Digital

Page tree

European Commission Digital

Download DSS v5.12.RC1

Here, you can download the latest version of the Digital Signature Services open-source library released in February 2023. You can read more about DSS and how it can help you here.

Source code is available in .zip and tar.gz

New features

  • [DSS-2394], [DSS-2609] - Allow signature with external CMS provider
  • [DSS-2685] - DSS Standalone : introduce extension feature
  • [DSS-2686] - DSS Standalone : introduce validation feature
  • [DSS-2689] - PDF/A : add optional structure validation with VeraPDF
  • [DSS-2768] - Add multiple documents signature support in the standalone
  • [DSS-2802] - PDF : spoofing attack detection
  • [DSS-2854] - PAdES : make VRI dictionaries creation optional
  • [DSS-2857] - AbstractKeyStoreTokenConnection : add key filter predicate
  • [DSS-2861] - Evaluate the possibility to implement a pre-emptive basic authentication on CommonDataLoader
  • [DSS-2914] - Add BasicConstraints.CA check for CA certificates
  • [DSS-2925] - Reject certificates with unsupported critical extensions
  • [DSS-2926] - Reject certificates with not allowed extensions
  • [DSS-2927] - Verify Responder Id against found OCSP's issuer
  • [DSS-2931] - WebServices: add methods to sign providing a SignatureAlgorithm
  • [DSS-2938] - Review expiration of cryptographic algorithms in XML validation policy
  • [DSS-2943] - WebServices : add setter of default validation policy
  • [DSS-2951] - Add support for Ed25519 signatures in Jades
  • [DSS-2964] - Add processing of policy constraints certificate extension
  • [DSS-2970] - Add processing of name constraints certificate extension

Improvements

  • [DSS-2727] - Avoid loading OutputStream in memory when computing digest
  • [DSS-2749] - PAdES : introduce a new PdfByteRangeDocument
  • [DSS-2816] - Simple Report : add information about trust anchors
  • [DSS-2818] - PAdES : report incorrect ByteRange incorporation
  • [DSS-2829] - PAdES : add support of TU/TS entries within VRI dictionary
  • [DSS-2841] - WebApp : ensure DTO contain binaries when applicable instead of base64-encoded String
  • [DSS-2842] - RepositoryRevocationSource : add a possibility to process multiple revocation data
  • [DSS-2846] - Refactor MimeType class
  • [DSS-2858] - WebApp Demo : make use of Jdbc repository optional
  • [DSS-2869] - Vulnerability report : dependencies update
  • [DSS-2870] - Use byte[] or char[] instead of String to provide a password
  • [DSS-2872] - PDF : detect ByteRange collision
  • [DSS-2873] - PDF : execute related constraints from FC for timestamps
  • [DSS-2901] - Cookbook : make HTML documentation offline
  • [DSS-2909] - PAdES: create documentId based on a large set of parameters
  • [DSS-2910] - AdES validation: return INDETERMINATE/CERTIFICATE_CHAIN_GENERAL_FAILURE if no acceptable revocation found
  • [DSS-2921] - Enforce keyCertSign check for CA certificates
  • [DSS-2923] - SimpleCertificateReport : include validation messages
  • [DSS-2924] - Enforce timestamping ExtendedKeyUsage constraint to FAIL level
  • [DSS-2928] - Reject OCSP response with invalid version
  • [DSS-2929] - PAdES: add post-processing for timestamps
  • [DSS-2941] - PAdES Object modification detection : compare streams directly

Bug fixes / Issues

  • [DSS-2821] - PAdES-Baseline-B signature cannot be extended to LT due to hasLTAProfile check
  • [DSS-2826] - DLSequence for postalAddress 2.5.4.16
  • [DSS-2835] - Not possible to sign an existing signature field
  • [DSS-2836] - JdbcCacheConnector : avoid implicit object conversion
  • [DSS-2845] - One PDF which is before signing compliant A/2A but after signing is not compliant PDF/A -2A anymore
  • [DSS-2850] - Not expected behavior on auto fitting text
  • [DSS-2859] - Simple Report - Signatures with indication INDETERMINATE/TRY_LATER are counted as valid
  • [DSS-2871] - Vulnerability report : information disclosure
  • [DSS-2885] - Fix OID extraction from XML Trusted List
  • [DSS-2890] - threads can stuck/hang in NativeDataLoaderCall.call()
  • [DSS-2891] - intermediate certs in KeyStoreCertificateSource are not found during path building process
  • [DSS-2911] - TLValidationJob: LOTL validation status may get stuck in certain scenario
  • [DSS-2916] - Unable to extend a TOTAL_PASSED document with a revoked signing certificate but PoE to an LTA-level
  • [DSS-2919] - Invalid signature of document (root) element
  • [DSS-2920] - Invalid RefURI causes invalid signature
  • [DSS-2947] - Sealing an XML in DSS demo webapp is not working
  • [DSS-2957] - Problem in documentation
  • [DSS-2958] - Undocumented policy change in 5.9
  • [DSS-2968] - IllegalStateException during online LTL refresh: Transition from 'REFRESH_NEEDED' to 'TO_BE_DELETED' is not allowed
  • [DSS-2922] - Invalid XPath causes NPE

Tasks / Other

  • [DSS-2743] - BouncyCastle 1.72 upgrade
  • [DSS-2904] - Add common questions and answers to F.A.Q. in cookbook
  • [DSS-2942] - Remove setting of default SSL protocol
  • [DSS-2973] - Update HttpClient5 dependency version