DSS v5.3
Following a security assessment from the Ruhr-Universität Bochum, we are delivering security patches for DSS versions 5.2 and 5.3.
Delivered patches are:
Please consider that use of older versions should be discouraged.
Description
The first pre-release version of DSS 5.3 comes with a number of improvements and bug fixes. The main new features include:
- certificate validation
- content-timestamps generation
- SHA-3 support
- non-EU trusted list(s) support
- integration of the last version of MOCCA
Release Note
Bugs, issues or suggestions? Report it on JIRA
Bugs
- [DSS-1177] - ASiCUtils.isASiCContainer fails when signing a MS Office document (xlsx, docx) with ASiCWithXAdESService
- [DSS-1257] - Remove signature from xades and cades
- [DSS-1267] - Validation - Policy proccesing error
- [DSS-1271] - Wrong/misleading error message when trying to create XAdES_BASELINE_T signature with a self-signed certificate with DSS 5.2.RC1
- [DSS-1290] - Detached XAdES extension fails if no file name is provided in DSSDocument even if it is the only detached document
- [DSS-1304] - dss-service depends on jcl-over-slf4j
- [DSS-1329] - DSS 5.0 - XPointer problem in validation
- [DSS-1332] - XAdES extension to XAdES_BASELINE_T fails with DSS 5.2
- [DSS-1334] - Detached XAdES signing produces broken signatures (or fails) if no file name is provided in DSSDocument
- [DSS-1335] - CAdES: SigningCerficiateV2 attribute is badly DER encoded when using sha256. CAdES signatures are incorrect.
- [DSS-1338] - DSS 5.0 VALIDATION - XADES ENVELOPING problem in output file
- [DSS-1348] - OCSP Response : ArchiveCutOff extension is badly supported
- [DSS-1349] - DSSXMLUtils.serializeNode modifies and invalidates a XML/HTML content with latin1 encoding
- [DSS-1359] - XAdES signature is not correct when adding more than one commitmentTypeIndication
- [DSS-1371] - PAdES : IO issue while extending a signature
- [DSS-1376] - PAdES - difference between the validator.getOriginal and the original doc
- [DSS-1377] - ASiC SOAP (and possible REST) document validation fails with explicit mimetype in request
- [DSS-1381] - Validator getOriginalDocuments problem
- [DSS-1384] - NullPointerException in OnlineTSPSource if server responds with HTTP error
- [DSS-1385] - XMLDocumentValidator should use the MimeType from the document
- [DSS-1391] - Pkcs11SignatureToken returns same keys for different slots
- [DSS-1395] - DSS Demo : startsWith (JS) is not supported in IE11
- [DSS-1397] - CAdES: Incorrect RoleSyntax encoding when adding claimed signer attributes
- [DSS-1398] - NullPointerException with CAdESSignatureExtension (PADES or CADES signature)
Improvements
- [DSS-1202] - Unable to download javadoc
- [DSS-1207] - Allows to validate certificates
- [DSS-1265] - Add SHA3 support
- [DSS-1266] - ECC based on brainpool not supported
- [DSS-1278] - Add a composite TSPSource
- [DSS-1292] - Add optional support of X509SubjectName
- [DSS-1294] - Add javadoc and graphs in the bundle
- [DSS-1295] - Upgrade MOCCA integration
- [DSS-1301] - Ability to programmatically specify an PdfObjFactory instance
- [DSS-1307] - AdvancedSignature.getSignatureForm() returns PAdES for a PKCS#7 signed file
- [DSS-1314] - CAdES : create detached signature with only the digest
- [DSS-1340] - SOAP/REST Services : allows to sign/extend/validate digest documents
- [DSS-1352] - Add the "best signature time" in the simple report
- [DSS-1353] - Support of the swedish design
- [DSS-1357] - Add support for non EU trusted lists
- [DSS-1360] - XAdESSignatureBuilder incorporateXXX methods don't follow XAdES hierarchy of nodes
- [DSS-1370] - XAdES : improve support of AllDataObjectsTimeStamp / IndividualDataObjectsTimeStamp
- [DSS-1380] - Add method to compute content-timestamp
- [DSS-1383] - Validation : add constraint on self-signed
- [DSS-1387] - XAdES : allow to sign more than one object (enveloping)
- [DSS-1394] - Update the cookbook
- [DSS-1401] - CAdES archive timestamp v2