Release 4.7.RC1

Sub-task

• [DSS-719] - Expose validation method as REST service
• [DSS-833] - Remove xpath expressions in the validation
• [DSS-834] - Update the HTML/PDF reports
• [DSS-835] - Review the validation policy
• [DSS-836] - Test the new validation with the PlugTests

Bug

• [DSS-650] - ASiC-e with CAdES extension fails
• [DSS-666] - ASiC and CertificatePool sharing
• [DSS-747] - PAdES visual signature is distorted while using both text and image
• [DSS-752] - NullPointerException extending XAdES-B to LTA when <xades:SignedDataObjectProperties> not present
• [DSS-780] - DSS webapp validates only first asice xades signature
• [DSS-787] - DSS/VRI does not include indirect references to already added objects
• [DSS-789] - Missing TS revocation data in PAdES LTA generated with the Standalone App
• [DSS-790] - Missing TS revocation data in PAdES augmentation to LT/LTA-Level from B-Level
• [DSS-792] - Singing certificate included twice in ds:KeyInfo
• [DSS-799] - Augmentation from ASiC-E to ASiC-S and vice versa allowed
• [DSS-814] - Temporaries files are not deleted in PAdES signature
• [DSS-817] - Error parsing tag IssuerSerial
• [DSS-819] - Validation reports ignore some ArchiveTimestamp validation errors
• [DSS-820] - Cannot sign multiple files using XAdES enveloped
• [DSS-823] - Visual PAdES signature image file not closed
• [DSS-825] - 4.6.0 DSS ASIC, DSS XAdES could not resolve reference URI if it contains "+" symbol
• [DSS-827] - Constructor for CommonTrustedCertificateSource is bogus
• [DSS-828] - OCSP requests should not have nonce extension set as critical
• [DSS-829] - OnlineOCSPSource contains bad error handling
• [DSS-830] - DSS cookbook example won't work
• [DSS-839] - Error validating signature with timestamp when time zone configured
• [DSS-841] - PAdES-LTA signed pdf validated as indeterminate after signed certificate expiration
• [DSS-843] - Unused SOAP validation service in development 4.7 branch
• [DSS-845] - OfflineCRLSource is rejecting some CRL
• [DSS-846] - NPE while extending a signature with remote services
• [DSS-850] - https (with mutal authentication) timestamping not supported in CommonsDataLoader
• [DSS-851] - CAdESSignature.checkSignatureIntegrity accepts invalid signature
• [DSS-852] - XAdES : ordering of tags in SignatureProductionPlaceV2
• [DSS-855] - close() method of Pkcs12SignatureTokenConnection should be empty
• [DSS-861] - dss-service 4.6.0, OCSP unit test failure.
• [DSS-863] - FileCacheDataLoader never expires entries
• [DSS-869] - TSLRepository, NullPointerException
• [DSS-870] - CommonsDataLoader, client authentication
• [DSS-871] - Timestamp server, HTTP-400 response
• [DSS-873] - Pkcs11SignatureToken class is not thread-safe
• [DSS-874] - xades:SigPolicyHash DigestValue check

Task

• [DSS-773] - RemoveSignature for Cades

Improvement

• [DSS-700] - Support for WebServices SOAP and REST
• [DSS-763] - Improve checking of signer certificate's QC compliance based on TSL
• [DSS-778] - Enveloping XAdES should add all documents to the references
• [DSS-801] - Error with DSA / ECDSA signature during signing
• [DSS-805] - XML Policy Constraint is not validated against XSD
• [DSS-832] - Support new standard ETSI EN 319 102
• [DSS-837] - Remove Java applets
• [DSS-840] - CommonDataLoader : allows to disable redirects
• [DSS-842] - ASIC-E XAdES should contain manifest.xml
• [DSS-853] - Support of the CRL extension expiredCertsOnCRL
• [DSS-857] - Support of OCSP extension ArchiveCutoff
• [DSS-875] - Fix of LDAP URL parsing and querying attributes

Release 4.6.RC2

    Release Notes - DSS - Version 4.6.RC2

Bug

• [DSS-771] - jnlp Unable to load resource
• [DSS-777] - XAdES and PKCS12
• [DSS-796] - Unable to generate ASiC-E containers using the standalone application
• [DSS-802] - PAdES validation report in Adobe Reader
• [DSS-809] - Handle OCSP revocation when reason is not given
• [DSS-810] - Wrong XAdES SPURI recognition
• [DSS-811] - CommonDataLoader : wrong timeout parameter
• [DSS-812] - ASiC : set encryption algorithm
• [DSS-813] - ASiC : wrong signatureFilename parameter usage

Release 4.6.RC1

    Release Notes - DSS - Version 4.6.RC1

Sub-task

• [DSS-642] - CAdES countersignature doesn't work
• [DSS-684] - Cades archive-time-stamp-v3 not properly created
• [DSS-693] - Migration of validation policy edition screens
• [DSS-718] - Expose signature methods as REST service

Bug

• [DSS-714] - Without signing certificate expiration check, signatures signed clearly after certificate expiration still validate successfully
• [DSS-727] - Validation of CAdES countersignatures fail
• [DSS-728] - The signature policy is not validated because expects ASN1
• [DSS-729] - Error extending CAdES with 2 signatures to LTA
• [DSS-732] - The demo application validates documents before TSL loading has finished
• [DSS-733] - PKCS#11 EC Encryption leading to DSSException
• [DSS-738] - ASiC files created with a digest algorithm different than SHA-256 fail validation
• [DSS-740] - The demo application discards existing certpool cache when reloading tsl
• [DSS-741] - PKCS11SignatureToken bug when space in the file path
• [DSS-750] - XAdES : problem with SignaturePolicySpuri
• [DSS-761] - Schema validation errors after extending signature to XAdES-C
• [DSS-766] - Possibly wrong element places in XML.
• [DSS-767] - XAdES : Invalid level LT detection
• [DSS-768] - An error occurred ! org.xml.sax.SAXParseException; lineNumber: 11; columnNumber: 23; The reference to entity "FD2" must end with the ';' delimiter.

New Feature

• [DSS-679] - https (with mutal authentication) timestamping support
• [DSS-746] - Standalone application

Improvement

• [DSS-690] - Light applet
• [DSS-709] - XAdES : support digest signing
• [DSS-717] - TrustedListsCertificateSource: setLotlCertificate() to support multiple certificates
• [DSS-722] - Demo : allow to generate ASiC signature with CAdES as underlying format
• [DSS-723] - Demo : Separate the "TSL signature" as a new complete option
• [DSS-724] - Demo : Signature policy values input is confusing
• [DSS-725] - Demo : Packaging selection in the augmentation process
• [DSS-748] - Improve dss-cookbook
• [DSS-757] - Unable To sign and verify large file

Release 4.5.0

Sub-task

• [DSS-691] - Migration of extension screens
• [DSS-692] - Migration of validation screens
• [DSS-702] - Add signature reason / location / contactInfo
• [DSS-703] - Wrong type for a DocumentTimeStamp
• [DSS-704] - Add VRI dictionary in DSS dictionary
• [DSS-705] - Validation of OCSP/CRL from the DSS dictionary
• [DSS-706] - Baseline-LT contains a document-time-stamp over the DSS dictionary

Bug

• [DSS-629] - Stability of the getDataToSign
• [DSS-630] - Signature ID's are equals in the same second
• [DSS-667] - CAdES digest computation: DER: SET OF tag must be ordered in ascending order
• [DSS-668] - PAdES signatures have same Id's
• [DSS-672] - NullpointerException in SignatureParameters class
• [DSS-685] - Pades T/LT/LTA : space for signature-time-stamp attribute
• [DSS-687] - TimeStamp "indeterminate" and "basic report" is "valid"
• [DSS-699] - Getting an exception signing a PAdES PDF with a content timestamp set
• [DSS-730] - Bug in JdbcCacheCRLSource ("Error with the cache data store") triggered by a newer version of hsqldb (e.g. hsqldb 2.3.2)
• [DSS-734] - Unable to extend Baseline-B/T to LT/LTA
• [DSS-735] - Unable to unzip bundle on Mac

Task

• [DSS-638] - Add integration test on DSS-Demo-Webapp

Improvement

• [DSS-657] - XADES SignaturePolicy : add description and SP URI
• [DSS-662] - CAdES : improve timestamps reading
• [DSS-663] - Improve OCSP recognition
• [DSS-674] - Split dss-document into smaller modules
• [DSS-675] - CADES SignaturePolicy : add SP URI
• [DSS-680] - CommonsDataLoader and Proxy improvements
• [DSS-688] - Improve exception management while loading TSL
• [DSS-690] - Light applet
• [DSS-696] - Improve caIssuers loading from AIA extension
• [DSS-697] - Avoid NPE if DataLoader is not setted (AIA)
• [DSS-701] - Plugtests PAdES 2015 : improvements and bugs
• [DSS-707] - To avoid confusion, strong type for "ToBeSigned" and "SignatureValue"
• [DSS-711] - Configurable keystore type in pom.xml
• [DSS-713] - TSL : Support of certificates from SchemeServiceDefinitionURI/URI

Release 4.5.RC2

Bug

• [DSS-730] - Bug in JdbcCacheCRLSource ("Error with the cache data store") triggered by a newer version of hsqldb (e.g. hsqldb 2.3.2)
• [DSS-734] - Unable to extend Baseline-B/T to LT/LTA
• [DSS-735] - Unable to unzip bundle on Mac
• [DSS-737] - Extended XAdES-BASELINE_LTA but validated as XAdES-A

Release 4.5.RC1

Bug

• [DSS-629] - Stability of the getDataToSign
• [DSS-630] - Signature ID's are equals in the same second
• [DSS-667] - CAdES digest computation: DER: SET OF tag must be ordered in ascending order
• [DSS-668] - PAdES signatures have same Id's
• [DSS-672] - NullpointerException in SignatureParameters class
• [DSS-685] - Pades T/LT/LTA : space for signature-time-stamp attribute
• [DSS-687] - TimeStamp "indeterminate" and "basic report" is "valid"
• [DSS-699] - Getting an exception signing a PAdES PDF with a content timestamp set

Improvement

• [DSS-657] - XADES SignaturePolicy : add description and SP URI
• [DSS-662] - CAdES : improve timestamps reading
• [DSS-663] - Improve OCSP recognition
• [DSS-674] - Split dss-document into smaller modules
• [DSS-675] - CADES SignaturePolicy : add SP URI
• [DSS-680] - CommonsDataLoader and Proxy improvements
• [DSS-688] - Improve exception management while loading TSL
• [DSS-690] - Light applet
  • [DSS-691] - Migration of extension screens
  • [DSS-692] - Migration of validation screens
• [DSS-696] - Improve caIssuers loading from AIA extension
• [DSS-697] - Avoid NPE if DataLoader is not setted (AIA)
• [DSS-701] - Plugtests PAdES 2015 : improvements and bugs
  • [DSS-702] - Add signature reason / location / contactInfo
  • [DSS-703] - Wrong type for a DocumentTimeStamp
  • [DSS-704] - Add VRI dictionary in DSS dictionary
  • [DSS-705] - Validation of OCSP/CRL from the DSS dictionary
  • [DSS-706] - Baseline-LT contains a document-time-stamp over the DSS dictionary
• [DSS-707] - To avoid confusion, strong type for "ToBeSigned" and "SignatureValue"
• [DSS-711] - Configurable keystore type in pom.xml
• [DSS-713] - TSL : Support of certificates from SchemeServiceDefinitionURI/URI

Task

• [DSS-638] - Add integration test on DSS-Demo-Webapp

Release 4.4.0

Bug

[DSS-619] - XADES SignedProperties Reference
[DSS-621] - Extending previous -LTA PDF enter infinite loop.
[DSS-628] - Inclusive canonicalization
[DSS-639] - Method getRevocationReason doesn't work
[DSS-659] - ASiC: Do not compress mimetype file when creating extended document.
[DSS-660] - Use public key instead of certificate to verify CAdES signature integrity
[DSS-661] - CAdES signature with expired certificate returns invalid signature
[DSS-677] - NPE while extending ASiC signature in the applet
[DSS-678] - XML external entity vulnerability
[DSS-681] - Vulnerabilities in dependencies
[DSS-682] - WebApp doesn't use CommonDataLoader to contact TSP
[DSS-712] - Webapp : force encoding

Improvement

[DSS-622] - Replace X509Certificat with CertificateToken
[DSS-624] - CertificateIdentifier contains static methods
[DSS-625] - CommonCRLSource.java uses internal proprietary API
[DSS-632] - Create new module for JAXB TSL model
[DSS-633] - Import cookbook example in source code
[DSS-634] - Reorganise Maven Module
[DSS-635] - Start Applet with JNLP
[DSS-636] - Don't rely on Maven code generation for diagnostic data model
[DSS-637] - Incorporate JRE and Tomcat as Maven Dependencies
[DSS-652] - CAdES : TimeStampType not supported : CONTENT_TIMESTAMP
[DSS-654] - Demo application should have DEBUG log level as a default.

New Feature

[DSS-647] - PAdES Add visible signature

Task

[DSS-640] - Add unit test and integration test on signature mechanism
[DSS-651] - Validate PlugTest signatures

Release 4.4.RC1

    Release Notes - DSS - Version 4.4.RC1

Bug

• [DSS-619] - XADES SignedProperties Reference
• [DSS-621] - Extending previous -LTA PDF enter infinite loop.
• [DSS-628] - Inclusive canonicalization
• [DSS-639] - Method getRevocationReason doesn't work
• [DSS-661] - CAdES signature with expired certificate returns invalid signature

Improvement

• [DSS-622] - Replace X509Certificat with CertificateToken
• [DSS-624] - CertificateIdentifier contains static methods
• [DSS-625] - CommonCRLSource.java uses internal proprietary API
• [DSS-632] - Create new module for JAXB TSL model
• [DSS-633] - Import cookbook example in source code
• [DSS-634] - Reorganise Maven Module
• [DSS-635] - Start Applet with JNLP
• [DSS-636] - Don't rely on Maven code generation for diagnostic data model
• [DSS-637] - Incorporate JRE and Tomcat as Maven Dependencies
• [DSS-654] - Demo application should have DEBUG log level as a default.

New Feature

• [DSS-647] - PAdES Add visible signature

Task

• [DSS-640] - Add unit test and integration test on signature mechanism
• [DSS-651] - Validate PlugTest signatures

See : https://esig-dss.atlassian.net/projects/DSS/versions/10301