Digital

Page tree

Skip to main content


Products

In this section:


Domibus


1. Current release
2. Roadmap and previous releases
3. Domibus FAQ
4. Support arrangement

1. Current release

This page collects the resources for Domibus version 5.1.8, released in May 2025.

Download Domibus v5.1.8

Verify files integrity
Access source code

Description

We are happy to announce the release of Domibus 5.1.8 sample implementation of the eDelivery Access Point.

The Domibus 5.1.8 release includes improvements and bug fixes and it addresses the latest vulnerabilities. We therefore strongly recommend the upgrade.

Hereafter a non-exhaustive list of bug fixes and improvements included in the Domibus 5.1.8 release:

  • Add new optional attribute asyncNotification to the leg configuration in the Pmode. If this boolean attribute is set then, if true, it enables asynchronous processing of notifications, or, if false, it makes processing notifications synchronously. When the attribute is set, it overrides the plugin's behavior. If the attribute is not present on the leg, then the plugin's behavior is used as before.
  • Fix issue with PULL error received when sending pull request for an already-known party after sending the test message.
  • Fix issue with pull locking mechanism on Oracle causing delays under high concurrency.
  • Fix error receiving the pull receipt in a non-separator configuration.
  • Enable throttling when no message to be pulled.
  • Enhance business logs.
  • Fix issue with JMSCorrelationId not set in replyMessages.
  • Fix issue with message status changed notification when delete_message_metadata="true".
  • Fix issue with Oasis SMP 1.0/2.0 documents not parsed with root element with prefix.
  • Ensure that thread Authentication context is cleaned after finishing thread tasks.
  • Conduct OWASP vulnerabilities scan and update libraries.
  • Message payloads on the filesystem are not deleted when partitions are dropped.
  • Improve DSS settings related to HTTP downloads.
  • Add quartz properties to help the job management in a clustered environment: domibus.quartz.jobStore.misfireThreshold & domibus.quartz.jobStore.acquireTriggersWithinLock
  • Add new property in Domibus to enable/disable the trust verification, set to true by default: domibus.extension.iam.trust.enabled

Please also note that 5.1.8 release uses org.infinispan library that presents a vulnerability (CVE-2025-0736) in the following configuration that should be avoided: the vulnerability occurs when cluster nodes discover each other via a shared database (JGroups with JDBC_PING), instead of using multicast (UDP) or static configurations. In its default configuration of the org.infinispan library, Domibus is not exposed to the vulnerability. Please keep this in mind if you customised or plan to customise the relevant setting.

Domibus 5.1.8 is backward compatible with 5.1.7 and the upgrade is not mandatory, but it is highly recommended.

  • Supported platforms:

  • Application servers:

    • WildFly 26.1.x

    • WebLogic 12.2.1.4 (tested version, future versions might work)

    • Apache Tomcat 9.0.x

  • Database:

    • MySQL 8 (future versions might work)

    • Oracle 12c R2 and Oracle 19c

  • Java 8 features / compile with Oracle JDK 8u291+: tested to run correctly with:

    • Oracle JDK 8u291+ for WebLogic, Tomcat and WildFly

    • OpenJDK 11.0.11 for WildFly and Tomcat (tested with AdoptOpenJDK 11 version 11.0.9.1+1)

  • Security Note 1: To ensure your setup’s security, users installing any of the Domibus packages labelled as “Full Distribution” have the responsibility to update the application servers to the latest version after the installation.
  • Security Note 2: Please consult this page for essential guidelines and best practices for ensuring a secure and robust deployment of the Domibus Access Point -https://ec.europa.eu/digital-building-blocks/sites/display/DIGITAL/Domibus+Secure+Deployment+Recommendations
  • Technical Documentation


hammer and wrench  Guides



Domibus Documentation

 



Domibus guides on how to: 

  • install and configure Domibus;

  • install, configure, extend or develop Domibus Plugins and Extensions.



To download the Domibus documentation in PDF click here.



Domibus REST services documentation

Documentation on the Domibus REST services.

Domibus eArchiving REST services documentation

Documentation on the Domibus eArchiving REST services.


(grey lightbulb) License

Licence (pdf)

European Union Public Licence.

Upgrade from 5.1.7 to 5.1.8

For a detailed description of the Domibus upgrade procedure, see the Domibus Upgrade Guides.

Release notes

Please find below the list of improvements and fixed bugs:

Improvements

[EDELIVERY-14539]  - Enhance business logging for CESOP metrics
[EDELIVERY-14339] - Possibility to notify the plugins in a mixed mode: sync and async
[EDELIVERY-15063] - Add property in Domibus to disable validation extension

Fixed bugs

[EDELIVERY-14454] - Error received when sending pull request for already-known party
[EDELIVERY-15066] - Reliability exception in load test
[EDELIVERY-14516] - OptimisticLockException in IncomingPullReceiptHandler when under load
[EDELIVERY-14866] - Vulnerabilities scan on docker images
[EDELIVERY-14875] - Resending a message with PULL mechanism fails
[EDELIVERY-14568] - Enable throttling when no message to be pulled
[EDELIVERY-14614] - Fix pull locking mechanism
[EDELIVERY-14988] - Message does not go to SEND_FAILURE status when using PULL - MT setup
[EDELIVERY-15113] - Add metrics on the methods that handle the pull messaging lock
[EDELIVERY-14325] - PULL: Error receiving the receipt when domibus.pull.force_by_mpc is false
[EDELIVERY-15013] - Message to be pulled goes to WAITING_FOR_RETRY after upgrade
[EDELIVERY-14965] - CESOP logging  Receipt Missing / Failed RECEIVED
[EDELIVERY-14851] - Follow up on CESOP bussines log adjustments
[EDELIVERY-14991] - Possible error in business logs in case of send failure
[EDELIVERY-14994] - Possible error in business logs in case of receive failure
[EDELIVERY-14870] - Better business logging for CESOP metrics
[EDELIVERY-14877] - Message payloads are not deleted when partitions are dropped
[EDELIVERY-14911] - Duplicate batches in FAT2 ICS2 Environment
[EDELIVERY-14968] - Payloads folder not deleted at partition dropped
[EDELIVERY-14969] - Improve DSS settings related with HTTP downloads
[EDELIVERY-15001] - Unexpected partition created for the first day
[EDELIVERY-15025] - Replace the index on table TB_USER_MESSAGE
[EDELIVERY-15032] - [Ansible] Run the performance for 5.1.8 with the index changes applied
[EDELIVERY-15041] - Possible issues with storing xml raw user messages in the DB
[EDELIVERY-15048] - Upgrade DSS version to support TLv6
[EDELIVERY-14859] - Ensure that thread Authentication context is cleaned after finishing thread tasks
[EDELIVERY-14346] - JMSCorrelationId is not set on replyMessages 
[EDELIVERY-15059] - file:// protocol cannot be excluded from CRL
[EDELIVERY-14938] - Null pointer exception related to alerts present in the logs
[EDELIVERY-14045] - Investigate and fix OWSP vulnerabilities on branch
[EDELIVERY-14027] - Remove ErrorHandler on jms queues
[EDELIVERY-14376] - Dynamic discovery: Oasis SMP 1.0/2.0 documents are not parsed with root element with prefix
[EDELIVERY-14485] - Issue with delete_message_metadata="true"

Known bugs

[EDELIVERY-13917] Possibility to upload a keystore with a keystore password that is not the same as the password for the private key

For more information, please contact us via our portal or by e-mail: EC-EDELIVERY-SUPPORT@ec.europa.eu

Access the eDelivery videos

eDelivery Video tutorial


« Listing details for eDelivery AS4 conformant solutions   Domibus releases »