Domibus 5.0 will be released on 31 May 2022
The final release of the next major version of Domibus – Domibus 5.0 – was postponed to 31 May 2022.
Domibus 5.0 will include a number of new features, improvements, and bug fixes, among which:
- Possibility to visualize the non-repudiation receipts in the Admin console
- Improved overall performance including refactoring of the database to allow partitioning
- Optimized pull locking for Oracle
- Possibility to use an external agent to archive Domibus messages
- Default WS Plugin: Possibility to operate the plugin in PUSH mode
- Possibility to filter messages retrieved by the listPendingMessages method of the WS Plugin
- Possibility to offload the TLS traffic to an external component
- Improve the decoupling of the Domibus core from the plugin implementations
- Possibility to validate incoming UserMessages using a Validation Extension
- Possibility to reference JMS Plugin payloads via HTTP endpoints
- New client authentication trust store admin console page
- New WS Plugin which uses the edelivery namespace
The eDelivery Building Block
eDelivery is a building block that provides technical specifications and standards, installable software and ancillary services to allow projects to create a network of nodes for secure digital data exchange.
Domibus is the sample software provided by the European Commission to implement an eDelivery AS4 Access Point for the interoperable, secure and reliable exchange of data. It is based on the eDelivery AS4 profile, an open technical specification for the secure, web-based, payload-agnostic exchange of data or documents.
The image used in this article is © Adobe Stock
1. eIDAS-compliant eSignatures make online national referendum possible in Italy
On the 12 August 2021, Italian authorities launched a new online platform allowing citizens to digitally sign referendums in the comfort of their homes.
The Raccolta Firme Online (online signature collection) web platform was created by itAgile, an I.T. solutions company, in collaboration with TrustPro, a Qualified Trust Service Provider (QTSP).
Italian citizens could choose the best-suited method for them to use or acquire a digital signature. This might be:
- Signing with SPID (Public Digital Identity System which is the simple, fast and secure Italian access key to digital services of local and central administrations): SPID authentication is used to sign the voter's response with a digital signature;
- Signing with their device: for those who already have their own digital signature (smart card, USB key or remote digital signature service);
- Requesting the release of a digital signature online through the TrustPro QTSP service to sign immediately in case there is no SPID, or a digital signature.
In all the above methods, electronic signatures are created using the eSignature Building Block.
The eSignature Building Block is compliant with the eIDAS Regulation, meaning that it ensures the legal recognition and cross-border interoperability of electronic signatures. It also reduces risk of document duplication or alteration as the signer’s identity is bound to each specific document, ensuring that signatures and seals are verified, authentic and legitimate for that document alone.
It is vital to ensure the validity and security of electronic signatures used in the democratic process. In less than two months from the launching of the Raccolta Firme Online platform, more than 372,000 citizens signed online. This drove the collection of 500,000 signatures in total (both handwritten and digital) which is the requirement for an abrogative referendum to be presented in Italy.
By removing the need for a paper to obtain a signature or seal, eSignature facilitates the digitalisation of business processes, eliminating the time, costs, and risks of dealing with paper formats. It is also compliant with the eIDAS Regulation, meaning that it ensures the legal recognition and cross-border interoperability of electronic signatures and seals.
eDelivery sample software affected by Remote Code Execution vulnerability reported in Spring Framework
Update 04/04/2022
Patches for all product lines that are under active support are now available:
- Domibus 4.2.9 was released on Monday, 4 April 2022
- SMP 4.1.2 was released on Monday, 4 April 2022
- BDMSL 4.1.1 was released on Monday, 4 April 2022
Original announcement
A vulnerability allowing Remote Code Execution was reported by the Spring Framework project on 31 March 2022. Please refer to the early announcement for details.
The following list indicates all versions of eDelivery sample software that may be impacted if used in the configuration described in the announcement:
- Domibus versions 4.2.x
SMP, BDMSL and older versions of Domibus are not affected as they do not support JDK 9 or higher, but they do use the vulnerable libraries. Note also the announcement indicates that “there may be other ways to exploit [the vulnerability] that have not been reported yet.”
The eDelivery team is working to patch all concerned product lines that are under active support immediately. The patched versions will be released as follows:
- Domibus 4.2.9 will be released on Monday, 4 April 2022
- SMP 4.1.2 will be released at the latest on Monday, 4 April 2022
- BDMSL 4.1.1 will be released on Friday, 1 April 2022
We strongly recommend that all users upgrade to the latest versions as soon as they are available, regardless of the configuration they use.
The eDelivery Building Block
eDelivery is a building block that provides technical specifications and standards, installable software and ancillary services to allow projects to create a network of nodes for secure digital data exchange.
Domibus is the sample software provided by the European Commission to implement an eDelivery AS4 Access Point for the interoperable, secure and reliable exchange of data. It is based on the eDelivery AS4 profile, an open technical specification for the secure, web-based, payload-agnostic exchange of data or documents.
SMP is the sample software provided by the European Commission to implement an eDelivery Service Metadata Publisher (SMP) for publishing and retrieving data necessary for an eDelivery party to dynamically configure its system for message exchange with counterparties using eDelivery. It is based on the eDelivery SMP profile, an open technical specification for publishing service metadata within a 4-corner network.
BDMSL is the sample software provided by the European Commission to implement an eDelivery Service Metadata Locator (SML) for an eDelivery party to discover the URLs of other counterparties using eDelivery Access Points and their corresponding metadata. It is based on the eDelivery BDXL profile, an open technical specification for locating Access Points within a network.