Release Notes - eSignature DSS - Version 6.2.RC1

New features

• [DSS-3166] Add support of ECDSA with SHA3 algorithms defined in RFC 9231
• [DSS-3207] Configurable memory settings on PAdES signature creation
• [DSS-3341] Add definition of trust anchors with time
• [DSS-3369] Implement support of noRevAvail RFC 9608
• [DSS-3393] Add option of nested CMS signatures creation
• [DSS-3468] Add ValidationTime to validateSignature REST/SOAP API
• [DSS-3486] Add validation of Trusted List v6

Improvements

• [DSS-2623] XAdES/JAdES : Separate timestamp validation data on LT level
• [DSS-2849] PAdES : add support of 142-2 extended profiles on validation
• [DSS-3374] REST/SOAP webservices : add unit tests for on signature augmentation with detached content
• [DSS-3404] Update trust anchor definition per TS 119 615 v1.2.1
• [DSS-3419] Adjust anchor links within Detailed Reports for new sunset checks
• [DSS-3428] Allow a check skip with alerts
• [DSS-3445] ASiCArchiveManifest shall refer a set of signed or timestamped files from covered signatures/timestamps
• [DSS-3454] Fix "CRL Signature cannot be validated" warning message
• [DSS-3460] Align getFilename method naming
• [DSS-3484] Automate digest encoding on signing with RSA algorithm
• [DSS-3487] Add support of AnyValidationData unsigned property
• [DSS-3513] Add option to choose between strict and lax validation of ats-hash-index attribute (CAdES)
• [DSS-3514] No minKeySize cryptographic constraint should not result in validation failure

Bug fixes / Issues

• [DSS-2353] JAdES LT adds time-stamps validation data to the xVals
• [DSS-2355] JAdES augmentation adds validation data for the signing certificate into the tstVD
• [DSS-2359] XAdES LT adds time-stamps validation data to CertificateValues and RevocationValues
• [DSS-2360] XAdES augmentation adds validation data for the signing certificate to the TimeStampValidationData element
• [DSS-2361] LTA augmentation of LTA signatures adds new revocation data for the signing certificate
• [DSS-3392] ASiC-S with CAdES creates invalid signature when a CMS signature is provided as an input
• [DSS-3395] Bad debug log in ImageUtils
• [DSS-3401] ASiCUtils.isZip(DSSDocument) method fails when a DigestDocument provided
• [DSS-3411] ASiC with XAdES creates manifest.xml with null media-type
• [DSS-3418] DiagnosticData does not include all certificate references when a custom TokenIdentifierProvider is used
• [DSS-3439] PAdES ByteRange is not properly checked
• [DSS-3451] Wrong link in reference to RFC4998
• [DSS-3452] Expected and actual values switched in error message
• [DSS-3458] XAdESPath contain imports from jaxb related modules
• [DSS-3475] crlSignKeyUsage validation
• [DSS-3478] Expired hardcoded test certificates break build
• [DSS-3480] DSS WebApp logs Using generated security password warning
• [DSS-3481] WebApp : CXF OpenAPI generates wrong JSON schema
• [DSS-3482] Failed validation of detached CMS signature when using not id-data content type
• [DSS-3490] Deadlock in TLValidationJob on TL URL change when CacheCleaner is not used
• [DSS-3495] Slow XAdES validation with large amount of datafiles
• [DSS-3506] Xades Signature DataObjectFormat missing reference to KeyInfo element
• [DSS-3512] Inconsistent ats-hash-index-v3 building for non Baseline or invalid CAdES structures
• [DSS-3519] Enforce TimeStamp level checks when no LTA material is present

Tasks / Other

• [DSS-3065] Refactor CustomProcessExecutorTest class
• [DSS-3122] Upgrade to PdfBox 3.0.0
• [DSS-3325] Upgrade to Apache Santuario 3.0.5
• [DSS-3435] Update highlightjs
• [DSS-3465] Upgrade to FOP 2.10
• [DSS-3483] Update BouncyCastle 1.79
• [DSS-3496] Nexu : fix link in demo
• [DSS-3499] Update cryptographic suites as per ETSI TS 119 312 v1.5.1
• [DSS-3501] Update HttpClient5 to version 4.5.x
• [DSS-3515] Update json-sKema v0.20.0