Digital Signature Services (DSS)
1. Current release
2. Roadmap and previous releases
1. Current release
Following a security assessment from the Ruhr-Universität Bochum, we are delivering security patches for DSS versions 5.2 and 5.3.
Delivered patches are:
Please consider that use of older versions should be discouraged.
Release note
Bug / Issue
- [DSS-1161] - Scope validation of a PAdES signature
- [DSS-1225] - Incomplete LT and LTA signatures if a Trusted List is not properly loaded
- [DSS-1255] - PDF signatures without revocation info
- [DSS-1342] - ConcurrentModificationException on DSS 5.0
- [DSS-1413] - Unable to put a role inside PAdES signature
- [DSS-1419] - SHA3 support in CAdES
- [DSS-1420] - SHA3 support in PAdES
- [DSS-1431] - TSLRepository#clearRepository() fails if the cache directory doesn't exist
- [DSS-1432] - TSL service name is not historized
- [DSS-1439] - Signature level -LT is produced with a -T setting (and a self-signed certificate)
- [DSS-1443] - DSS 5.3 reports only B level for PDF documents with a document timestamp
- [DSS-1444] - PDFDocumentValidator does not report when it could not parse the provided PDF
- [DSS-1447] - CommonCertificateVerifier.setSignatureCRLSource/setSignatureOCSPSource seem to be used in a non-thread-safe way in DSS demo application
- [DSS-1449] - Validation Certificate
- [DSS-1450] - NPE in CommonCertificateSource.get(final X500Principal x500Principal)
- [DSS-1453] - Validation or extension of a signature can influence the validation result of another signature
- [DSS-1468] - Broken signatures created due to DSS-1334 as attached signatures validate fine if an original document with null file name is provided as detached content
- [DSS-1475] - Bad URI encoding in XAdES detached signatures (e.g. ASiC-E with XAdES)
- [DSS-1482] - Problem fetching TSL for PT, parser error: Cannot add overlapping item
- [DSS-1483] - Certificate is ignored in KeyStoreCertificateSource if it is part of the private key entry (certificate chain)
- [DSS-1485] - XAdES Reference incorrect - ID is not resolved correctly for namespace prefixed id attribute
- [DSS-1496] - Include intermediate certificates that issued timestamp certificates
- [DSS-1503] - XADES - non-conformant hash algo for SignignCertificateV2
- [DSS-1505] - Validation proof chain gap after LTA extension using DSS
- [DSS-1508] - PAdES : Upgrade PDFBox
- [DSS-1509] - XAdES : enforce validation against XSW
- [DSS-1510] - XAdES : enforce XML Security against XXE
- [DSS-1511] - XAdES : enforce reference URI validation (SSRF / XPath injections)
- [DSS-1512] - CommonDataLoader : enforce SSL certificates validation
- [DSS-1515] - DssUtils wrongly replaces plus character with space
- [DSS-1523] - Extension of PAdES signatures creates copies of already existing validation data objects instead of referencing them
- [DSS-1524] - Could not find a resolver for URI null and Base
- [DSS-1537] - Signature format is always XAdES-BASELINE-T for XAdES-LT/LTA signed files in detailed report
- [DSS-1543] - Exception when signing a PDF's existing signature field using LTA level.
New Feature / Improvement
- [DSS-1220] - Augmentation of signatures with invalid time-stamps, archive-time-stamps and revoked certificates
- [DSS-1312] - Upgrade to Java 8 or 9
- [DSS-1389] - Certify documents
- [DSS-1405] - Add support of KeyHash in OCSP Responses
- [DSS-1406] - OCSP - handling of the id-commonpki-at-certHash extension
- [DSS-1407] - The CAdESCertificateSource class misinterprets the "complete-certificate-references" unsigned attribute
- [DSS-1415] - Implementation improvement for POJO/jaxb objects
- [DSS-1418] - Support of bridge certificates
- [DSS-1428] - Add new parameter to choose the message-digest algorithm
- [DSS-1436] - Provide getters methods on the TSL Condition subtypes
- [DSS-1440] - Improve validation granularity
- [DSS-1454] - DSS should avoid console (System.out) logging
- [DSS-1460] - XAdES internally-detached
- [DSS-1473] - Libreoffice Default XAdES Signature Validation
- [DSS-1474] - Improve OnlineOCSPSource : allows to loop on several locations
- [DSS-1477] - Refactoring CertificateToken
- [DSS-1478] - Refactoring CertificatePool
- [DSS-1479] - Allows to throw exception in case of extension failure
- [DSS-1480] - Integration OpenPDF
- [DSS-1487] - Review signature scopes + add constraints in the policy
- [DSS-1488] - Standalone application : allow to open the scene with SceneBuilder
- [DSS-1489] - XAdES : remove Xalan dependency
- [DSS-1498] - Support for ds:Manifest in ASiC-E XAdES
- [DSS-1499] - Allows to ignore unknown OCSP/CRL
- [DSS-1501] - Expose SignedDocumentValidator.getOriginalDocuments as API method (REST preferably)
- [DSS-1514] - Webservice API - RemoteDocument - Add possibility to pass absolute path to file
- [DSS-1520] - Expose the HttpClientBuilder from CommonsDataLoader
- [DSS-1530] - Support of ECDSA plain format
- [DSS-1533] - Support of null nextUpdate in the trusted lists
- [DSS-1544] - DSS Demo : upgrade NexU
