Jan
02
2024
mendelson AS2 server 2024
<h3>What is new</h3>
<ul>
<li>The used TLS security provider will be shown up in the overview of the supported TLS protocols now (Client: File-Display HTTP server configuration)</li>
<li>In the mail notification settings you have now the option to find out automatically your mail server settings by entering your notification receiver mail address</li>
<li>Added support for the client credentials autorization (RFC 6749 4.4) in the OAuth2 plugin</li>
<li>The original filename verification has been enhanced</li>
<li>Reworked the import/export functions of the certificate manager</li>
<li>Added support for Ed25519 key generation in the certificate manager</li>
<li>The client-server communication has been reduced by adding an additional compression layer</li>
<li>Moved the XML API plugin to the plugin directory</li>
<li>Added the default values of the server settings to the interactive UI help - this allows the user to restore the default values once he has changed this</li>
<li>The server preferences are cached now in the server processing, this reduces the number of database accesses signficant</li>
<li>Certificate manager: Display the sign algorithm and the name of the EC curve in the overview</li>
<li>Key generation: Adding support for SHA-2 512, SHA2 512 PSSRSA, SHA3 512 und SHA-3 512 PSSRSA signed keys</li>
<li>Added the description howto setup a TLS proxy for inbound TLS connections to the documentation</li>
<li>Added the possibility to generate a subject key identifier (ski) extension in the key generator of the certificate manager</li>
<li>Added an own notification for client-server connection problems - formerly it was just reported as system error which is not really the case</li>
<li>The formerly file based key/certificate management has been moved to the database. This results in less file IO and more stable operations in cluster mode. R/O and access problems to keystore files are no longer an issue during operations.</li>
<li>Added the possibility to export a full keystore file from the certificate manager</li>
<li>Added the possibility to import a full keystore file to the system at server start</li>
<li>Removed several filesystem based configuration checks regarding keystore files</li>
<li>Removed several keystore file related server settings and configuration interfaces</li>
<li>It's now possible to overwrite the certificate related security settings of the used local station per partner - XML API: There are changes in the partner related xml structure, please refer to the included schemas for changes</li>
<li>Modified the data migration assistant: Added the possibility to migrate the server settings and the key/certificate information from the internal database to external databases</li>
<li>Added a more detailled error message if the postprocessing step "move file" failed</li>
</ul>
<p> </p>
<h3>Resolved problems</h3>
<ul>
<li>Fixed the error "Comparison method violates its general contract" that occurs very seldom in the certificate processing</li>
<li>Fixed a serialization security issue in the http client package, thanks to MOGWAI LABS for reporting the problem</li>
<li>There was a problem in the TLS certificate manager that it was not possible to delete all expired certificates at once</li>
<li>Changes in the keystore via the XML API did not save the changes</li>
<li>Certificate Manager: It was not possible to export private keys into an external PKCS#12 keystore if their algorithm was EC or EdDSA</li>
<li>Fixed problems with the basic authentication for outbound connections</li>
</ul><h3> </h3>
<h3>Updated software dependency packages</h3>
<ul>
<li>Update to Bouncycastle v176 (crypto API)</li>
<li>Update to jetty 10.0.18 (embedded HTTP server)</li>
<li>Update to Lucene 9.8.0 (indexing of system events)</li>
<li>Update to MINA 2.2.3 (client-server interface)</li>
<li>Update to HSQLDB 2.72</li>
</ul>
<br>