of unsigned properties (Baseline-LTA)
- [DSS-2109] - Introduce JAdES in the dss-standalone (JavaFX)
- [DSS-2110] - JAdES : provide converter from JWS Compact Serialization to JSON (Flattened) Serialization format
- [DSS-2111] - Introduce JAdES in the Webservices (REST/SOAP)
- [DSS-2114] - XAdES : support of SignaturePolicyStore
- [DSS-2125] - JAdES : introduce a KidCertificateSource
- [DSS-2137] - Demonstration : add the possibility to provide signing/adjunct certificate(s) to the validation
- [DSS-2164] - JAdES : support of SignaturePolicyStore
- [DSS-2165] - JAdES : add unit tests for requirements
- [DSS-2167] - JAdES : support counter-signature
- [DSS-2172] - CAdES : support of SignaturePolicyStore
- [DSS-2173] - SignaturePolicyStore validation
- [DSS-2174] - Validate a SignatureValue against a ToBeSigned object and a certificate
- [DSS-2177] - XAdES : counter signature creation
- [DSS-2178] - CAdES : counter signature creation
- [DSS-2187] - Demonstration : add webpage to produce counter-signatures
- [DSS-2188] - Webservices : add methods to produce counter-signatures
- [DSS-2204] - ASiC : add counter-signature creation
- [DSS-2205] - ASiC : support of SignaturePolicyStore (creation)
- [DSS-2266] - Add a check for OCSP Responder recursion into the validation process
Improvement
- [DSS-1966] - Include a JSON validator
- [DSS-2095] - Transformations on signature policy files
- [DSS-2101] - DSS-Demo - TL flags vs country codes
- [DSS-2113] - JAdES : expand DigestMatcher type check
- [DSS-2115] - SAV : add a check of signing certificate reference constraint
- [DSS-2120] - Use JVM's standard system properties for proxy configuration in CommonsDataLoader
- [
Release Notes - eSignature DSS - Version 5.7
Bug
- [DSS-1900] - Unable to init SunPKCS11 with Java 9+
- [DSS-2090] - PAdES visual signature always has whitespace above text
- [DSS-2106] - Demo WebApp 5.7.RC1 fixes
- [DSS-2118] - ASiC containers generation not working
- [DSS-2148] - OfflineRevocationSource : use RevocationTokenRefMatcher for references and identifiers comparision
- [DSS-2149] - Extending LTA signatures adds unnecessary revocation info objects
- [DSS-2150] - Incorrect ats-hash-index-v3 creation extending a signature with two archive time-stamps
- [DSS-2156] - X.509 Validation Constraints shall return INDETERMINATE/CHAIN_CONSTRAINTS_FAILURE
- [DSS-2160] - DSS includes manifest entries in the scope when detached documents are not provided