News and noteworthy

Releases

v7.2.1 - work in progress

• Now the local deletion of Service Groups works as expected
• Added a work around to make sure, deletion of Participants in the Peppol Directory will work

v7.2.0 - 2025-01-09

• Updated to Peppol eDEC Code Lists v9.0
• [Docker] Fixed the handling of encoded slashes in Tomcat 10
• Trimming all REST API path parameters before using them, similar to the UI
• [SQL / MongoDB] The Service Group page displays quicker, because the owner name is not queried for each SG again
• [SQL / MongoDB] The Service Endpoint list and tree page displays quicker, because the owning service group as well as the transport profile is not queried for each SG again
• Internal APIs were altered to take IDs instead of the complete objects
• Added new landing page, to make sure that the login is quick and not delayed by loading all service groups
• It is now possible to delete Service Groups only locally (so not in the SML). This can be beneficial to resolve inconsistencies

v7.1.7 - 2024-10-17

• [XML] Fixed a deadlock in bulk endpoint URL and certificate change. See #297 - thx @seciq

v7.1.6 - 2024-09-20

• [Security] Updated to protobuf 4.28.2 fixing CVE-2024-7254

v7.1.5 - 2024-08-20

• Improved the "Tasks/problems" page so that it renders quicker. It doesn't show the details of a certificate for each endpoint anymore.
• Added new REST API /businesscard/{participantID}/push to explicitly push a Business Card to the Directory. See #269 - thx @dextreza
• Tried to lower the memory consumption for "bulk change URL" and "bulk change certificate". See #291
• [Docker] Improved the memory assignment to Tomcat inside the Docker image (-XX:InitialRAMPercentage=10 -XX:MinRAMPercentage=50 -XX:MaxRAMPercentage=80)

v7.1.4 - 2024-07-30

• Updated to peppol-commons 9.5.x
• Updated to eDEC Code Lists v8.9
• [Security] Updated to dnsjava 3.6.x fixing CVE-2024-25638
• Improved the consistency of the SMP settings by falling back to configuration values. See #267 - thx @anakinj

v7.1.3 - 2024-05-24

• Updated to peppol-commons 9.4.x
• Fixed the usage of non-Peppol compliant identifiers with the SMP identifier type peppol-lax. See #275

v7.1.2 - 2024-04-24

• Ensured Java 21 compatibility
• Allowed the creation of identifiers with an empty identifier scheme (see peppol-commons 9.3.4)
• Marked the DE4A PKIs as deprecated and no longer supported
• Added the DBNA PKIs as known to the "Certificate information" page
• [Docker] All Docker images from 7.1.1 on are optimized to remove unused web applications
• Updated to eDEC Code Lists v8.8
• Added new SMP identifier type peppol-lax. See #275 - thx @emilbokenstrand

v7.1.1 - 2024-02-27

• [Security] Updated to xmlsec 3.0.4 for security reasons (CVE-2023-44483)
• Updated the default Peppol Truststore to not contain the outdated trusted certificates
• [SQL] [Security] Updated to PostgreSQL JDBC driver to 42.7.2 for security reasons (CVE-2024-1597)
• Improved the error handling on invalid Directory hostnames in the "SMP Settings" page
• Removed the fields "Physical address" from "Register at SML" and "Update SML Registration" pages

v7.1.0 - 2023-12-10

• Updated to peppol-commons 9.1.x
• Updated to phoss-directory 0.13.x
• Updated to eDEC Code List v8.7 with the known names
• Updated to the Peppol SMP 1.3.0 specification -> replaced all SHA-1 with SHA-256 for the signature
• The consistency checks for Peppol Identifiers were improved to avoid less invalid identifiers
• Syntactically invalid Document Type and Process IDs are now marked with a respective "Invalid" badge
• [SQL] Added new configuration properties smp.flyway.jdbc.* that allow the usage of a different database configuration for Flyway only

v7.0.3 - 2023-08-25

• Updated to ph-oton 9.2.0
• Updated to eDEC Code List v8.6 with the known names
• Added an explicit optical highlight on peppol-doctype-wildcard identifiers in the endpoint list

v7.0.2 - 2023-07-26

• [Security] Updated to BouncyCastle 1.75 for security reasons (CVE-2023-33201)
• [SQL] Updated to Flyway 9.21.0

v7.0.1 - 2023-07-07

• Updated to peppol-commons 9.0.6
• [Security] Updated to ph-commons 11.0.5 for security reasons (CVE-2023-34612)
• Fixed a potential exception when viewing BusinessCards with an unsupported country code
• [SQL] Updated to Flyway 9.20.0

v7.0.0 - 2023-04-29

• Updated to ph-commons 11.0.4
• Fixed support for Surrogate characters for e.g. Japanese

v7.0.0-rc1 - 2023-04-03

• Using Java 11 as the baseline
• Using Servlet API 5.0.0 as the baseline: JakartaEE 9, Java 11+, Apache Tomcat v10.0.x, Jetty 11.x
• Updated to ph-commons 11
• Added new configuration property to disable the display of the Environment Variable page (webapp.page.admin.sysinfo.envvars.disabled). See issue #236 - thanks @smahieu87
• Improved the consistency checks for the smp.publicurl configuration property. If this value is set but invalid, the SMP will refuse to start. Additionally, if the value is modified during runtime, a check on the "Problems / Tasks" page was added. See issue #237 - thanks @smahieu87

v6.0.7 - 2023-02-23

• Updated to Log4J 2.20.0
• Support for "User Tokens" for authentication at the REST API were added. That can be used as a replacement for BasicAuth. That makes the usage of the REST API more secure. See issue #196 - thanks @sakasaka19
• [SQL] Updated to Flyway 9.15.0

v6.0.6 - 2023-02-15

• Migrated web.xml to use Servlet API 3.0 XSD
• Fixed XSI schemaLocation for Oracle XSD in weblogic.xml
• Updated the known names to eDEC Code List v8.3.1
• Fixed an ArrayIndexOutOfBoundsException when a single $ character is contained in a configuration property with variable resolution enabled. See issue #234 - thanks @Kristieb
• Beautified the Certificate Information page to spot errors quicker

v6.0.5 - 2022-12-15

• [SQL] Updated to Flyway 9.10.0
• [SQL] [Security] Updated the PostgreSQL JDBC driver 42.5.1 (CVE-2022-41946)
• [SQL] [Security] Updated to Google ProtoBuf 3.21.12 for security reasons (CVE-2022-3509)

v6.0.4 - 2022-11-14

• [SQL] [Security] Updated to Jackson 2.14.0 for security reasons (CVE-2022-42003)

v6.0.3 - 2022-11-07

• [Security] Updated to Woodstox Core 6.4.0 for security reasons (CVE-2022-40151, CVE-2022-40152, CVE-2022-40153, CVE-2022-40154, CVE-2022-40155, CVE-2022-40156)
• Updated to peppol-commons 8.8.1
• Deprecated SMP transport profiles busdox-transport-as2-ver1p0 (Peppol AS2 v1) and busdox-transport-as2-ver2p0 (Peppol AS2 v2)
• [SQL] Updated to Flyway 9.7.0

v6.0.2 - 2022-10-04

• Updated to Log4J 2.19.0
• Fixed an exception on login, when a non-existing user tries to login (regression since 6.0.0)
• [SQL] Updated to Flyway 9.4.0

v6.0.1 - 2022-09-13

• Added a configuration property that disables the usage of Markdown in system messages at "Administration / Monitoring / Sessions" page

v6.0.0 - 2022-09-12

• Added a configuration property that disables the display of the "Administration / Monitoring / Sessions" page
• Extended the list of known DE4A trusted certificates
• Changed the CEF contact email address from CEF-EDELIVERY-SUPPORT@... to EC-EDELIVERY-SUPPORT@...

v6.0.0-RC1 - 2022-08-26

• Updated to Apache Http Client v5.x
• Updated to ph-commmons 10.2.0
• Updated to ph-oton 8.4.1
• Updated to ph-web 9.7.1
• Removed support for Vagrant
• [SQL] Updated to Flyway 9.x dropping support for MySQL 5.7
• [SQL] Added a new configuration property to define the Flyway baseline version (smp.flyway.baseline.version)
• In case of failed logins the response is artificially delayed to complicate brute force attacks
• Added a configuration property that can be used to turn off the details about login errors (webapp.security.login.errordetails)
• Added configuration properties to replace the logo image in the public part
• The system used to configuration item was updated so that only one configuration file is needed and variables are supported
  • The configuration files private-webapp.properties and webapp.properties are deprecated and should not be used anymore. All the properties should be placed in application.properties.
  • The system properties peppol.smp.webapp.properties.path and smp.webapp.properties.path are no longer evaluated and will lead to a startup error.
  • The environment variable SMP_WEBAPP_CONFIG is no longer evaluated and will lead to a startup error.
  • The configuration files private-smp-server.properties and smp-server.properties are deprecated and should not be used anymore. All the properties should be placed in application.properties.
  • The system properties peppol.smp.server.properties.path and smp.server.properties.path are no longer evaluated and will lead to a startup error.
  • The environment variable SMP_SERVER_CONFIG is no longer evaluated and will lead to a startup error.
• The display of certificate information across the administration has been unified
• The operations "Register SMP at SML", "Update registration of SMP at SML" and "Delete SMP from SML" are now on separate pages instead of one page with tabs
• Endpoints without Endpoint URLs won't create invalid XML anymore with the BDXR1 REST API

v5.7.1 - 2022-08-08

• Update the name mapping for predefined document type and process IDs
• Updated to peppol-commons 8.7.6 for Peppol Code Lists v8.2
• [SQL] Fixed a DB2 issue in the V19 migration code
• [SQL] Updated the PostgreSQL JDBC driver 42.4.1 to fix CVE-2022-31197

v5.7.0 - 2022-05-17

• Updated to peppol-commons 8.7.x (updated SMP client proxy configuration keys). See Migrations page.
• Updated to phoss-directory 0.10.x (updated Directory client proxy configuration keys). See Migrations page.
• Updated to ph-oton 8.4.0 which lead to dropping support for old Internet Explorer versions for the UI.
• Added experimental support for OASIS BDXR SMP v2 via the new smp.rest.type Configuration value bdxr2
• The "not before" and the "not after" dates of the SMP certificate can be shown in the status. See issue #203 - thanks @jonaswest
• The check in "Tasks/problems" to see if the SMP is already registered to the SML was limited to the Peppol mode
• Participants previously migrated to another SMP can be migrated again, if necessary. See issue #209 - thanks @sakasaka19
• If an outbound proxy server is configured, that is displayed on the left hand side under the menu in the UI
• [SQL] Fixed a syntax error in Oracle migration V15
• [SQL] Improved the SQL syntax support for Oracle
• [SQL] Started adding support for DB2 as an SQL backend. The DB2 support is still considered experimental, so handle with care - thanks @gilescp for providing all the input
• [SQL] Added support for multilingual names in Business Cards if created via the import. See issue #210 - thanks @tmhide
• [SQL] Removed the length constraint from smp_service_metadata_red.redirectionUrl. See issue #206 - thanks @tmhide

v5.6.2 - 2022-03-18

• SMPs configured to provide the OASIS BDXR SMP v1 REST API can now also use a context path to register at the SML

v5.6.1 - 2022-02-24

• [SQL] Fixed a syntax error in PostgreSQL migration V17. See issue #201 - thanks @tmhide

v5.6.0 - 2022-02-22

• [SQL] Initial Oracle support is available. One happy user is known, but if you have troubles, just ping me - thanks Vladimiras Kovalkovas
• Updated to the new Peppol SMP specification 1.2.0 - using Canonicalization method http://www.w3.org/TR/2001/REC-xml-c14n-20010315 from May 1st, 2022
• The "Check DNS state" of the Service Groups should now also work for non-Peppol CEF-based configurations
• Extended the REST API to support export and import of data
• Extended the REST API to support migration of participants
• Import with "overwrite" enabled, does no longer delete the Service Group in the SML but only locally
• [SQL] Changed a table name for Oracle (Flyway v16). See issue #62 - thanks @JonasZal
• [SQL] Fixed an error, that by accident the owners of other ServiceGroups were changed. See issue #195 - thanks @sakasaka19
• [SQL] Changed two columns in table smp_secuser from clob to varchar(200) for Oracle (Flyway v17)
• The participants migrations pages are now shown, even if the preconditions are not fulfilled. This can be used to view historic data.
• Participant migrations can now be deleted from the UI
• The participant migrations pages now have a "Refresh" button

v5.5.4 - 2022-02-18

• Updated the predefined names to Peppol Code List v8.0
• Improved the security check for Basic Auth users
• [SQL] Updated to PostgreSQL 42.3.3 for security reasons

v5.5.3 - 2022-01-12

• [SQL] Updated to Google ProtoBuf 3.19.2 for security reasons (CVE-2021-22569)

v5.5.2 - 2022-01-11

• [SQL] Fixed an error in the MySQL DDL V1 - changing the collation from utf8 to latin to avoid "too long key" issue
• [SQL] Fixed an initialization order issue when migrating DB users from the old scheme to the new scheme (Flyway version V15)

v5.5.1 - 2022-01-10

• [XML] Fixed an error in web.xml of the XML version (duplicate servlet mapping)
• Improved resilience of internal path handling

v5.5.0 - 2022-01-10

• Updated to Log4J 2.17.1 for security reasons (CVE-2021-44832)
• Updated to ph-commons 10.1.5
• Updated to ph-oton 8.3.6
• [SQL] The transport profiles are now managed in the database when using the SQL Backend (table smp_tprofile)
  • All the existing transport profiles are automatically migrated into the database
• [SQL] The audit items are now also written directly to the database when using the SQL Backend (table smp_audit) - existing entries are NOT migrated
• [SQL] The security roles are now managed in the database when using the SQL Backend (table smp_secrole)
• [SQL] The users are now managed in the database when using the SQL Backend (table smp_secuser)
• [SQL] The user groups are now managed in the database when using the SQL Backend (table smp_secusergroup)
  • All existing roles, users and user groups are automatically migrated from the XML based file to the DB
• [SQL] All the SMP settings as well as the ID maintenance are now managed in the database when using the SQL Backend (table smp_settings)
  • All the existing SMP settings are automatically migrated into the database
• Added new property in webapp.properties called webapp.public.showappname to disable the display of the application name in the /public part
• Added new property in webapp.properties called webapp.public.showsource to disable the display of the application source in the /public part
• Certain HTTP redirects now correctly honour the public URL - this only affects usage behind a reverse proxy

v5.4.5 - 2021-12-21

• Updated to Log4J 2.17.0 for security reasons (CVE-2021-45105) - see https://logging.apache.org/log4j/2.x/security.html

v5.4.4 - 2021-12-14

• Updated to Log4J 2.16.0 for security reasons (CVE-2021-45046) - see https://www.lunasec.io/docs/blog/log4j-zero-day/

v5.4.3 - 2021-12-10

• Updated to Log4J 2.15.0 for security reasons (CVE-2021-44228) - see https://www.lunasec.io/docs/blog/log4j-zero-day/

v5.4.2 - 2021-11-30

• [SQL] Switching back to Flyway v7 for compatibility with MySQL v5.7.

v5.4.1 - 2021-10-30

• Fixed a regression in 5.4.0, that the parsing of date time values without a timezone failed.

v5.4.0 - 2021-09-19

• Added support for migrating service groups from and to another SMP - see the new menu items in the "Service group" area (see issue #78)
• An internal error on the "Business Cards" page was solved, if a Directory configuration was enabled using "https" but the certificate setup of the PD Client is broken
• Added an additional check on the "Certificate Information" page if the configured key store contains more than 1 key entry
• Added a new page that shows all the identifier mappings uses in the SMP (available in "Administration | Identifier Mappings")
• The return code of the PUT and DELETE APIs changed from 404 to 412 if the writable REST API is disabled
• Extended the REST API to create and delete ServiceGroups without SML interaction (see issue #163)
• Added a new status item smp.sql.db.connection-possible when using the SQL backend
• [SQL] Added a new configuration property smp.status.sql.enabled to disable the new status item
• Added a new configuration property smp.timezone to configure the global SMP time zone (see issue #167)

v5.3.3 - 2021-08-20

• Updated to ph-commons 10.1
• Updated to peppol-commons 8.4
• Updated to ph-oton 8.3
• A new Administration page to dynamically change the log level was added
• The page "SML certificate update" received additional checks regarding the certificate layout
• Removed superfluous pd-client.properties file
• Added new status item startup.datetime
• [SQL] The new configuration item smp.flyway.enabled allows to disable the usage of Flyway
• When listing certificates, the alias is also shown if it is available

v5.3.2 - 2021-01-15

• [MongoDB] Fixed an error in the MongoDB backend that prevented the endpoint processes to be handled correctly. This is a regression error introduced in 5.2.6.

v5.3.1 - 2020-11-03

• [SQL] If the DB connection is lost during a run, it can now be re-established via the GUI
• [SQL] Fixed a concurrency issue when using the SQL backend

v5.3.0 - 2020-10-06

• When registering the SMP to the SML, it can now be done using "https" addresses (when not in Peppol mode)
• Updating to the latest Directory software includes a change in the resolution of configuration files. See the Migrations page for details.
• [SQL] Mind the changes to the DB layout

v5.3.0 Release Candidate 6 - 2020-09-09

• [SQL] Added new configuration item jdbc.schema-create to customize whether the DB schema should be automatically created for an empty database or not

v5.3.0 Release Candidate 5 - 2020-08-30

• Fixed a bug in the Bulk Certificate Change functionality regarding the formatting of certificates
• Changed the JAXB generated classes to use Java 8 date time classes
• [SQL] Added new Status item smp.sql.target-database for SQL backends
• [SQL] Added new configuration item jdbc.schema to make the JDBC Schema name customizable

v5.3.0 Release Candidate 4 - 2020-08-26

• [SQL] Removed a wrong "UNIQUE" SQL statement from the PostgreSQL init script

v5.3.0 Release Candidate 3 - 2020-08-25

• [SQL] Fixed a bug in a "DELETE" SQL statement for endpoints

v5.3.0 Release Candidate 2 - 2020-08-25

• [SQL] Added the possibility to initially setup the database using Flyway
• Changed the license of the phoss-smp-backend-sql module to Apache 2.0 because nothing of the original source code is left
• [SQL] Dropped the support for the specific DB user management - only the build-in user management can be used
• Added support for a query API (see issue #145). To use this functionality, the new configuration item smp.rest.remote.queryapi.disabled must be set to false.

v5.3.0 Release Candidate 1 - 2020-08-20

• Updated the list of known identifiers to Peppol Code list 7.2
• [SQL] The SQL backend was changed to use JPA to JDBC
• [SQL] The SQL backend now supports FlyWay for easy DB migrations
• [SQL] For the SQL backend the special table "smp_user" is migrated to internal users and the ownership is updated.

v5.2.6 - 2020-08-20

• The initialization of the UTC timezone upon startup is now more consistent
• Fixed an error that prevented the automatic deletion of Business Card when a Service Group was deleted (see issue #139)
• Improved logging on actions on Business Cards
• Fixed a rare scenario where it would have been possible to create invalid XML in querying
• Fixed an Exception with the MongoDB backend, if a process had no endpoints
• Made separate pages for "Import" and "Export" of Service Groups
• Added possibility to disable support for the HTTP OPTIONS verb (see issue #142)
• Added support for the Content Security Policy (CSP) response headers (see issue #141)
• Added possibility to remove the authorship text from the public page (see issue #140)
• The server name on the start page now uses the same algorithm for calculation as the "list servicegroup" API
• The bulk change certificate page now has an improved certificate matching algorithm (see issue #143)
• The bulk change operations (endpoint and certificate) are now running asynchronously in the background

v5.2.5 - 2020-07-12

• Fixed a regression that prohibited the creation of ServiceGroups in the SMLs, due to a bogus SoapAction (see issue #137)

v5.2.4 - 2020-06-30

• The ServiceGroup import error handling was improved
• Updated to ph-commons 9.4.0
• Split the menu item "Endpoints" into "Endpoint List" and "Endpoint Tree", so that huge data volumes are handled more easily (see issue #97)
• Speeding up the Service Group page, by not counting the document types, processes and endpoints if more than 1000 service groups are available (see issue #97)
• Made the domain name creation for the "GET /{serviceGroups}" call customizable (see issue #131)
• The XML format for known document types was extended to allow the specification of process identifiers allowed to be used with a specific document type identifier
• The bulk certificate change can now also be performed if the old certificate is not parsable
• A custom imprint can be configured on the user interface (see issue #132)
• It is ensured that all transport profiles, that are referenced in existing endpoints are existing (see issue #128)
• Added new writable REST API to remove all Endpoints and Redirects from a service group (see issue #134)
• Added new configuration property webapp.statistics.persist to disable the writing of usage statistics files

v5.2.3 - 2020-02-23

• Fixed an error that document types with an encoded slash could not be queried (see issue #125)

v5.2.2 - 2020-02-17

• Updated to peppol-commons 8.x
• The Peppol PKI v2 certificates are officially expired and flagged as such
• The default truststore no longer contains the Peppol PKI v2 certificates
• The names of the SNAPSHOT Docker images changed (phelger/smp:snapshot -> phelger/phoss-smp-xml:snapshot, phelger/smp:snapshot-mongodb -> phelger/phoss-smp-mongodb:snapshot, phelger/smp:snapshot-sql -> phelger/phoss-smp-sql:snapshot)
• Updated the versions of the underlying UI libraries
• The Administration area has a new page "System truststore" to show the contents of the Java default truststore (cacerts)
• The "Transport profiles" page was improved and does not necessarily scan all endpoints any more
• The "Transport profiles" page can now also delete deprecated predefined protocols
• The "Certificate Information" page now also shows the trust store content of the Directory client (if any)
• The "Tasks/problems" page now also checks the key configuration of the SMP certificate
• The "Tasks/problems" page now also checks the key store and trust store configuration of the Directory client (if any)
• A new Administration page "http client" can be used to diagnose connectivity issues

v5.2.1 - 2020-01-24

• Added default robots.txt that disallows every indexing
• Added new configuration property smp.rest.payload.on.error (was also added to the status JSON)
• The display names of document types and processes can now be customized (see issue #112)
• Fixed NPE when creating a half-filled BusinessCard with MongoDB backend
• Using my fancy new logo - thx to Maria Petritsopoulou - http://stirringpixels.com/
• Fixed NPE when a Proxy server was configured for "http" and "https"
• The certificate information page now got a button to reload the Peppol Directory client configuration
• Changed all texts from "PEPPOL" to "Peppol" where applicable
• Fixed an internal overflow error for the certification validity period display text
• Expired certificates in the trust store are now displayed on the "Tasks/problems" page (see issue #120)
• Added possibility to easily update all participants in the Directory (see issue #116)
• Using MongoDB as the global ID provider, including a migration script

v5.2.0 - 2019-07-18

• Check the Migrations page for manual update actions
• The GitHub project was renamed from peppol-smp-server to phoss-smp
  • The internal submodule names were adopted:
    • peppol-smp-server-library → phoss-smp-backend
    • peppol-smp-server-sql → phoss-smp-backend-sql
    • peppol-smp-server-xml → phoss-smp-backend-xml
    • peppol-smp-server-webapp → phoss-smp-webapp
    • peppol-smp-server-webapp-sql → phoss-smp-webapp-sql
    • peppol-smp-server-webapp-xml → phoss-smp-webapp-xml
  • The Maven artifact IDs were changed according to the new submodule names
  • All internal package names were changed to reflect the new naming (com.helger.peppol.smpserver.* was changed to com.helger.phoss.smp.*)
  • System property names, configuration file names or configuration properties are NOT changed. If you don't develop against phoss SMP, nothing changed for you
• Slightly changed the wording in the small hint menu in the secure area (see issue #100)
• Changed the order on the "SMP Settings" page, so that "SMK/SML" comes before "Directory" (because it is more important)
• The "Tasks/problems" page now also checks, if the SMP is registered to the SML (see issue #101)
• The page "Certificate information" now knows about the "TOOP Pilot" PKI
• Added a new button on page "Transport Profiles" to ensure all default transport profiles are present
• Added new backend MongoDB (see issue #105)
• Page "Endpoints" wont show up if no transport profiles are present
• Fixed a missing call to persistence if only a process of an endpoint was deleted (only for XML backend)
• Technical details of errors are shown in more details on the UI for better tracking
• The service group import no longer creates (invisible) Business Cards if the respective service group cannot be created
• The confusing default values in page "SML registration" were moved to the field help texts and other improvements (see issue #104)
• An error in "Check DNS state" of service groups was fixed, that lead to erroneous resolutions to "127.0.0.1"
• Added a summary of the HTTP proxy configuration to the status API
• The form at /secure now uses a hostname independent action URL for better work behind a reverse proxy
• Fixed invalid triggers to the Directory if "Directory auto update" was enabled independent of the "Directory enabled" state.
• The "Business Cards" page got an icon for the selected country in the list view

v5.1.2 - 2019-05-28

• A new configuration option webapp.public.login.enabled in webapp.properties can be used to turn off the login possibility from /public URLs (see issue #102)
• The Docker internal environment variable VERSION was renamed to SMP_VERSION to avoid conflicts
• The Docker images now use Tomcat 9 with JRE 11 as the basis

v5.1.1 - 2019-04-23

• The random generator initialization that caused long initialization delays ways fixed (through ph-commons 9.3.2)
• The default read timeout for the SML connection was updated from 5 to 30 seconds issue #99
• The Docker images use the non-blocking random by default

v5.1.0 - 2019-03-20

• Updated user interface to use Bootstrap 4.3.1
• Reworked the REST API error handling, so that errors are propagated more clearly (see issues issue #72 and issue #80).
• Added new configuration file property smp.rest.log.exceptions with the default value of false
• Added new setting if Directory is required or not. Certain warnings are enabled/disabled depending on that status.
• The Status API got a new item smp.pd.needed that contains the new setting if the Directory is needed or not.
• The certificate update API was integrated in the SMP (see issue issue #70).
• When using identifier type simple it is now possible to created process identifiers without a scheme (see issue issue #87).
• Added new task/problem checks for "global debug" and "global production" settings.
• The Status API got a new item smp.publicurl that contains the public URL from the configuration file
• The Status API got a new item smp.forceroot that contains the setting from the configuration file
• If Directory automatic update is enabled, any ServiceInformation change triggers a Directory update if a Business Card is available for the respective Service Group (see issue issue #94).
• The X-Frame-Options HTTP header is now by default set to SAMEORIGIN to avoid click-jacking attacks.
• The REST API implementation was reworked to be more secure and less prone to attacks.
• The Business Card page now always shows the possibility to manually update a ServiceGroup in the Directory

v5.0.8 - 2018-10-30

• The simple login from the /public now uses HTTP method POST instead of GET (security issue)
• An issue with case sensitivity in the writing REST API to create service groups was fixed, if a case-insensitive identifier factory is in used (e.g. "peppol") (see issue #57).

v5.0.7 - 2018-10-29

• Added new webapps.properties configuration item global.debugjaxws of type boolean to enable WS debug logging
• Renamed the administration page "SML information" to "SML configuration"
• Instead of maintaining the SML URL manually in the settings, you now need to chose one of the configured "SML configurations". This implies that the configuration property sml.url got useless.
• The name of the Directory can now be customized using webapps.properties configuration item webapp.directory.name. By default it is "PEPPOL Directory" but it may be "TOOP Directory" for TOOP as well. This is a pure user interface configuration item and has no functional implications.
• It's now possible to edit the extension of an Endpoint on the UI (see issue #74).
• Improved the visualization of extensions when viewing the details of an object
• In case a BusinessCard exists without a ServiceGroup, this no longer causes an exception
• If PEPPOL PKI v3 is configured, a certificate chain of 3 elements is expected
• The Endpoint tree view now also has a button to directly query the endpoint
• Updated to PEPPOL Directory API 0.6.2
• Error handling was improved if an error occurred when communicating with the SML.
• The Status API got a new item build.timestamp
• The SQL backend now uses MySQL Connector/Java 8.0.x. I had issues with the timestamp handling which forced me to add useUnicode=true&useJDBCCompliantTimezoneShift=true&useLegacyDatetimeCode=false&serverTimezone=UTC to the JDBC connection URL. But the solution is still binary compatible with the previous MySQL 5.1 connector version.
• Fixed an error with same internal ID when copying Business Cards on the UI

v5.0.6 - 2018-06-04

• Fixed an error with rolling back SML transactions (see issue #71)
• The UI now has a possibility to explicitly unregister a Service Group from the SML without deleting it
• Added the possibility to configure the execution time warning (SQL version only)
• The field "is deprecated?" of transport profiles can now be handled via the UI
• A new Status API was introduced to query configuration parameters (see issue #73).
• Added a possibility to disable the status API via the Configuration

v5.0.5 - 2018-04-16

• Fixed a stupid error that the deletion of a ServiceGroup is not properly propagated to the PEPPOL Directory
• Updated to Jersey 2.27
• Updated the default truststore so that the SSL certificates of the DG DIGIT SML are contained, as there seems to be an issue with the latest Java 8 update.
• The "Create Business Card" page only shows Service Groups that don't have a Business Card yet

v5.0.4 - 2018-03-27

• A suspicious comment indicating that PEPPOL Directory is not supported by SQL backend was fixed
• The /complete/ and the /list/ REST APIs are now available for the OASIS BDXR as well
• The sub-projects previously licensed under EUPL 1.1/MPL 1.1 are now licensed under MPL 2.0
• The automatic PEPPOL Directory update on import/REST API was fixed (see issue #52)
• The list of managed participants on the public start page can be disabled (see issue #58). Configure via property webapp.startpage.participants.none in webapps.properties.
• Warning about disabled SML can be turned off (see issue #53). Configure via property sml.needed in smp-server.properties.
• Added configurable timeouts from SMP to SML using the properties sml.connection.timeout.ms and sml.request.timeout.ms as mentioned in issue #67.
• The Certificate information page now has explicit support for the new OpenPEPPOL PKI v3
• By using the predefined truststore path truststore/complete-truststore.jks with password peppol support for OpenPEPPOL PKI v2 and v3 is provided
• By updating to PEPPOL Directory 0.6.0 the extended PD Client configuration in file pd-client.properties can be used. See https://github.com/phax/peppol-directory/#pd-client for details.

v5.0.3 - 2017-07-21

• Initial support for SMP Docker images was added
• Fixed NPE in REST API if an invalid data format was used
• Made SML registration IP and hostname configurable (see issue #49)
• Existing service groups can now be subsequently registered to the SML (see issue #51)
• The "SML registration" pages now contains a note, if the SMP is already registered to the SML.
• The default page of the PEPPOL Directory was changed to https://directory.peppol.eu - because of the very special https setup currently used, an update to the PD client library v0.5.1 is highly recommended
• An error prevented Business Cards from being imported correctly - Thanks Ger for pointing this out
• An exception when using the PEPPOL REST API in combination with an Endpoint without an URI was fixed
• The Docker image got vim by default (see issue #45)

v5.0.2 - 2017-04-04

• Fixed an NPE in "Check DNS state" when an empty participant identifier scheme is used
• Added a new entry to the "Tasks/problems" page if the default password of the default Admin user was not changed
• Improved and unified logging a bit
• Vagrant configuration has been updated to work with the new structure from 5.0.1
• Made the public start page static to decrease server load. The previous layout can be restored by switching the property webapp.startpage.dynamictable to true in the webapp.properties file.
• Added support for a writable REST API to create/update/delete BusinessCards per API (see issue #43)

v5.0.1 - 2016-11-27

• There are now 2 separate web applications for the SQL and the XML backend to resolve a problem with WildFly if a persistence.xml is in the class path but the XML backend is used.
• An incompatibility with .NET using the inclusive canonicalization algorithm was fixed ("\r\n" vs. "\n")
• The canonicalization algorithm used in the signature was changed to "exclusive" as stated in the PEPPOL SMP specification. The OASIS BDXR version still requires the use of the "inclusive" version.

v5.0.0 - 2016-11-15

• Naming the solution "phoss SMP" plus branding
• The first SMP solution to be officially CEF conformance tested - read the test protocol - read more on https://ec.europa.eu/cefdigital/wiki/display/CEFDIGITAL/phoss+SMP+first+implementation+to+pass+CEF+eDelivery+OASIS+SMP+Conformance+Tests
• Added the new logo into the application

v5.0.0 Release Candidate 2 - 2016-11-07

• Fixed extension UI handling for BDXR service groups (see issue #30)
• Delete Business Card when Service Group gets deleted (see issue #31)
• Using specific namespace prefixes for SMP REST responses ('smp' in PEPPOL mode and bdxr in BDXR mode)
• The endpoint list can now also be view as a tree structure (see issue #36)
• Identifier case sensitivity (or insensitivity) is now based upon the used identifier schemes (to comply with the generic BDXR SMP CS03 specification). In BDXR mode all identifier types are case insensitive where in PEPPOL mode only the participant identifiers are case insensitive (when using the iso6523-actorid-upis scheme).
• Service groups, endpoints and Business Cards can now be exported and imported to simplify the migration with all data to a different SMP (see issue #37)
• Added the possibility to delete empty processes and empty document types from the list of endpoints.
• A simple Vagrant setup for SMP was provided by @jerouris and can be found at https://github.com/phax/phoss-smp/tree/peppol-smp-server-parent-pom-5.0.0-rc2/vagrant

v5.0.0 Release Candidate 1 - 2016-10-13

• A special Migrations guide was created
• PEPPOL Directory automatic update was added (see issue #25)
• When running in BDXR mode, the Signature and Digest algorithm was fixed to SHA256
• The SQL implementation for the business cards is in place (see issue #28)

v5.0.0 Beta 1 - 2016-08-06

• JDK8 is be the minimum runtime requirement, the configuration is totally backwards compatible
• The REST-API of the SMP can now supply either the PEPPOL XML format (in namespace http://busdox.org/serviceMetadata/publishing/1.0/) or the BDXR SMP XML format (in namespace http://docs.oasis-open.org/bdxr/ns/SMP/2016/05) (see issue #29)
• The "SMP - SML tools" page from http://peppol.helger.com has been integrated (see issue #22)
• It's possible to customize the SMLs to use inside the tool (see issue #23)
• A truststore for https connection with the SML can now be configured
• Keystore and truststore can be reloaded at runtime
• Identifier types are now customizable (see issue #20)
• The "minimum SQL" implementation introduced in 4.1.1 was removed again because the original requestor no longer uses it.
• Improved the integration of the PEPPOL Directory configuration into the system
• New pages for bulk changing URLs and certificates are present (see issues #4 and #27)
• Certain settings can now be changed at runtime:
  • Enable or disable the writable REST APIs
  • Enable or disable the PEPPOL Directory integration and specify the hostname
  • Enable or disable the connection to the SML and the specify the management endpoint
• The "Transport profiles" page was moved into the "Administration" sub menu

v4.1.2 - 2016-03-05

• This is the last version supporting JDK 7
• Added experimental support for PEPPOL Directory Business Cards (properties smp.peppol.directory.integration.enabled and smp.peppol.directory.hostname) - see PEPPOL Directory Integration

v4.1.1 - 2016-02-23

• Added a new "minimum SQL" SMP implementation without a GUI - as simple as possible: peppol-smp-server-webapp-sqlmin
• All service group (participant) identifiers are now treated case insensitive.
• Fixed the handling of the SML migration keys as SMK 3 limits them to 24 characters

v4.1.0 - 2015-12-07

• Changed the application title to "ph-peppol-smp-server"
• Fixed some internal URL encodings in links (on the UI)
• Endpoint reference URLs are now optional - creating empty Address elements
• Fixed a problem that consecutive PUTs for service information caused an internal error and required an intermediate DELETE
• Deletion of redirects via the REST API works
• Separated the version number into a separate properties file (version.properties)
• Fixed an EclipseLink caching issue that "find"s after delete still delivered a result (SQL backend only)
• Added new smp-server property smp.publicurl to specify the public (outside) URL of the SMP server in an easy way
• Added the possibility to define custom transport profiles and use them for your endpoints

v4.0.3 - 2015-11-09

• Fixed a severe bug - the SML deletion of service groups did not work with the SQL backend - the XML backend is not affected!
• A new page "Tasks and problems" showing potential misconfiguration and action items for all service groups was added
• Added new version number property ('webapp.version' in file webapp.properties)

v4.0.2 - 2015-11-05

• Added the configuration option smp.rest.writableapi.disabled to disable the non-standard writable REST API programmatically. See Configuration for details.
• Updated the SML client so that it works with the new CIPA SMK 3.0.0 (passing SMP-ID when deleting a participant)

v4.0.1 - 2015-10-08

• fixed a problem that some signed serialized REST responses could not be validated correctly

v4.0.0 - 2015-10-04

• Initial version with management GUI and replaceable backend