github esig/dss 6.4.RC1
Release Notes - eSignature DSS - Version 6.4.RC1
on GitHub

pre-release6 hours ago

New features

  • [DSS-3466] Introduce service loader mechanism for signature augmentation
  • [DSS-3640] Add support of algorithm-usage element in TS 119 322 cryptographic suite
  • [DSS-3666] Add support of Start and Max elements within cryptographic suites
  • [DSS-3669] Add support of alternative security providers
  • [DSS-3716] DSS Demonstrations : add cache folder configuration properties
  • [DSS-3719] Make SignaturePolicyValidatorLoader configurable
  • [DSS-3735] Introduce QWACValidator
  • [DSS-3737] Add validation of signing certificate validity against claimed signing time
  • [DSS-3744] Add support of TS 119 411-5 JAdES signatures
  • [DSS-3752] Web application : extend QWAC Validation webpage with more options
  • [DSS-3760] Add AuthorityKeyIdentifier and SubjectKeyIdentifier certificate extension presence checks
  • [DSS-3762] Add nonce configuration within DSS Demo WebApp
  • [DSS-3768] Support of TS 119 602 Lists of trusted entities XML and JSON schemas
  • [DSS-3775] Add SlotId definition for PKCS#11 in dss-standalone
  • [DSS-3776] Add dss-standalone package for Linux (in collaboration with @stokito)
  • [DSS-3782] Support of new ETSI EN 319 412-5 v2.5.1 QcStatements

Improvements

  • [DSS-2593] Introduce an Algorithm Obsolescence Check block
  • [DSS-3634] Add support of StructTreeRoot on object modification detection
  • [DSS-3641] Cryptographic validation shall validate signature algorithm, instead of digest and encryption algo separately
  • [DSS-3703] Harmonize CMS creation process
  • [DSS-3715] DSS Demonstrations : switch to file cache revocation sources instead of generic FileCacheDataLoader
  • [DSS-3720] Inconsistent trust anchor usage during signature verification when multiple certificates share the same DN and key pair
  • [DSS-3742] Improve default validation policy name and description
  • [DSS-3743] Make content type policy constraints to accept multiple values
  • [DSS-3746] JAXB PKI Factory : add SubjectAlternativeName certificate extension
  • [DSS-3751] Unnecessary digest computation in PdfBoxSignatureService.signDocument(...) for external CMS PAdES signing
  • [DSS-3753] Add CRL number on XAdES-E-C augmentation (PR #187 by @erdembas)
  • [DSS-3757] Add policy description within certificate validation reports HTML and PDF
  • [DSS-3759] Enable sunset date handling in Demos by default
  • [DSS-3777] Improve error handling for Pkcs11SignatureToken
  • [DSS-3778] TL6 support based on ETSI TS 119 612 v2.4.1 instead of v2.3.1.

Bug fixes / Issues

  • [DSS-3636] ASiC creation or augmentation fails when a detached content provided in parameters
  • [DSS-3649] ASiC-E with CAdES with an archive-time-stamp unsigned attribute fail LTA augmentation
  • [DSS-3672] Inconsistent behavior when validating XML detached and manifest signatures with DSSDocument name attribute
  • [DSS-3680] DSS WebApp : server-sign process is not resolved when using a reverse-proxy
  • [DSS-3694] KeyUsage leads to ArrayIndexOutOfBoundsException when used with an alternative security provider
  • [DSS-3702] FileCacheOCSPSource shall create OCSP key based on URL+Certificate combination
  • [DSS-3704] JSON schema validation skips some single issues
  • [DSS-3705] Enveloped countersignature ignored when Reference Type is missing
  • [DSS-3712] AIACertificateSource ignores candidates when full certification path is returned
  • [DSS-3722] DSS fails to build a report when DigestAlgorithm used for signature policy is not known
  • [DSS-3725] XAdES and JAdES counter signatures are validated multiple times
  • [DSS-3732] Fix XAdES Archive Timestamp v1.3.2 message-imprint computation for enveloped signatures
  • [DSS-3750] Incorrect URI Encoding in Detached Signature with ESIG/DSS from Version 6.2
  • [DSS-3758] IssuerSerial not matching when DN has line breaks after non-space text ending
  • [DSS-3770] OpenPdf implementation does not generate field id when using the #addNewSignatureField method
  • [DSS-3771] PAdESService#addNewSignatureField does not check for overlapping field names
  • [DSS-3780] Performance of timestamp's ContainerSignedAndTimestampedFilesCovered constraint
  • [DSS-3781] PKI Factory : missing Authority Key Identifier certificate extension
  • [DSS-3783] Validation fails when a third country Trust Service defines qualifiers, but no MRA mapping is provided
  • [DSS-3784] Javadoc generation fails for JAXB generated classes with JDK 25
  • [DSS-3787] XAdES-B-T is displayed as XAdES-E-C when only self-signed certificates are used

Tasks / Other

  • [DSS-3697] Add publiccode.yml file for repository inclusion in EU OSS Catalogue
  • [DSS-3734] Avoid ZIP bomb in source code
  • [DSS-3747] ETSI TS 119 411-5 : add unit tests
  • [DSS-3764] Upgrade to BouncyCastle 1.83
  • [DSS-3765] Upgrade to PdfBox 3.0.6
  • [DSS-3766] Upgrade to Tomcat 11.0.15

Migration

For information about code changes and migration process, please refer to the Migration Guide in documentation.

Check out latest releases or
releases around esig/dss 6.4.RC1

Don't miss a new dss release

NewReleases is sending notifications on new releases.

Get notifications