Release 5.2.RC1

Bug

• [DSS-921] - An archive-extended signature with relevant, but missing revocation information still validates OK (as XAdES_BASELINE_LTA)
• [DSS-1102] - DSS CRL validation
• [DSS-1149] - Error in the simple report of an invalid XAdES LTA signature with an invalid ArchiveTimestamp
• [DSS-1155] - Missing check for OtherCriteria in critical Qualifications Extension in TSL
• [DSS-1160] - Use of TrustedListsCertificateSource while signing
• [DSS-1212] - Error while retrieving expiredCertsOnCRL date
• [DSS-1219] - Signing certificate validation material and archive-time-stamps
• [DSS-1222] - Validation of time-stamp and archive-time-stamp produced at the same second
• [DSS-1237] - Adding certificates does not work in DSS 5.1.RC1 demo web application and KeyStoreCertificateSource in general when using .p12
• [DSS-1258] - XAdES countersignature verification not working

Improvement

• [DSS-798] - Allowed augmentation of XAdES detached signatures without providing the original file
• [DSS-822] - RSASSA-PSS support
• [DSS-1174] - XAdES manifest signature creation
• [DSS-1211] - Avoid to load complete CRLs
• [DSS-1221] - Simple validation report improvement for signatures with issues in time-stamps
• [DSS-1228] - Add support of ServiceSupplyPoints
• [DSS-1229] - PAdES : add rotation support for visible signatures
• [DSS-1250] - DSS demo : allows to use secure cookies
• [DSS-1251] - DSS demo : custom default error page

Final release 5.1

Bug

• [DSS-1226] - The "Sign a document" page does not generate ASIC containers
• [DSS-1227] - Use of OnlineTSPSource does not shutdown ExecutorService
• [DSS-1235] - Proxy configuration in DSS 5.1.RC1 demo web application does not work
• [DSS-1236] - Detailed report PDF generation in DSS 5.1.RC1 demo web application does not work when there is more than one validated signature
• [DSS-1249] - Improve sanitization of paths

Support

• [DSS-1224] - Proxy configuration

Release 5.1.RC1

Bug

• [DSS-1131] - PADES_BASELINE_LTA creates timestamp signature as visible
• [DSS-1132] - Separate SignatureImageParameters for signature and document time stamp
• [DSS-1135] - Error getting policyId
• [DSS-1145] - Key length used to sign token smaller than in validation policy.
• [DSS-1171] - CMSDocumentValidator created with CMSsignedData leads to exception
• [DSS-1172] - Common Name (CN) wrong
• [DSS-1188] - Wrong Signing Certificate extracted from CMS-NOT-ETSI
• [DSS-1199] - File handle leak in ImageUtils
• [DSS-1200] - Bad scaling of signature images
• [DSS-1147] - ASiC-E containers with CAdES are not baseline containers
• [DSS-1148] - ASiC-E containers with CAdES long term preservation is not correctly achieved
• [DSS-1150] - Error generating ASIC-E with XAdES LT multiple input files

Improvement

• [DSS-1159] - Pades: Line breaks in signature text cannot be rendered
• [DSS-1165] - Validation: upload only MessageDigest rather than original document
• [DSS-1183] - PAdES : Support of signature fields
• [DSS-1184] - PAdES : distinction of PAdES and PKCS7 signatures
• [DSS-1185] - Demo Webapp : migrate from Apache Tiles to Thymeleaf
• [DSS-1186] - Demo bundle : improvements
• [DSS-1201] - Webservices for Server signing REST and SOAP
• [DSS-1206] - DSS demo : use NexU 1.10.5
• [DSS-1208] - DSS demo : migrate Spring xml config to java config

Support

• [DSS-1193] - Documentation for DSS Rest interface
• [DSS-1203] - NoClassDefFoundError Could not initialize class eu.europa.esig.dss.utils.Utils

Final release 5.0

Bug

• [DSS-1138] - PDF signature image is displayed on the wrong page
• [DSS-1139] - ASiC : zip comment detection fails in some cases
• [DSS-1144] - OCSP response status unauthorized (6) NPE
• [DSS-1153] - Implementation of TSL PolicySet criterion is incorrect
• [DSS-1156] - Incorrect handling of sub-CriteriaLists in Qualifictaion Extensions in TSLs
• [DSS-1163] - SecureRandomNonceSource uses a static SecureRandom instance

Improvement

• [DSS-1130] - Add support for PNG in visible signature with textParameters

Release 5.0.RC1

This release mainly brings a complete refactoring of the ASiC part (creation, extension and validation) and the compliance to eIDAS regulation.

Bug

• [DSS-924] - extractCNName return bad name if no CN
• [DSS-932] - Validating ASiC-E/XAdES without manifest.xml succeeds
• [DSS-939] - dss-pades depends on jcl-over-slf4j
• [DSS-943] - Enforce the NotQualified SIE qualifier
• [DSS-967] - NPE when attempting to load an absent TL
• [DSS-1110] - XADES DSA ASN1 signature not properly converted to DSIG
• [DSS-1113] - Failed OCSP request causes NPE upon signature validation
• [DSS-1114] - Incorrect encoding of OCSP nonce in OCSP request
• [DSS-1115] - OnlineOCSPSource does not support changing nonces
• [DSS-1116] - Visible signature image metadata stream is not closed
• [DSS-1124] - XAdES : Incorrect SigningCertificateV2 content
• [DSS-1125] - No exception is thrown when LOTL Signature is not valid

Improvement

• [DSS-716] - DSS support for Android
• [DSS-769] - PNG support
• [DSS-824] - It would be nice to be able to zoom on PAdES signature images
• [DSS-848] - Update PDFBox dependency to new 2.0.0 version
• [DSS-864] - Scale signature image
• [DSS-881] - Error handling in KeyStoreCertificateSource could be improved
• [DSS-882] - NullPointerException when DSSUtils.loadCertificate is called with an input stream which is not a certficate
• [DSS-891] - Remove annotation @PostConstruct on TSLValidator job
• [DSS-894] - Support of expiredCertsRevocationInfo tag from the TL
• [DSS-902] - Time-dependent Service information extensions
• [DSS-908] - Support of additionalServiceInformation from the TL
• [DSS-920] - Validating XAdES signature using precalculated data file hash
• [DSS-935] - Retrieve token by alias in keystore
• [DSS-958] - Very high memory usage when validating some signatures
• [DSS-962] - Bogus warnings: XMLSignatureException: Signature length not correct: got 256 but was expecting 512 for some successfully validated signatures
• [DSS-974] - PAdES visual signature, JPEG too big
• [DSS-1103] - ASiC Plugtests
  • [DSS-1104] - Split ASiC with XAdES/CAdES
  • [DSS-1105] - Remove getNextValidator from DocumentValidator
  • [DSS-1106] - Remove get/setNextDocument from DSSDocument
  • [DSS-1107] - Add information about ASiC container in the validation report
  • [DSS-1108] - Allow to sign more than one document with the demo/webservices
  • [DSS-1109] - Remove setNextReport from Reports
  • [DSS-1111] - ASiC-E + CAdES : incorrect ASiCManifest.xml structure
  • [DSS-1118] - ASiC-E with CAdES : Validation of the manifest files
  • [DSS-1119] - ASiC-S : multi documents signature
• [DSS-1112] - Allow to set _signatureCards in MOCCASignatureTokenConnection
• [DSS-1120] - PAdES : upgrade pdfbox dependency
• [DSS-1122] - Upgrade BouncyCastle dependency
• [DSS-1123] - Add support for PNGs in PdfBoxSignatureService
• [DSS-1128] - eIDAS compliance
• [DSS-1129] - Split framework and demos

Task

• [DSS-955] - License should be added to github readme.md and to validation-policy project

Release 4.7

Bug

• [DSS-947] - Validation sub indication issue (NO_CERTIFICATE_CHAIN_FOUND)
• [DSS-949] - Empty unsigned attributes in PAdES-B-B generation
• [DSS-950] - DSS/VRI entry invalid digest
• [DSS-951] - Validation report error in CAdES detached signature wihout uploading the original file
• [DSS-965] - KeyStoreCertificateSource does not load keystore certificates automatically

Task

• [DSS-956] - SimpleReport of a PAdES_BASELINE_T signature

Improvement

• [DSS-936] - Bogus check in PastCertificateValidationAcceptableCheck

Release 4.7.RC2

    Release Notes - DSS - Version 4.7.RC2

Bug

• [DSS-806] - CommonsDataLoader.java doesnt call httpClient.close();
• [DSS-883] - TSLValidationJob refresh method does not revalidate country TSLs if only the LOTL changed
• [DSS-890] - SimpleReport.isSignatureValid(String) fails to handle the new {{TOTAL_PASSED}} indication in 4.7.RC1
• [DSS-893] - The pre-defined EU TSL signers from the EU TSL signers trust store in the DSS Demo Web Application (keystore.p12) cannot be deleted
• [DSS-895] - Validation of a signature can influence the validation result of another signature
• [DSS-915] - Fix detecting signature qualification level based on TL information (QSCD/SSCD check)
• [DSS-918] - Validation fails for document with revoked signing certificate when ValidationLevel is set to LONG_TERM_DATA, but succeeds when ValidationLevel is ARCHIVAL_DATA
• [DSS-922] - OCSP revocation errors are not included in simple report

Improvement

• [DSS-912] - DSS 4.7.RC1 does not build with JDK 7
• [DSS-931] - Detection of out-dated dss keystore

Release 4.7.RC1

Sub-task

• [DSS-719] - Expose validation method as REST service
• [DSS-833] - Remove xpath expressions in the validation
• [DSS-834] - Update the HTML/PDF reports
• [DSS-835] - Review the validation policy
• [DSS-836] - Test the new validation with the PlugTests

Bug

• [DSS-650] - ASiC-e with CAdES extension fails
• [DSS-666] - ASiC and CertificatePool sharing
• [DSS-747] - PAdES visual signature is distorted while using both text and image
• [DSS-752] - NullPointerException extending XAdES-B to LTA when <xades:SignedDataObjectProperties> not present
• [DSS-780] - DSS webapp validates only first asice xades signature
• [DSS-787] - DSS/VRI does not include indirect references to already added objects
• [DSS-789] - Missing TS revocation data in PAdES LTA generated with the Standalone App
• [DSS-790] - Missing TS revocation data in PAdES augmentation to LT/LTA-Level from B-Level
• [DSS-792] - Singing certificate included twice in ds:KeyInfo
• [DSS-799] - Augmentation from ASiC-E to ASiC-S and vice versa allowed
• [DSS-814] - Temporaries files are not deleted in PAdES signature
• [DSS-817] - Error parsing tag IssuerSerial
• [DSS-819] - Validation reports ignore some ArchiveTimestamp validation errors
• [DSS-820] - Cannot sign multiple files using XAdES enveloped
• [DSS-823] - Visual PAdES signature image file not closed
• [DSS-825] - 4.6.0 DSS ASIC, DSS XAdES could not resolve reference URI if it contains "+" symbol
• [DSS-827] - Constructor for CommonTrustedCertificateSource is bogus
• [DSS-828] - OCSP requests should not have nonce extension set as critical
• [DSS-829] - OnlineOCSPSource contains bad error handling
• [DSS-830] - DSS cookbook example won't work
• [DSS-839] - Error validating signature with timestamp when time zone configured
• [DSS-841] - PAdES-LTA signed pdf validated as indeterminate after signed certificate expiration
• [DSS-843] - Unused SOAP validation service in development 4.7 branch
• [DSS-845] - OfflineCRLSource is rejecting some CRL
• [DSS-846] - NPE while extending a signature with remote services
• [DSS-850] - https (with mutal authentication) timestamping not supported in CommonsDataLoader
• [DSS-851] - CAdESSignature.checkSignatureIntegrity accepts invalid signature
• [DSS-852] - XAdES : ordering of tags in SignatureProductionPlaceV2
• [DSS-855] - close() method of Pkcs12SignatureTokenConnection should be empty
• [DSS-861] - dss-service 4.6.0, OCSP unit test failure.
• [DSS-863] - FileCacheDataLoader never expires entries
• [DSS-869] - TSLRepository, NullPointerException
• [DSS-870] - CommonsDataLoader, client authentication
• [DSS-871] - Timestamp server, HTTP-400 response
• [DSS-873] - Pkcs11SignatureToken class is not thread-safe
• [DSS-874] - xades:SigPolicyHash DigestValue check

Task

• [DSS-773] - RemoveSignature for Cades

Improvement

• [DSS-700] - Support for WebServices SOAP and REST
• [DSS-763] - Improve checking of signer certificate's QC compliance based on TSL
• [DSS-778] - Enveloping XAdES should add all documents to the references
• [DSS-801] - Error with DSA / ECDSA signature during signing
• [DSS-805] - XML Policy Constraint is not validated against XSD
• [DSS-832] - Support new standard ETSI EN 319 102
• [DSS-837] - Remove Java applets
• [DSS-840] - CommonDataLoader : allows to disable redirects
• [DSS-842] - ASIC-E XAdES should contain manifest.xml
• [DSS-853] - Support of the CRL extension expiredCertsOnCRL
• [DSS-857] - Support of OCSP extension ArchiveCutoff
• [DSS-875] - Fix of LDAP URL parsing and querying attributes

Release 4.6.RC2

    Release Notes - DSS - Version 4.6.RC2

Bug

• [DSS-771] - jnlp Unable to load resource
• [DSS-777] - XAdES and PKCS12
• [DSS-796] - Unable to generate ASiC-E containers using the standalone application
• [DSS-802] - PAdES validation report in Adobe Reader
• [DSS-809] - Handle OCSP revocation when reason is not given
• [DSS-810] - Wrong XAdES SPURI recognition
• [DSS-811] - CommonDataLoader : wrong timeout parameter
• [DSS-812] - ASiC : set encryption algorithm
• [DSS-813] - ASiC : wrong signatureFilename parameter usage

Release 4.6.RC1

    Release Notes - DSS - Version 4.6.RC1

Sub-task

• [DSS-642] - CAdES countersignature doesn't work
• [DSS-684] - Cades archive-time-stamp-v3 not properly created
• [DSS-693] - Migration of validation policy edition screens
• [DSS-718] - Expose signature methods as REST service

Bug

• [DSS-714] - Without signing certificate expiration check, signatures signed clearly after certificate expiration still validate successfully
• [DSS-727] - Validation of CAdES countersignatures fail
• [DSS-728] - The signature policy is not validated because expects ASN1
• [DSS-729] - Error extending CAdES with 2 signatures to LTA
• [DSS-732] - The demo application validates documents before TSL loading has finished
• [DSS-733] - PKCS#11 EC Encryption leading to DSSException
• [DSS-738] - ASiC files created with a digest algorithm different than SHA-256 fail validation
• [DSS-740] - The demo application discards existing certpool cache when reloading tsl
• [DSS-741] - PKCS11SignatureToken bug when space in the file path
• [DSS-750] - XAdES : problem with SignaturePolicySpuri
• [DSS-761] - Schema validation errors after extending signature to XAdES-C
• [DSS-766] - Possibly wrong element places in XML.
• [DSS-767] - XAdES : Invalid level LT detection
• [DSS-768] - An error occurred ! org.xml.sax.SAXParseException; lineNumber: 11; columnNumber: 23; The reference to entity "FD2" must end with the ';' delimiter.

New Feature

• [DSS-679] - https (with mutal authentication) timestamping support
• [DSS-746] - Standalone application

Improvement

• [DSS-690] - Light applet
• [DSS-709] - XAdES : support digest signing
• [DSS-717] - TrustedListsCertificateSource: setLotlCertificate() to support multiple certificates
• [DSS-722] - Demo : allow to generate ASiC signature with CAdES as underlying format
• [DSS-723] - Demo : Separate the "TSL signature" as a new complete option
• [DSS-724] - Demo : Signature policy values input is confusing
• [DSS-725] - Demo : Packaging selection in the augmentation process
• [DSS-748] - Improve dss-cookbook
• [DSS-757] - Unable To sign and verify large file