Skip to content

Releases: phax/phase4

phase 2.4.0

26 Sep 13:41
Compare
Choose a tag to compare
  • Updated to peppol-reporting 2.1.3 containing the updated Schematron rules for EUSR and TSR
  • The BDEW sender client sets a the agreementRef value to https://www.bdew.de/as4/communication/agreement by default
  • Added new enum ECryptoMode to differentiate between sign/encrypt and verify/decrypt
  • Added a mandatory ECryptoMode parameter to IAS4CryptoFactory.getCrypto(...)
  • Fixed a regression introduced in v2.2.2 that affects BDEW and ENTSOG - the payload parameters are set correctly again. See #172 - thanks @problemzebra2

What's Changed

  • Phase4BDEWSender: Reuse existing constant by @sopgreg in #171

Full Changelog: phase4-parent-pom-2.3.0...phase4-parent-pom-2.4.0

Dependencies required:

phase 2.3.0

19 Sep 22:31
Compare
Choose a tag to compare
  • Updated to phive 9.x
  • Deprecated AS4MessageProcessorResult.createFailure(String) in favour of AS4MessageProcessorResult.createFailure(). See issue #162 - thanks @sopgreg
  • Deprecated AS4SignalMessageProcessorResult.createFailure(String) in favour of AS4SignalMessageProcessorResult.createFailure(). See issue #162 - thanks @sopgreg
  • Extended the AS4UserMessage.create message to also include the optional MPC parameter
  • Peppol incoming handler denies messages that are not signed and encrypted
  • Fixed the default BDEW crypting key identifier. See issue #167 - thanks @problemzebra2
  • Extended the IAS4IncomingSecurityConfiguration interface to include the full AS4SigningParams and AS4CryptParams objects. See #165 and issue #166 - thanks @sopgreg and @problemzebra2
  • The method AS4ProfileSelector.getAS4ProfileID () now also falls back to IAS4ProfileManager.getDefaultProfileOrNull()

Full Changelog: phase4-parent-pom-2.2.2...phase4-parent-pom-2.3.0

Dependencies required:

phase4 2.2.2

12 Sep 16:29
Compare
Choose a tag to compare
  • Updated to peppol-commons 9.0.8
  • The "Certificate Consumer" in the Peppol client is now also invoked, when .checkReceiverAPCertificate(false) is called
  • The class AbstractENTSOGUserMessageBuilder is now derived from AbstractAS4UserMessageBuilderMIMEPayload and yet customization of the attachment part works
  • The class AbstractBDEWUserMessageBuilder is now derived from AbstractAS4UserMessageBuilderMIMEPayload and yet customization of the attachment part works
  • Added new interface IAS4SendingDateTimeConsumer to determine the effective sending date and time
  • Made the determination of the effective sending date and time more consistent
  • In the Peppol client, the country code of C1 will be checked for mandatoriness from 1.1.2024 onwards
  • Added new interface IWSSecSignatureCustomizer to customize created WSSecSignature objects. Handle with care
  • Added support for Peppol Reporting via the peppol-reporting-api project as defined in https://github.com/phax/peppol-reporting

Full Changelog: phase4-parent-pom-2.2.1...phase4-parent-pom-2.2.2

Dependencies required:

phase4 2.2.1

20 Aug 16:59
Compare
Choose a tag to compare
  • Updated to ph-oton 9.2.0 for reduced dependencies
  • Reduced defined versions in the parent-pom and moved it to the module POMs where applicable

Full Changelog: phase4-parent-pom-2.2.0...phase4-parent-pom-2.2.1

Dependencies required:

phase4 2.2.0

20 Aug 10:55
Compare
Choose a tag to compare
  • Allowing separate IAS4CryptoFactory configurations for signing/signature verification and encrypting/decrypting. See issue #139 - thanks @sopgreg
  • Most internal APIs that previously took one parameter for "cryptoFactory" now take two parameters for "cryptoFactorySign" and "cryptoFactoryCrypt"
  • Removed IAS4CryptoFactory.isAllowRSA15KeyTransportAlgorithm()
    • The configuration property org.apache.wss4j.dom.handler.RequestData.allowRSA15KeyTransportAlgorithm is no longer supported
    • As an alternative the interface IAS4DecryptParameterModifier was introduced to allow even more fine-grained customization
  • Improved the unique PMode determination, by comparing all fields of Initiator and Responder. See issue #118 - thanks @sopgreg
  • Removed the Serializable interface from objects where it is not needed
  • The interface IPModeIDProvider now relies on the PModeParty of initiator and responder instead on the ID only
  • Allowed an external customization of the WSSConfig object created for decryption. See issue #150 - thanks @sopgreg
    • This and the RequestData object can be customized via a callback using IAS4DecryptParameterModifier

What's Changed

  • Add pom.xml.versionsBackup to .gitignore by @sopgreg in #151
  • Set setEncryptSymmetricSessionKey to false for BDEW sender by @sopgreg in #152

Full Changelog: phase4-parent-pom-2.1.5...phase4-parent-pom-2.2.0

Dependencies required:

phase4 2.1.5

03 Aug 11:04
Compare
Choose a tag to compare
  • Reverted the incorrect use of the Binary Security Token value type "#X509PKIPathv1" for Peppol and others (introduced in v2.1.3). Only BDEW needs this. See Discussion #149 - thanks to @binaradarsha

Full Changelog: phase4-parent-pom-2.1.4...phase4-parent-pom-2.1.5

Dependencies required:

phase4 2.1.4

01 Aug 10:34
Compare
Choose a tag to compare
  • Updated to WSS4J 3.0.1
  • Updated to ph-commons 11.1
  • Add a possibility to customize the signingParams and cryptParams in AbstractAS4MessageBuilder
  • Made the Java security Provider for encryption customizable
  • Increased customizability of security configuration

Don't use this version for Peppol - regression since 2.1.3, fixed in 2.1.5

What's Changed

  • #147 BDEW profile updates 28.07.2023 by @problemzebra2 in #148

New Contributors

  • @problemzebra2 made their first contribution in #148

Full Changelog: phase4-parent-pom-2.1.3...phase4-parent-pom-2.1.4

Dependencies required:

phase4 2.1.3

13 Jul 18:36
Compare
Choose a tag to compare
  • Updated to BouncyCastle 1.75
  • Improved support for the COUNTRY_C1 field in Peppol SBDH
  • Added a consistency check to avoid that pre-built SBD documents are used with the plain Peppol sender builder
  • The BinarySecurityToken for signed AS4 messages now uses the ValueType of ...#X509PKIPathv1 by default
  • The default response timeout for Peppol client messages was changed from 5 minutes to 2 minutes to reflect SLA changes
  • Added new interface IAS4IncomingSecurityConfiguration to customize AS4RequestHandler security configuration

Don't use this version for Peppol - regression since 2.1.3, fixed in 2.1.5

What's Changed

  • Fix for BDEWPayloadParams#m_aDocumentNumber by @mmwlk in #137
  • Fix small typo resulting from copy&paste by @sopgreg in #140

New Contributors

Full Changelog: phase4-parent-pom-2.1.2...phase4-parent-pom-2.1.3

Dependencies required:

phase4 2.1.2

06 Jun 16:02
Compare
Choose a tag to compare
  • Made the session key provider for AS4 encryption session keys customizable
  • Made some backwards incompatible changes to the API of BDEWPayloadParams so that it is chainable

Full Changelog: phase4-parent-pom-2.1.1...phase4-parent-pom-2.1.2

Dependencies required:

phase4 2.1.1

26 May 19:38
Compare
Choose a tag to compare
  • Updated to Spring Boot 3.1.0 fixing CVE-2023-20883
  • Requires at least peppol-commons 9.0.6
  • Added support for the COUNTRY_C1 field in Peppol SBDH

Full Changelog: phase4-parent-pom-2.1.0...phase4-parent-pom-2.1.1

Dependencies required: