SignServer 3.4.1 ---------------- New features and improvements: - Added support for IPv6 and multiple proxies in ListBasedAddressAuthorizer. - Support for specifying the signature algorithm in CMS signer. - Support for the signerCertificate attribute in the MS Authenticode time stamp signer. - Support for generating CSR with EDSA explicit parameters in the admin GUI and the RenewalWorker. - Log worker name in the worker log. - Easy import of issuer and serial number from certificate in admin GUI, when adding administrator rules. - Added an option to set the correct TSA name from the subject DN automatically for the time stamp signer. - All workers report themselves as offline when misconfigured. - Added health check rate limiter. - Added database setup scripts for PostgreSQL. Bug fixes: - ContentInfo contained a double encoded octet string in the MS Authenticode time stamp signer. - Unauthorized health check queries incorrectly logged. Read the full changelog for details (https://jira.primekey.se/browse/DSS?report=com.atlassian.jira.plugin.system.project:changelog-panel#selectedTab=com.atlassian.jira.plugin.system.project%3Achangelog-panel). SignServer 3.4.0 ---------------- This is a major release - in total 27 features, options, bugs and stabilizations have been fixed or added. The most noteworthy changes can be seen below. Major changes: - Secure logging to database using CESeCore. - Support for querying audit log from CLI, GUI and web services. - Configurable which Status Repository updates to log. - Access group for auditors. - Database CLI for verifying audit log. - Support for PostgreSQL. Bug fixes: - Fixed a couple of NPE bugs. - Fixed logging in over webservices using a JKS keystore in the Admin GUI. - Fixed some randomly failing unit tests. - Other minor bugfixes. Notice: - Database changes were introduced. See UPGRADE.txt for details. - The category for the system logger has changed from org.signserver.server.log.ISystemLogger to org.signserver.server.log.SignServerLog4jDevice. SignServer 3.3.0 ---------------- This is a major release - in total 57 features, options, bugs and stabilizations have been fixed or added. The most noteworthy changes can be seen below. Major changes: - New client web services API - MS Authenticode time-stamp signer - Support for archiving of time-stamp requests - Logging of all changes to service components - Stress test tool for measuring performance - Dropped support for JBoss 4.2.x. - Dropped support for cluster class loader - Dropped support for WSRA - Upgrade of internal cryptographic library - Many more minor improvements Bug fixes: - Fixed the Renewal worker which required a trust store password even when a trust store was not used - Fixed an NPE when trying to activate a worker of type Dispatcher - Fixed archiving that could not be done twice for the same document - Fixed printing of server version from CLI - Fixed system tests that could not be compiled after opening the project with NetBeans IDE 7.2 - Fixed StatusPropertiesWorker so that it no longer requires a cryptotoken to be configured - Fixed Address Authorizers to return HTTP 403 (forbidden) and not HTTP 401 (unauthorized) as before Notice: - A database change were introduced. See UPGRADE.txt for details. - A dependency where upgraded. See UPGRADE.txt for details. - Apache Ant 1.8.0 or later is now required to build SignServer. - The property "custom.commandfactory" is no longer supported. See the manual for how to add custom Admin or Client CLI commands. - The Admin CLI no longer supports the "-host" argument and ignores it if present. - The default archiver called OldDatabaseArchiver has changed the format of the data part of the XML serialized ArchiveData from an byte array to a base64 encoded String. The change is transparent for Java clients using SignServer-Common.jar for parsing the ArchiveData but other clients might need to be updated. - As an alternative to the OldDatabaseArchiver a new archiver called Base64DatabaseArchiver can also be used. Read the full changelog for details (https://jira.primekey.se/browse/DSS?report=com.atlassian.jira.plugin.system.project:changelog-panel#selectedTab=com.atlassian.jira.plugin.system.project%3Achangelog-panel). SignServer 3.2.4 ---------------- New features and improvements: - Installation script contributed by Antoine Louiset - Add test cases for TimeStampSigner with other key algorithms than RSA - Improved feature list at signserver.org Bug fixes: - Using worker id does not work in Client CLI - JBoss 5 throws NPE on shutdown of SignServer - Renewal worker does not use the requested DN in certificate request - StatusPropertiesWorker requires a cryptotoken to be configured Read the full changelog for details (https://jira.primekey.se/browse/DSS?report=com.atlassian.jira.plugin.system.project:changelog-panel#selectedTab=com.atlassian.jira.plugin.system.project%3Achangelog-panel). SignServer 3.2.3 ---------------- Major new features and improvements: - Support for SignServer without database - Configurable to disable the key usage counter - Signer certificate check in Health check for all Signers - Check that the timestamp signer certificate is included in the certificate chain - Health check response of TimeStampSigner now considers status of time source - Down-for-maintenance support in Health check - Support for supplying filename as request metadata Bug fixes: - Client CLI only supported 10 arguments on Windows - Null value was inserted when removing last wsadmin on Oracle - PDF Signature could not be larger than 15000 bytes - Sample configuration for renewal worker not functional - Various documentation updates Notice: - Same internal API changes has been done as part of DSS-528. If you have custom code some changes might be required. Read the full changelog for details (https://jira.primekey.se/browse/DSS?report=com.atlassian.jira.plugin.system.project:changelog-panel). SignServer 3.2.2 ---------------- Major new features and improvements: - Support for denying timestamp requests unless the time source is considered in sync - Support for dispatching timestamp requests to different timestamp units/signers - Support for accessing workers using the /worker/* URL pattern gives easier filtering with a proxy - Signer's status report can now be offered by a worker and not just a timed service - The log field PROCESS_SUCCESS can now have the value "false" if a request failed - Hostname displayed in title bar of AdminGUI simplifies when managing multiple servers Bug fixes: - Build failure on W7 X64 - Sample code using web services should use HTTPS - URL for documentation only working with JBoss 4 Notice: - Support for the cluster classloader has been deprecated and support for it will be dropped in a future release. - The status property "INSYNC" is now called "TIMESOURCE0_INSYNC". Applications relaying on the name of this property should be updated. - The time stamp signer will now log PROCESS_SUCCESS with the value false in case the response has a status other than GRANTED. Read the full changelog for details (https://jira.primekey.se/browse/DSS?report=com.atlassian.jira.plugin.system.project:changelog-panel). SignServer 3.2.1 ---------------- Major new features and improvements: - Improve servlet error handling - Deploy documentation with application - Improved API for archiving - Support for signing PDFs with document restrictions - Support for PDF permissions enforcement - Support for modifying PDF permissions - Support for setting a PDF permissions password - Refuse to certify PDFs already certified and refuse to sign when signing is not allowed Bug fixes: - Remote EJB worker interface could not be used with ECC with explicit parameters - Warnings printed on STDERR - Web service interface did not log XFORWARDEDFOR headers - Typo in sample configuration for PDFSigner - Setting healthcheck properties had no effect - CRL download should close streams correctly and allow for caching - Supplied username and password ignored in SigningAndValidationWS - Unit tests failed in certain situations - Ant target for testing individual tests did not work - Switching application server type did not update jndi.properties - JavaDoc failed to build Notice: - In signserver_build.properties the property "useclusterclassloader" now defaults to false. To still use the deprecated clusterclassloader this needs to be set explicitly to true. - In signserver_build.properties the property "includemodulesinbuild" now defaults to true. To not have all modules built in this needs to be set to explicitly to false. - The fix of DSS-371 introduced a change in the EJB interface. Applications using that interface should run version >=3.2.1 on both client and server side. Read the full changelog for details (https://jira.primekey.se/browse/DSS?report=com.atlassian.jira.plugin.system.project:changelog-panel). SignServer 3.2.0 ---------------- This is a major release - in total 49 features, options, bugs and stabilizations have been fixed or added. The most noteworthy changes can be seen below. Major new features and improvements: - Administration Web Service (WS) interface - Administration GUI desktop application - Client command line interface (CLI) - Support for GlassFish Server 2.1.1 - Support for JBoss Application Server 5.1.0 - Support for Oracle Database - Semi-automatic key generation and certificate renewal from EJBCA - Improved audit and transaction logging - Improved project structure dividing the modules in sub-projects - Front page listing all demo web pages Known Issues: - Web services no longer work on JBoss 4 if HTTPS is not used as JBoss 4 rewrites the end point URL in the WSDL file to always start with "https://" (since DSS-327). Read the full changelog for details (https://jira.primekey.se/browse/DSS?report=com.atlassian.jira.plugin.system.project:changelog-panel). SignServer 3.1.5 ---------------- This is just a minor maintenance release preparing for the upcoming 3.2 release - in total 7 features, options, bugs and stabilizations have been fixed or added. The most noteworthy changes can be seen below. New features and improvements: - Support for HTTPS in the SigningAndValidation API - Harden the PDF Signer against PDF signature collisions - Function in the build script for create source-only release archives Bug fixes: - Problem in a unit test for certain dates - NPE in TimeStampSigner if certificate is missing Read the full changelog for details (https://jira.primekey.se/browse/DSS?report=com.atlassian.jira.plugin.system.project:changelog-panel).