Jan
13
2026
By dev on
mendelson AS4

What is new

  • Added new Icons for the dark and hicontrast mode
  • Very seldom there happened a TAG mismatch error in the internal client-server connection. Reason was the external lib MINA 2.2.4, this release rolls back to MINA 2.2.3 and the client-server connection runs again very stable
  • Fixed deadlock problems in the database (just Postgres, HSQL has no problems with it)
  • If the system wide defined wait time for receipt signals is exceeded the system will close outbound synchronous connections now - even if there is no data on the back channel yet
  • The system wide wait time for receipt signals started at the initial time of a transaction - this has been changed to the connection time now
  • Added a partner cache using the cache lib caffeine, this speeds up the processing and reduces the load on the database. This is only relevant under high load.
  • Implemented the AS4 profile draft eDelivery v2 2024 v63, implemented X25519 based key agreement security with the key derivation function http://www.w3.org/2021/04/xmldsig-more#hkdf
  • Implemented the final version of the AS4 profile ENTSOG v4, based on eDelivery v2 security
  • The AS4 profile help which was in a single chapter has been splitted into a single help for each AS4 profile, with more information and additional documentation per profile
  • Changed the profile name "ENTSOG 4 DRAFT" to "ENTSOG 4"
  • Modified the key/certificate generator to allow signing the certificate with an other algorithm than the key algorithm. This was required because eDelivery v2 relies on X25519 based certificates for encryption and it is not possible to sign with the algorithm X25519. Means now you can generate X25519 keys that are SHA256 signed - this is a requirement for eDelivery v2 support
  • Added two test keys for eDelivery derived profiles like ENTSOG v4, based on the EC X25519 and Ed25519 for encryption and signature
  • Added a cache system for the partner access to accelerate the partner access
  • Added support for the Fiskalizacija 2.0 eInvoice discovery. Fiskalizacija 2.0 is the updated Croatian fiscalization system for electronic invoicing and real-time tax reporting
  • All PEPPOL document identifier have been updated to v9.3, please refer to https://docs.peppol.eu/edelivery/codelists/
  • During manual discovery in the partner management the found Service Endpoints are displayed per partner now. They are mapped to the PModes after the partner import/update
  • Added a new option in the server settings (log section): Display the details of PEPPOL discovery processes
  • Added the possibility to setup a user defined SML domain per partner for the PEPPOL discovery. This allows to discover Fiskalizacija 2.0 partner using the domains "prod.ams.porezna-uprava.hr" for PROD and "demo.ams.porezna-uprava.hr" for ACC
  • Reworked the domain resolving method for PEPPOL discovery. The SHA256/BASE32 method for DNS lookups is performed first now and only if this fails the legacy MD5 method is performed
  • The mendelson AS4 has been localized to Polish now
  • Notification mails have been sent with the default system encoding - now all notification mails are send in UTF-8
  • The notification templates have been localized to pt, it, fr, pl, es
  • Added an interface that allows user defined inbound data validation in process time - SOAP data with all key data and payload data is accessible
  • Created a more robust discovery mechanism if the namespaces of the PEPPOL discovered metadata do not match. If subelements are not found in the expected namespace the system just logs a warning and tries to find subelements with matching local names, ignoring the wrong namespace. Nonetheless this ends in warning log entries if the new discovery log option is enabled
  • Some conditional parameters have been added to the partner generation API of the REST API. These are "smldiscoverydomain" which allows to preset the SML domain for the Peppol discovery and "commanduserdatavalidation" which allows the preset for the command that should be executed for user defined inbound data validation
  • The mendelson AS4 now supports Peppol SMP (Service Metadata Publisher) discovery for local stations. This means that remote partners can query and discover information about your local stations, including relevant settings and supported document types. To control this behavior, a new option has been added in the Partner Manager for each local station. You could now specify whether a local station should be discoverable via Peppol SMP, and can define exactly which document types and processes are exposed for discovery. This provides fine-grained control over what information is shared with external partners while enabling seamless interoperability within the Peppol network
  • A new feature has been added allowing to configure the Peppol SMP (Service Metadata Publisher) address directly for each partner. This eliminates the need for SML (Service Metadata Locator) resolution, giving full control over the SMP endpoint used for partner discovery. You could now specify the exact SMP URL for each partner, ensuring precise connectivity and reducing dependency on external resolution services
  • Added automatic partner onboarding for Peppol message exchanges. When an inbound Peppol document is received from a previously unknown sender, the system can now create a minimal partner profile automatically. The onboarding process initializes the partner entry with default configuration values required for processing, including transport settings and security parameters. Signature and encryption certificates provided with the message are imported, validated, and assigned to the partner entry to enable secure communication
  • REST API: It is possible to set PMode values that are multiple selections of fixed lists now
  • REST API: Modified the return JSON of partner endpoints, please be aware that this might break your integration as the old format was more XML than JSON like
  • REST API: It is possible now to modify existing partners via the REST API. This includes user defined HTTP Header, authentication, certificates, dir polls etc..
  • Added a filter to the partner management to deal with larger number of partners
  • Certificate validation: There are new options in the settings to define the validity of used certifificates and the checks that should be performed before they are used for cryptographic operations. Currently there are two new options, this is the validity date and the CRL
  • The partner manager defines a default receipt URL for each partner. This URL could be overwritten by each PMode of the related partner. If the URL is not set in the PMode the default partner receipt URL is used in processing. For Peppol discovery the default URL of a partner is now set if all PMode URLs are the same




Resolved problems

  • There was a synchronization problem in the internal client-server interface, sometimes the TLS handshake came up with protocol violations
  • A database field (just information) was too short and two values were shortened
  • The Postgres locking mechanism was too optimistic under some circumstances - the locks are set manually now for the message access
  • The processing speed, especially of the REST interface, has been significantly improved
  • There were an issue if the partner name contained quotes
  • Fixed an issue that the system was not able to identify test messages other than BDEW and ICS2
  • It was possible to view the content to deployed war files via web access - this has been fixed
  • REST API: There were issues setting PMode values of the type PModeParameterConstStringListSingleSelection
  • REST API: There were issues setting PMode values of the type String that must not be null in outbound XML structure
  • REST API: There were issues creating new PMode sets for existing partners
  • REST API: In the partner modification endpoint it was not possible to set the command for the user defined data validation, also the the sign und crypt alias
  • REST API: In the partner modification endpoint there was a rollback if the field for the SMP URL was not defined in the modification JSON
  • In some lists in the client the partners were not sorted
  • There were sometimes problems importing BDEW keys into the system. A new import option has been added to import private keys from PEM files, please use this option if importing BDEW keys failed. Please use the command "openssl pkcs12 -in keystore.p12 -out keycert.pem -nodes" to generate the PEM file that could be imported



Updated software dependency packages

  • Dependencies: Rolled back MINA 2.2.4 to MINA 2.2.3 (async IO framework)
  • Dependencies: Updated to oauth2-oidc-sdk-11.26 (OAuth2 lib)
  • Dependencies: Updated to Jackson 2.20.0 (JSON lib)
  • Dependencies: Updated BC to 1.83 (crypto API)
  • Dependencies: Updated to Lucene 9.12.2 (Index, log search)
  • Dependencies: Updated to Batik 1.19 (SVG support)