github esig/dss 6.5.RC1
eSignature DSS - Version 6.5.RC1

pre-release5 hours ago

Release notes - Version 6.5.RC1

🚀 Release highlights

  • CB-AdES (ETSI TS 119 152-1) creation and validation capabilities
  • Electronic Attestation of Attributes (EAA) creation and validation, in SD-JWT VC and ISO/IEC mdoc formats
  • LoTE (ETSI TS 119 602) validation job (XML and JSON)
  • XAdES alternative XPath handling
  • and a lot more (see below)...

🆕 New features

  • [DSS-3389] CB-AdES Baseline-B creation
  • [DSS-3390] CB-AdES validation
  • [DSS-3453] CB-AdES : add counter-signature support
  • [DSS-3477] CB-AdES : add a BASELINE -T/-LT/-LTA levels support
  • [DSS-3798] Validation of EAA per TS 119 472-1
  • [DSS-3800] Add support of ETSI TS 119 412-6 QcStatements
  • [DSS-3811] Add support of SD-JWT VC validation
  • [DSS-3812] Add QEAA validation as per TS 119 615 v1.3.1
  • [DSS-3815] Add claims extraction and presentation from EAA
  • [DSS-3816] Add support of JSON TS 119 602 List of Trusted Entities
  • [DSS-3823] Add support of LoLoTEs
  • [DSS-3840] ISO 18013-5 mDoc support
  • [DSS-3845] PID validation
  • [DSS-3860] Create SDJWTService
  • [DSS-3864] Validation of SD-JWT key binding signature
  • [DSS-3872] Incorporate EAAPresentation validation results in ETSI 102-2 validation report
  • [DSS-3874] Validation of mdoc key binding signature
  • [DSS-3878] Add support of Token Status List (TSL) on validation
  • [DSS-3883] Add support of IssuerSigned token on validation
  • [DSS-3885] FileCacheDataLoader validate result before caching and fallback (PR #192 by @Sqh3rd)
  • [DSS-3886] Create mdocService
  • [DSS-3888] Introduce "JAdES" and "CB-AdES" signature levels
  • [DSS-3889] Add 'x5u' (X.509 URL) presence check
  • [DSS-3891] Add 'typ' (Signature Type) header parameter verification check
  • [DSS-3901] Creation of key binding signature for SD-JWT VC
  • [DSS-3902] Creation of key binding signature for Mdoc
  • [DSS-3905] WebServices for EAA creation and validation
  • [DSS-3906] Add demos webpage for EAA validation
  • [DSS-3910] Add validation of mdoc status using Identifier List
  • [DSS-3916] Introduce Sign with CB-AdES webpage
  • [DSS-3917] Incorporate CB-AdES support in dss-standalone
  • [DSS-3921] Introduce generic validation job module for a document validation

⬆️ Improvements

  • [DSS-3229] Performance improvements with enveloped XAdES on large XML files
  • [DSS-3700] Resolve size Limitation in DSSSecureRandomProvider
  • [DSS-3789] Review DPI behavior for visual PDF signatures
  • [DSS-3791] Add alternative XPath query executor for XML processing
  • [DSS-3795] Improve XAdES Ids browsing
  • [DSS-3796] Introduce XPathUtils
  • [DSS-3799] Introduce a new parameter to enable old behavior on DPI handling
  • [DSS-3810] Add support of x5c as unsigned header parameter
  • [DSS-3822] Add support of EUDI PID Rulebook claims
  • [DSS-3825] Add support of VC Data Model 2.0 Credential Subject claim
  • [DSS-3842] CB-AdES TS 119 152-1 v1.1.1 review
  • [DSS-3844] Improve demonstrations dss-esig-validation-tests
  • [DSS-3847] Make SignatureDuplicated check dependent on a SignatureDigestReference
  • [DSS-3848] Align reports for mdoc validation
  • [DSS-3871] JAdES : accept arbitrary 'kid' protected header values
  • [DSS-3923] SignatureValidationContext should re-use RevocationDataVerifier on revocation freshness verification

🐞 Bug fixes / Issues

  • [DSS-3779] Invalid image placing with CENTER scaling and text combination
  • [DSS-3792] Misleading warnings from TokenIssuerSelector
  • [DSS-3819] TL signature may be validated successfully against CA certificate
  • [DSS-3821] Duplicate CRLs caused by differing production time
  • [DSS-3824] The validation of CAdES LTA TS 101 733 (not EN 319 122) doesn't detect the ES-T timestamp as covered by the archive timestamp
  • [DSS-3859] TrustAnchorBPPolicy does not include signing-certificate when trusted
  • [DSS-3861] Disable redirection on QWAC Validation webpage in demos
  • [DSS-3869] Unsupported cryptographic algorithm results to NPE
  • [DSS-3876] Concurrency bug in JAdES signature validation
  • [DSS-3877] No semantics defined for NO_CERTIFICATE_CHAIN_FOUND_NO_POE
  • [DSS-3898] DSS Validation Demo throws NullPointerException for mixed EU + Ukraine multi-signature PDF (reports == null)

📋 Tasks / Other

  • [DSS-3284] CBOR-AdES analysis
  • [DSS-3763] Upgrade to Spring-Boot 4
  • [DSS-3839] Update json-sKema to v0.29.0
  • [DSS-3849] OJEU keystore update before 29 April 2026
  • [DSS-3865] Upgrade to BouncyCastle 1.84
  • [DSS-3881] Introduce specific XMLDefinerUtils for Simple and Detailed reports
  • [DSS-3904] Add documentation for EAA
  • [DSS-3927] Enforce TL version 6 in demos
  • [DSS-3929] Replace sample file "replace.pdf"

🔄 Migration

For information about code changes and migration process, please refer to the Migration Guide in documentation.

Don't miss a new dss release

NewReleases is sending notifications on new releases.