DSS v5.4.3
Release note
Bug / Issue
- [DSS-1725] - Issue to validate the DK TL
[DSS-1715] - eSig DSS 5.4.1 vulnerable to pdf-insecurity.org Signature Wrapping Attack
- [DSS-1685] -TSLLoader.call doesn't log sufficient information to analyse TSL download issues
- [DSS-1663] -Fix for DSS-1630 costs 30% performance
- [DSS-1652] -Allows to use DSS with Xalan
- [DSS-1629] -Version conflict in one of transitive DSS dependencies
- [DSS-1694] -Detailed report shows OUT_OF_BOUNDS_NO_POE for earlier timestamps even when properly covered by a valid archive timestamp
- [DSS-1628] -Insecure RNG used
- [DSS-1627] -Pdf content in PdfBoxSignatureService log
- [DSS-1681] -Certificate chains are sometimes marked as untrusted even when an intermediate certificate is trusted, causing online revocation checks to be skipped by default
- [DSS-1639] -ZIP bombing
- [DSS-1630] -CertificatePool : certificate conflict by SubjectName
- [DSS-1551] -DSS indicates that the certificate is not qualified, but I do not see any TLS overrules in the report
- [DSS-1696] -Extension of PAdES signatures removes the earlier CRL and certificate references (when there are duplicates)
- [DSS-1693] -Extension of XAdES-LTA signature copies old instead of embedding current revocation data
- [DSS-1690] -Unstable validation result for a PAdES signature with two document timestamps
- [DSS-1635] -XAdES signature is no longer considered valid after the first of the two archive timestamps expired
- [DSS-1686] -XAdES signature is no longer considered QESig after the first of the two archive timestamps expired
- [DSS-1647] -Inconsistent validation results from DSS 5.4 running on different servers
- [DSS-1610] -Document with LTA level signature is not valid (NO_POE) anymore after signature certificate expiration.
- [DSS-1581] -Use the validation pool from the CertificateVerifier for XAdES and CAdES extension.