esig/dss 5.9.RC1

Release Notes - eSignature DSS - Version 5.9.RC1

on GitHub

Bug / Issues

• [DSS-1985] - ASIC-E containers with multiple files - Schema issue in validation report
• [DSS-2246] - Revoked QSCD signed PDF report show as TOTAL_PASSED, but shold be FAILED
• [DSS-2275] - Built in OCSP Revocation considered invalid if Certificate expires
• [DSS-2338] - Validating signature with expired OCSP certificate at OCSP token producedAt time
• [DSS-2340] - NPE when algorithm expiration date is missing in XML policy
• [DSS-2344] - Issue in qualification conflict detection
• [DSS-2351] - JAdES tstVD unsigned header parameter misspelled
• [DSS-2352] - JAdES sigTst input of the message imprint computation
• [DSS-2354] - JAdES LTA augmentation removes previous tstVD
• [DSS-2357] - ASiC-S with CAdES packaging attached
• [DSS-2358] - LTA augmented countersigned signature - Schema issue in validation report
• [DSS-2367] - PDF generation produces "#" instead of special characters
• [DSS-2373] - ETSI VR reports a wrong MimeType in case of a JAdES signature
• [DSS-2377] - ASiC-S with CAdES signature and detached timestamp creation issues
• [DSS-2387] - ASiC-E with CAdES augmentation is not coherent
• [DSS-2389] - WebApp TL Summary : resolve variable name issue for pivot loading
• [DSS-2398] - TL-loading page - null NextUpdate issue
• [DSS-2400] - Validator fails format on PDF page count wrongly(?)
• [DSS-2411] - XAdES : issue on resolving URIs to detached files containing '+' character
• [DSS-2416] - Suspended Certificates end up in PASSED conclusion in Long-Term Validation
• [DSS-2422] - PDF hashes are not repeatable, varying with the default timezone
• [DSS-2433] - DocumentValidatorFactory implementations different semantics for isSupported
• [DSS-2436] - XAdES : IndividualDataObjectsTimeStamp message-imprint computation order
• [DSS-2438] - SignatureFieldDimensionAndPositionBuilder returns values in different scales
• [DSS-2440] - OpenAPI descriptor missing the API version element
• [DSS-2448] - Best way to avoid "not all files are signed!" warning on OpenDocument files
• [DSS-2451] - PAdES : avoid to rise an exception in case of byterange overlaps
• [DSS-2457] - PAdES : Validator reports -T level for -LTA signature with overwritten DSS dictionary
• [DSS-2464] - CAdES : allow validation with a digest algorithm defined within SignerInformation
• [DSS-2471] - PAdES : minimal LT requirement check fails because of another signature within PDF
• [DSS-2473] - WebApp : no signature levels is available after a post form submit failure
• [DSS-2477] - Fix non-AdES signature extension with expired certificates
• [DSS-2478] - Allow non-AdES signature validation with provided signing certificate
• [DSS-2480] - PDF : abde revocation info archival values are not timestamped
• [DSS-2482] - DSS Demo : expired session and report generations
• [DSS-2500] - Make ExternalResourcesCRLSource/ExternalResourcesOCSPSource usable in CertificateVerifier
• [DSS-2506] - Inappropriate "signed by" values for NO_SIGNING_CERTIFICATE_FOUND situations

Improvement / New Feature

• [DSS-2155] - Missing validation of TSTInfo tsa field
• [DSS-2300] - Create a bom with all dss version
• [DSS-2314] - Improve readability of the Simple Report
• [DSS-2318] - Incorrect warning for eSeals
• [DSS-2321] - Improve handling of SignatureAttribute
• [DSS-2324] - Review info/warning/error escalation between the detailed and simple reports
• [DSS-2325] - Detailed validation report: make details usable - get rid of tooltips
• [DSS-2326] - Support QcCClegislation QCStatement
• [DSS-2328] - Allow to create an XML Manifest with custom Transforms
• [DSS-2329] - Improve ManifestValidator
• [DSS-2330] - SVC : check certificate revocation based on POE
• [DSS-2331] - Determine final Signature Qualification based on both times
• [DSS-2334] - Refactor QCStatement
• [DSS-2336] - XAdES : allow parallel signature creation for INTERNALLY_DETACHED packaging
• [DSS-2339] - XAdES : add a possibility to add custom ds:Object elements to a signature
• [DSS-2341] - Validation : add optional checks for Certificate QCStatement
• [DSS-2345] - Validation Policy : treat algorithm as infinite if there is no expiration date
• [DSS-2347] - User-friendly IDs in validation reports
• [DSS-2363] - XAdES : SigAndRefsTimeStampV2 and RefsOnlyTimeStampV2 message-imprint computation
• [DSS-2368] - Improve behavior on signing with expired/not yet valid certificate
• [DSS-2369] - Restrict signature extension for an expired certificate/expired POE
• [DSS-2370] - Vulnerability Assessment Report 5.8.RC1 review
• [DSS-2372] - ETSI Validation Report builds elements with empty data
• [DSS-2374] - JAdES cSig improvements
• [DSS-2375] - PAdES : improve revision extraction
• [DSS-2376] - XAdES : improve counter signature handling
• [DSS-2379] - Make timestamp's signatureValid parameter dependent on message-imprint validation
• [DSS-2380] - XAdES : allow SigAndRefsTimeStampV2 creation
• [DSS-2384] - RFC : NextUpdate check shall be executed based on revocation type
• [DSS-2385] - RAC : add tooltips for nested RAC checks
• [DSS-2402] - Use Provider.configure instead of reflection in SunPKCS11Initializer for Java >= 9
• [DSS-2403] - Validation reports webPage : add a copy id button
• [DSS-2404] - Provide validating cryptographic algorithm to additional info
• [DSS-2407] - Introduce CertificateSource equality/equivalence
• [DSS-2408] - Simple/Detailed report validation errors handling
• [DSS-2409] - Improve SignaturePolicy validation
• [DSS-2410] - XAdES : improve returned SignatureScope when xpointer is used
• [DSS-2412] - CRL before OCSP
• [DSS-2420] - Baseline LT signature time increases drastically every new signature
• [DSS-2421] - Represent details of Validation process for Basic Signatures
• [DSS-2424] - Remove hack in MSCAPISignatureToken
• [DSS-2425] - Enforce Baseline profile minimal requirements check on signature level detection
• [DSS-2426] - Verify 'signing-certificate' attribute within SAV block
• [DSS-2429] - Demo webApp : return a user-friendly error message on too large file upload
• [DSS-2431] - Make abstract methods in AbstractKeyStoreTokenConnection protected
• [DSS-2435] - Introduce an AIASource
• [DSS-2437] - Simplify calculations
• [DSS-2441] - Refactor SignatureExtension process
• [DSS-2446] - Allow to get warnings and errors by their code, not the translated message
• [DSS-2449] - Introduce a sign method based on the signature algorithm
• [DSS-2450] - Improve the ECDSA / ECDSA-PLAIN support
• [DSS-2453] - Create DocumentBuilderFactoryBuilder
• [DSS-2454] - PAdES Visible Signature : add a parameter to define a behavior for image placing
• [DSS-2455] - PAdES Visual Signature : refactor signature field dimension and position builder
• [DSS-2458] - Encapsulate the padding calculations of the native PDFBox drawer
• [DSS-2475] - Validation reports: Difference in used time format (between ETSI report and the other report types)
• [DSS-2481] - Distinction between exceptions from the external inputs and core
• [DSS-2485] - CommonsDataLoader does not set a default ConnectionRequest timeout
• [DSS-2491] - CommonsDataLoader : add authentication rules with a setter
• [DSS-2497] - Auto-fit text to the existing space in signature

Task

• [DSS-2074] - Upgrade santuario
• [DSS-2332] - Upgrade PDFBox
• [DSS-2335] - Upgrade BouncyCastle
• [DSS-2343] - Add Erros/Warnings/Infos ids to Simple Report
• [DSS-2362] - JAdES : align the code with draft 0.0.7a
• [DSS-2383] - Upgrade Apache FOP
• [DSS-2414] - Stop support of Bootstrap 3
• [DSS-2417] - Upgrade PDFBox
• [DSS-2459] - Upgrade JUnit
• [DSS-2460] - Upgrade OpenPdf
• [DSS-2466] - Code clean for 5.9
• [DSS-2468] - JDK 16 support
• [DSS-2484] - Upgrade BouncyCastle