Domibus 5.1.8

This page collects the resources for Domibus version 5.1.8, released in May 2025.

Description

We are happy to announce the release of Domibus 5.1.8 sample implementation of the eDelivery Access Point.

The Domibus 5.1.8 release includes improvements and bug fixes and it addresses the latest vulnerabilities. We therefore strongly recommend the upgrade.

Hereafter a non-exhaustive list of bug fixes and improvements included in the Domibus 5.1.8 release:

• Add new optional attribute asyncNotification to the leg configuration in the Pmode. If this boolean attribute is set then, if true, it enables asynchronous processing of notifications, or, if false, it makes processing notifications synchronously. When the attribute is set, it overrides the plugin's behavior. If the attribute is not present on the leg, then the plugin's behavior is used as before.
• Fix issue with PULL error received when sending pull request for an already-known party after sending the test message.
• Fix issue with pull locking mechanism on Oracle causing delays under high concurrency.
• Fix error receiving the pull receipt in a non-separator configuration.
• Enable throttling when no message to be pulled.
• Enhance business logs.
• Fix issue with JMSCorrelationId not set in replyMessages.
• Fix issue with message status changed notification when delete_message_metadata="true".
• Fix issue with Oasis SMP 1.0/2.0 documents not parsed with root element with prefix.
• Ensure that thread Authentication context is cleaned after finishing thread tasks.
• Conduct OWASP vulnerabilities scan and update libraries.
• Message payloads on the filesystem are not deleted when partitions are dropped.
• Improve DSS settings related to HTTP downloads.
• Add quartz properties to help the job management in a clustered environment: domibus.quartz.jobStore.misfireThreshold & domibus.quartz.jobStore.acquireTriggersWithinLock
• Add new property in Domibus to enable/disable the trust verification, set to true by default: domibus.extension.iam.trust.enabled

Please also note that 5.1.7 8 release uses org.infinispan library that presents a vulnerability (CVE-2025-0736) in the following configuration that should be avoided: the vulnerability occurs when cluster nodes discover each other via a shared database (JGroups with JDBC_PING), instead of using multicast (UDP) or static configurations. In its default configuration of the org.infinispan library, Domibus is not exposed to the vulnerability. Please keep this in mind if you customised or plan to customise the relevant setting.

Domibus 5.1.8 is backward compatible with 5.1.7 and the upgrade is not mandatory, but it is highly recommended.

Supported platforms:

• Application servers:

  • WildFly 26.1.x
    Please be advised that WildFly will not be supported after Domibus 5.2, and it is best avoided for new installations. More details here.

  • WebLogic 12.2.1.4 (tested version, future versions might work)

  • Apache Tomcat 9.0.x

• Database:

  • MySQL 8 (future versions might work)

  • Oracle 12c R2 and Oracle 19c

• Java  Java 8 features / compile with Oracle JDK 8u291+: for compile, tested to run correctly with:

  • • Oracle JDK
  8u291+
  • • 8 for WebLogic
  , Tomcat and WildFly
  • • OpenJDK
  11.0.
  • • 11 for WildFly and Tomcat
  (tested with AdoptOpenJDK 11 version 11.0.9.1+1)

Security Note 1: To ensure your setup’s security, users installing any of the Domibus packages labelled as “Full Distribution” have the responsibility to update the application servers to the latest version after the installation.

Security Note 2: Please consult this page for essential guidelines and best practices for ensuring a secure and robust deployment of the Domibus Access Point -https://ec.europa.eu/digital-building-blocks/sites/display/DIGITAL/Domibus+Secure+Deployment+Recommendations

Technical Documentation

Anchor
techdocs techdocs

Upgrade from 5.1.7 to 5.1.8

For a detailed description of the Domibus upgrade procedure, see the Domibus Upgrade Guides.

Release notes

Please find below the list of improvements and fixed bugs:

Improvements

[EDELIVERY-14539]  - Enhance business logging for CESOP metrics
[EDELIVERY-14339] - Possibility to notify the plugins in a mixed mode: sync and async
[EDELIVERY-15063] - Add property in Domibus to disable validation extension

Fixed bugs

[EDELIVERY-14454] -EDELIVERY-14454 " Error received when sending pull request for already-known party
[EDELIVERY-15066] -EDELIVERY-15066  Reliability exception in load test
[EDELIVERY-14516] -EDELIVERY-14516  OptimisticLockException in IncomingPullReceiptHandler when under load
[EDELIVERY-14866] -EDELIVERY-14866  Vulnerabilities scan on docker images
[EDELIVERY-14875] -EDELIVERY-14875  Resending a message with PULL mechanism fails
[EDELIVERY-14568] -EDELIVERY-14568  Enable throttling when no message to be pulled
[EDELIVERY-14614] -EDELIVERY-14614  Fix pull locking mechanism
[EDELIVERY-14988] -EDELIVERY-14988  Message does not go to SEND_FAILURE status when using PULL - MT setup
[EDELIVERY-15113] -EDELIVERY-15113  Add metrics on the methods that handle the pull messaging lock
[EDELIVERY-14325] -EDELIVERY-14325  PULL: Error receiving the receipt when domibus.pull.force_by_mpc is false
[EDELIVERY-15013] -EDELIVERY-15013  Message to be pulled goes to WAITING_FOR_RETRY after upgrade
[EDELIVERY-14965] -EDELIVERY-14965  CESOP logging  Receipt Missing / Failed RECEIVED
[EDELIVERY-14851] -EDELIVERY-14851  Follow up on CESOP bussines log adjustments
[EDELIVERY-14991] -EDELIVERY-14991  Possible error in business logs in case of send failure
[EDELIVERY-14994] -EDELIVERY-14994  Possible error in business logs in case of receive failure
[EDELIVERY-14870] -EDELIVERY-14870  Better business logging for CESOP metrics
[EDELIVERY-14877] -EDELIVERY-14877  Message payloads are not deleted when partitions are dropped
[EDELIVERY-14911] -EDELIVERY-14911  Duplicate batches in FAT2 ICS2 Environment
[EDELIVERY-14968] - EDELIVERY - 14968 Payloads folder not deleted at partition dropped
[EDELIVERY-14969] -EDELIVERY-14969  Improve DSS settings related with HTTP downloads
[EDELIVERY-15001] -EDELIVERY-15001  Unexpected partition created for the first day
[EDELIVERY-15025] -EDELIVERY-15025  Replace the index on table TB_USER_MESSAGE
[EDELIVERY-15032] -EDELIVERY-15032  [Ansible] Run the performance for 5.1.8 with the index changes applied
[EDELIVERY-15041] -EDELIVERY-15041  Possible issues with storing xml raw user messages in the DB
[EDELIVERY-15048] -EDELIVERY-15048  Upgrade DSS version to support TLv6
[EDELIVERY-14859] -EDELIVERY-14859  Ensure that thread Authentication context is cleaned after finishing thread tasks
[EDELIVERY-14346] -EDELIVERY-14346  JMSCorrelationId is not set on replyMessages 
[EDELIVERY-15059] -EDELIVERY-15059  file:// protocol cannot be excluded from CRL
[EDELIVERY-14938] -EDELIVERY-14938  Null pointer exception related to alerts present in the logs
[EDELIVERY-14045] -EDELIVERY-14045  Investigate and fix OWSP vulnerabilities on branch
[EDELIVERY-14027] -EDELIVERY-14027  Remove ErrorHandler on jms queues
[EDELIVERY-14376] -EDELIVERY-14376  Dynamic discovery: Oasis SMP 1.0/2.0 documents are not parsed with root element with prefix
[EDELIVERY-14485] -EDELIVERY-14485  Issue with delete_message_metadata="true"

Known bugs

[EDELIVERY-13917] Possibility to upload a keystore with a keystore password that is not the same as the password for the private key

For more information, please contact us via our portal or by e-mail: EC-EDELIVERY-SUPPORT@ec.europa.eu