• MS Cabinet signing has been implemented (contributed by Joseph Lee)
• Signatures can be detached and re-attached to make the builds reproducible without access to the private key
• The new YUBIKEY storetype can be specified to sign with a YubiKey (the SunPKCS11 provider is automatically configured)
• The Azure Key Vault, DigiCert ONE and Google Cloud KMS cloud key management systems have been integrated
• The Maven plugin can now sign multiple files by defining a fileset (contributed by Bernhard Stiftner).
• The command line tool can now sign multiple files
• The alias parameter is now optional if the keystore contains only one entry (contributed by Michele Locati)
• The keystore aliases are now listed in the error message if the alias specified is incorrect
• The storetype parameter is no longer required for JCEKS keystores
• Fixed the update of the PE checksum (contributed by Markus Kilås)
• The CMSAlgorithmProtection attribute is no longer added to the signature (contributed by Yegor Yarko)
• The signature algorithm is identified as RSA instead of sha*RSA when using SHA-2 digests (contributed by Yegor Yarko)
• Upgraded BouncyCastle to 1.69