DSS v5.4.3

Release note

Bug / Issue

• [DSS-1725] - Issue to validate the DK TL

• [DSS-1715] - eSig DSS 5.4.1 vulnerable to pdf-insecurity.org Signature Wrapping Attack

• [DSS-1685] -TSLLoader.call doesn't log sufficient information to analyse TSL download issues
• [DSS-1663] -Fix for DSS-1630 costs 30% performance
• [DSS-1652] -Allows to use DSS with Xalan
• [DSS-1629] -Version conflict in one of transitive DSS dependencies
• [DSS-1694] -Detailed report shows OUT_OF_BOUNDS_NO_POE for earlier timestamps even when properly covered by a valid archive timestamp
• [DSS-1628] -Insecure RNG used
• [DSS-1627] -Pdf content in PdfBoxSignatureService log
• [DSS-1681] -Certificate chains are sometimes marked as untrusted even when an intermediate certificate is trusted, causing online revocation checks to be skipped by default
• [DSS-1639] -ZIP bombing
• [DSS-1630] -CertificatePool : certificate conflict by SubjectName
• [DSS-1551] -DSS indicates that the certificate is not qualified, but I do not see any TLS overrules in the report
• [DSS-1696] -Extension of PAdES signatures removes the earlier CRL and certificate references (when there are duplicates)
• [DSS-1693] -Extension of XAdES-LTA signature copies old instead of embedding current revocation data
• [DSS-1690] -Unstable validation result for a PAdES signature with two document timestamps
• [DSS-1635] -XAdES signature is no longer considered valid after the first of the two archive timestamps expired
• [DSS-1686] -XAdES signature is no longer considered QESig after the first of the two archive timestamps expired
• [DSS-1647] -Inconsistent validation results from DSS 5.4 running on different servers
• [DSS-1610] -Document with LTA level signature is not valid (NO_POE) anymore after signature certificate expiration.
• [DSS-1581] -Use the validation pool from the CertificateVerifier for XAdES and CAdES extension.