Releases: esig/dss
Releases · esig/dss
Release Notes - eSignature DSS - Version 6.4.RC1
New features
- [DSS-3466] Introduce service loader mechanism for signature augmentation
- [DSS-3640] Add support of algorithm-usage element in TS 119 322 cryptographic suite
- [DSS-3666] Add support of Start and Max elements within cryptographic suites
- [DSS-3669] Add support of alternative security providers
- [DSS-3716] DSS Demonstrations : add cache folder configuration properties
- [DSS-3719] Make SignaturePolicyValidatorLoader configurable
- [DSS-3735] Introduce QWACValidator
- [DSS-3737] Add validation of signing certificate validity against claimed signing time
- [DSS-3744] Add support of TS 119 411-5 JAdES signatures
- [DSS-3752] Web application : extend QWAC Validation webpage with more options
- [DSS-3760] Add AuthorityKeyIdentifier and SubjectKeyIdentifier certificate extension presence checks
- [DSS-3762] Add nonce configuration within DSS Demo WebApp
- [DSS-3768] Support of TS 119 602 Lists of trusted entities XML and JSON schemas
- [DSS-3775] Add SlotId definition for PKCS#11 in dss-standalone
- [DSS-3776] Add dss-standalone package for Linux (in collaboration with @stokito)
- [DSS-3782] Support of new ETSI EN 319 412-5 v2.5.1 QcStatements
Improvements
- [DSS-2593] Introduce an Algorithm Obsolescence Check block
- [DSS-3634] Add support of StructTreeRoot on object modification detection
- [DSS-3641] Cryptographic validation shall validate signature algorithm, instead of digest and encryption algo separately
- [DSS-3703] Harmonize CMS creation process
- [DSS-3715] DSS Demonstrations : switch to file cache revocation sources instead of generic FileCacheDataLoader
- [DSS-3720] Inconsistent trust anchor usage during signature verification when multiple certificates share the same DN and key pair
- [DSS-3742] Improve default validation policy name and description
- [DSS-3743] Make content type policy constraints to accept multiple values
- [DSS-3746] JAXB PKI Factory : add SubjectAlternativeName certificate extension
- [DSS-3751] Unnecessary digest computation in PdfBoxSignatureService.signDocument(...) for external CMS PAdES signing
- [DSS-3753] Add CRL number on XAdES-E-C augmentation (PR #187 by @erdembas)
- [DSS-3757] Add policy description within certificate validation reports HTML and PDF
- [DSS-3759] Enable sunset date handling in Demos by default
- [DSS-3777] Improve error handling for Pkcs11SignatureToken
- [DSS-3778] TL6 support based on ETSI TS 119 612 v2.4.1 instead of v2.3.1.
Bug fixes / Issues
- [DSS-3636] ASiC creation or augmentation fails when a detached content provided in parameters
- [DSS-3649] ASiC-E with CAdES with an archive-time-stamp unsigned attribute fail LTA augmentation
- [DSS-3672] Inconsistent behavior when validating XML detached and manifest signatures with DSSDocument name attribute
- [DSS-3680] DSS WebApp : server-sign process is not resolved when using a reverse-proxy
- [DSS-3694] KeyUsage leads to ArrayIndexOutOfBoundsException when used with an alternative security provider
- [DSS-3702] FileCacheOCSPSource shall create OCSP key based on URL+Certificate combination
- [DSS-3704] JSON schema validation skips some single issues
- [DSS-3705] Enveloped countersignature ignored when Reference Type is missing
- [DSS-3712] AIACertificateSource ignores candidates when full certification path is returned
- [DSS-3722] DSS fails to build a report when DigestAlgorithm used for signature policy is not known
- [DSS-3725] XAdES and JAdES counter signatures are validated multiple times
- [DSS-3732] Fix XAdES Archive Timestamp v1.3.2 message-imprint computation for enveloped signatures
- [DSS-3750] Incorrect URI Encoding in Detached Signature with ESIG/DSS from Version 6.2
- [DSS-3758] IssuerSerial not matching when DN has line breaks after non-space text ending
- [DSS-3770] OpenPdf implementation does not generate field id when using the #addNewSignatureField method
- [DSS-3771] PAdESService#addNewSignatureField does not check for overlapping field names
- [DSS-3780] Performance of timestamp's ContainerSignedAndTimestampedFilesCovered constraint
- [DSS-3781] PKI Factory : missing Authority Key Identifier certificate extension
- [DSS-3783] Validation fails when a third country Trust Service defines qualifiers, but no MRA mapping is provided
- [DSS-3784] Javadoc generation fails for JAXB generated classes with JDK 25
- [DSS-3787] XAdES-B-T is displayed as XAdES-E-C when only self-signed certificates are used
Tasks / Other
Contributors
stokito and erdembas
Assets 2
Release Notes - eSignature DSS - Version 6.3
Bug fixes / Issues
- [DSS-3619] DSS Standalone fails to generate Simple and Detailed PDF reports
- [DSS-3637] DSS returns max validity time in the past for an expired timestamp created by a trust anchor
- [DSS-3648] Signature extensionPeriodMin is compromised by LT-level revocation data that requires revocation check
- [DSS-3651] Repeated DigestAlgorithmIdentifier in digestAlgorithms
- [DSS-3652] Incorporating an ER without a reducedHashTree in a CAdES signature
- [DSS-3655] Cryptographic suite validation is not aligned with RFC 5698 in case of conflicting constrains definition
- [DSS-3657] Validation of XMLERS with a renewed timestamp in XAdES
Improvements
- [DSS-3571] DSS Demos : add a link to download current validation policy
- [DSS-3585] Support of base64-encoded certificates on input fields within the demos
- [DSS-3620, DSS-3663] Deprecate NexU on signature creation webpages in the webapp, in favor of server-signing and dss-standalone
- [DSS-3645] DSS Standalone : add logback.xml support
- [DSS-3646] Align CAdES augmentation to re-use SignatureRequirementsChecker
- [DSS-3650] Provide more meaningful exception message on failed augmentation of a CMS signature with corrupted content
- [DSS-3661] Introduce DOMDocument
- [DSS-3665] Add file cache revocation sources with cache expiration based on nextUpdate field (PR #183 by @gustavoam-asdf)
- [DSS-3677] Upgrade commons-lang3 to version 3.18.0
- [DSS-3678] Upgrade json-sKema to version 0.24.0
+ All the changes included in DSS 6.3.RC1.
Migration
NOTE: This release includes breaking changes, impacting some functionalities, please see below:
- If you use a default validation process or provide a custom XML Validation Policy, the corresponding module should be added to the list of dependencies within your project:
<dependencies>
...
<dependency>
<groupId>eu.europa.ec.joinup.sd-dss</groupId>
<artifactId>dss-policy-jaxb</artifactId>
</dependency>
...
</dependencies>
- Two alternative implementations for CMS processing have been introduced, impacting various modules such as
dss-cades,dss-padesanddss-asic-cades:
dss-cms-object- Uses in-memory handling of CMS objects based on BouncyCastle classes. This implementation provides the "old" behavior familiar from previous versions of DSS. In order to use the module, it should be added to the list of dependencies as demonstrated below:
<dependencies>
...
<dependency>
<groupId>eu.europa.ec.joinup.sd-dss</groupId>
<artifactId>dss-cms-object</artifactId>
</dependency>
...
</dependencies>
dss-cms-stream- An experimental implementation providing CMS reading and writing functionalities based on Streams. This implementation provides a possibility to sign and validate large documents, but the creation of CMS documents is limited to only BER coding format.
NOTE: Only one of the dss-cms-object or dss-cms-stream dependencies shall be used.
For more information about code changes and migration process, please refer to the Migration Guide in documentation.
Contributors
gustavoam-asdf
Assets 2
Release Notes - eSignature DSS - Version 6.3.RC1
New features
- [DSS-3180] Add support of embedded evidence records validation
- [DSS-3500] Add support of machine-readable ETSI TS 119 312 cryptographic suite schemas
- [DSS-3527] Add validation constraint for TL Structure
- [DSS-3548] Add possibility to configure list of verified host name for LDAP get request
- [DSS-3556] Add embedding of Evidence Records in existing signatures
- [DSS-3589] ASiC filename adherence check
- [DSS-3609] Add encapsulation of existing evidence records in ASiC containers
Improvements
- [DSS-2665] Expose RevocationConsistentCheck to new validation checks
- [DSS-3387] CAdES : add possibility of signing large documents
- [DSS-3525] Use lax validation on TL Parsing
- [DSS-3543] ASiC : verify presence of /META-INF folder to run a validator
- [DSS-3569] Include signature expiration date in the simple report xslt/pdf templates
- [DSS-3591] XMLCanonicalizer : add method to canonicalize with provided OutputStream
- [DSS-3598] Support configurable LDAP context environment
- [DSS-3607] Improve logs in case of a missed OCSP location URL
- [DSS-3610] Forbid invalid signature creation/augmentation based on the ER presence
Bug fixes / Issues
- [DSS-3521] CMS signing-time is returned when multiple times are defined
- [DSS-3530] RevocationIssuerNotExpired policy constraint is not used during LTV process
- [DSS-3551] xVals entries are not considered as candidates for a signing certificate for JAdES signature
- [DSS-3567] Incorrect identification of "undefined object modification" on signature verification
- [DSS-3570] CRL is retrieved instead of OCSP when delegated OCSP responder requires revocation check
- [DSS-3575] Improve CryptoInformation element within ETSI VR for multiple signing-certificate references
- [DSS-3577] Error on permitted annotation modifications
- [DSS-3579] Issues with DiagnosticData Serialization/Deserialization
- [DSS-3586] DSS fails to read FieldMDP or Lock dictionary when defined as indirect reference
- [DSS-3587] Certificate Synchronization Issue with TLValidationJob
- [DSS-3592] PAdES augmentation fails for some documents with multiple signatures
- [DSS-3595] HashMap containsKey() method evaluated as false after calling getDigest(DigestAlgorithm.SHA256) method on document
- [DSS-3606] DSS fails to create a visual signature field for a PDF page with negative coordinates
- [DSS-3613] JPMS Module Issue with dss-validation
Tasks / Other
- [DSS-3534] Introduce dss-cms-object and dss-cms-stream modules
- [DSS-3614] Upgrade to BouncyCastle v1.81
- [DSS-3615] Upgrade to Apache Santuario v3.0.6
- [DSS-3616] Upgrade to PdfBox v3.0.5
- [DSS-3618] Introduce profile for tests execution on large files
Migration
NOTE: This release includes breaking changes, impacting some functionalities, please see below:
- If you use a default validation process or provide a custom XML Validation Policy, the corresponding module should be added to the list of dependencies used within your project:
<dependencies>
...
<dependency>
<groupId>eu.europa.ec.joinup.sd-dss</groupId>
<artifactId>dss-policy-jaxb</artifactId>
</dependency>
...
</dependencies>
- Two alternative implementations for CMS processing have been introduced, impacting various modules such as
dss-cades,dss-padesanddss-asic-cades:
dss-cms-object- Uses in-memory handling of CMS objects based on BouncyCastle classes. This implementation provides the "old" behavior familiar from previous versions of DSS. In order to use the module, it should be added to the list of dependencies as demonstrated below:
<dependencies>
...
<dependency>
<groupId>eu.europa.ec.joinup.sd-dss</groupId>
<artifactId>dss-cms-object</artifactId>
</dependency>
...
</dependencies>
dss-cms-stream- An experimental implementation providing CMS reading and writing functionalities based on Streams. This implementation provides a possibility to sign and validate large documents, but the creation of CMS documents is limited to only BER coding format.
NOTE: Only one of the dss-cms-object or dss-cms-stream dependencies shall be used.
For more information about code changes and migration process, please refer to the Migration Guide in documentation.
Release Notes - eSignature DSS - Version 6.1.1
This release provides a hotfix for enabling support of Trusted List v6 (as per ETSI TS 119 612 v2.3.1). The release contains minimal changes.
New features / Improvements
- [DSS-3486] Add validation of Trusted List v6
- Updated dependencies (BouncyCastle, VeraPdf, FOP, logback);
- Fixed expired unit tests
Note
This migration requires changes in the used validation policy to support a new Trusted List version.In order to support both v5 and v6 Trusted Lists, you may update constraint as shown below:
| 6.1 | 6.1.1 |
<eIDAS>
...
<TLVersion Level="FAIL" value="5" />
...
</eIDAS> |
<eIDAS>
...
<TLVersion Level="FAIL">
<Id>5</Id>
<Id>6</Id>
</TLVersion>
...
</eIDAS> |
More information about the migration procedure can be found at the Migration Guide.
Release Notes - eSignature DSS - Version 6.0.1
This release provides a hotfix for enabling support of Trusted List v6 (as per ETSI TS 119 612 v2.3.1). The release contains minimal changes.
New features / Improvements
- [DSS-3486] Add validation of Trusted List v6
- Updated dependencies containing vulnerabilities (BouncyCastle, VeraPdf, FOP, logback);
- Fixed expired unit tests
Bug fixes
- [DSS-3348] Possible memory leak in XAdESSignature on Santuario signature creation
- [DSS-3406] CertificateValues in validation report incorrect format
- [DSS-3408] RevocationValues in validation report incorrect format
Note
This migration requires changes in the used validation policy to support a new Trusted List version.In order to support both v5 and v6 Trusted Lists, you may update constraint as shown below:
| 6.0 | 6.0.1 |
<eIDAS>
...
<TLVersion Level="FAIL" value="5" />
...
</eIDAS> |
<eIDAS>
...
<TLVersion Level="FAIL">
<Id>5</Id>
<Id>6</Id>
</TLVersion>
...
</eIDAS> |
More information about the migration procedure can be found at the Migration Guide.
Release Notes - eSignature DSS - Version 5.13.1
This release provides a hotfix for enabling support of Trusted List v6 (as per ETSI TS 119 612 v2.3.1). The release contains minimal changes.
New features / Improvements
- [DSS-3486] Add validation of Trusted List v6
- Updated dependencies containing vulnerabilities (BouncyCastle, VeraPdf, FOP, logback);
- Fixed expired unit tests
Bug fixes
- [DSS-3348] Possible memory leak in XAdESSignature on Santuario signature creation
- [DSS-3406] CertificateValues in validation report incorrect format
- [DSS-3408] RevocationValues in validation report incorrect format
Note
This migration requires changes in the used validation policy to support a new Trusted List version.In order to support both v5 and v6 Trusted Lists, you may update constraint as shown below:
| 5.13 | 5.13.1 |
<eIDAS>
...
<TLVersion Level="FAIL" value="5" />
...
</eIDAS> |
<eIDAS>
...
<TLVersion Level="FAIL">
<Id>5</Id>
<Id>6</Id>
</TLVersion>
...
</eIDAS> |
More information about the migration procedure can be found at the Migration Guide.
Release Notes - eSignature DSS - Version 6.2
Bug fixes / Issues
- [DSS-3519] Enforce TimeStamp level checks when no LTA material is present
- [DSS-3520] XAdES validation fails in case of tempered ds:KeyInfo certificate
- [DSS-3523] Misleading log warning on XAdES enveloping signature
- [DSS-3526] AlertOnNoRevocationAfterBestSignatureTime returns NextUpdate before current time
- [DSS-3529] dss-crl-parser-stream invalidates some CRLs signed by RSASSA-PSS
Improvements
- [DSS-3524] Vulnerability report review
- [DSS-3554] Upgrade to BouncyCastle 1.80
- [DSS-3555] DSS Demonstrations : add property to skip ASN1ObjectIdentifier validation
+ All the changes included in DSS 6.2.RC1.
For more information about code changes and migration process, please refer to the Migration Guide in documentation.
Release Notes - eSignature DSS - Version 6.2.RC1
New features
- [DSS-3166] Add support of ECDSA with SHA3 algorithms defined in RFC 9231
- [DSS-3207] Configurable memory settings on PAdES signature creation
- [DSS-3341] Add definition of trust anchors with time
- [DSS-3369] Implement support of noRevAvail RFC 9608
- [DSS-3393] Add option of nested CMS signatures creation
- [DSS-3468] Add ValidationTime to validateSignature REST/SOAP API
- [DSS-3486] Add validation of Trusted List v6
Improvements
- [DSS-2623] XAdES/JAdES : Separate timestamp validation data on LT level
- [DSS-2849] PAdES : add support of 142-2 extended profiles on validation
- [DSS-3374] REST/SOAP webservices : add unit tests for on signature augmentation with detached content
- [DSS-3404] Update trust anchor definition per TS 119 615 v1.2.1
- [DSS-3419] Adjust anchor links within Detailed Reports for new sunset checks
- [DSS-3428] Allow a check skip with alerts
- [DSS-3445] ASiCArchiveManifest shall refer a set of signed or timestamped files from covered signatures/timestamps
- [DSS-3454] Fix "CRL Signature cannot be validated" warning message
- [DSS-3460] Align getFilename method naming
- [DSS-3484] Automate digest encoding on signing with RSA algorithm
- [DSS-3487] Add support of AnyValidationData unsigned property
- [DSS-3513] Add option to choose between strict and lax validation of ats-hash-index attribute (CAdES)
- [DSS-3514] No minKeySize cryptographic constraint should not result in validation failure
Bug fixes / Issues
- [DSS-2353] JAdES LT adds time-stamps validation data to the xVals
- [DSS-2355] JAdES augmentation adds validation data for the signing certificate into the tstVD
- [DSS-2359] XAdES LT adds time-stamps validation data to CertificateValues and RevocationValues
- [DSS-2360] XAdES augmentation adds validation data for the signing certificate to the TimeStampValidationData element
- [DSS-2361] LTA augmentation of LTA signatures adds new revocation data for the signing certificate
- [DSS-3392] ASiC-S with CAdES creates invalid signature when a CMS signature is provided as an input
- [DSS-3395] Bad debug log in ImageUtils
- [DSS-3401] ASiCUtils.isZip(DSSDocument) method fails when a DigestDocument provided
- [DSS-3411] ASiC with XAdES creates manifest.xml with null media-type
- [DSS-3418] DiagnosticData does not include all certificate references when a custom TokenIdentifierProvider is used
- [DSS-3439] PAdES ByteRange is not properly checked
- [DSS-3451] Wrong link in reference to RFC4998
- [DSS-3452] Expected and actual values switched in error message
- [DSS-3458] XAdESPath contain imports from jaxb related modules
- [DSS-3475] crlSignKeyUsage validation
- [DSS-3478] Expired hardcoded test certificates break build
- [DSS-3480] DSS WebApp logs Using generated security password warning
- [DSS-3481] WebApp : CXF OpenAPI generates wrong JSON schema
- [DSS-3482] Failed validation of detached CMS signature when using not id-data content type
- [DSS-3490] Deadlock in TLValidationJob on TL URL change when CacheCleaner is not used
- [DSS-3495] Slow XAdES validation with large amount of datafiles
- [DSS-3506] Xades Signature DataObjectFormat missing reference to KeyInfo element
- [DSS-3512] Inconsistent ats-hash-index-v3 building for non Baseline or invalid CAdES structures
- [DSS-3519] Enforce TimeStamp level checks when no LTA material is present
Tasks / Other
- [DSS-3065] Refactor CustomProcessExecutorTest class
- [DSS-3122] Upgrade to PdfBox 3.0.0
- [DSS-3325] Upgrade to Apache Santuario 3.0.5
- [DSS-3435] Update highlightjs
- [DSS-3465] Upgrade to FOP 2.10
- [DSS-3483] Update BouncyCastle 1.79
- [DSS-3496] Nexu : fix link in demo
- [DSS-3499] Update cryptographic suites as per ETSI TS 119 312 v1.5.1
- [DSS-3501] Update HttpClient5 to version 4.5.x
- [DSS-3515] Update json-sKema v0.20.0
Release Notes - eSignature DSS - Version 6.1
Bug fixes / Issues
- [DSS-3366] XAdES: assertSignaturePossible blocks even on DetachedSignatureBuilder
- [DSS-3395] Bad debug log in ImageUtils
- [DSS-3400] JAdES iat header parameter incorrect value
- [DSS-3401] ASiCUtils.isZip(DSSDocument) method fails when a DigestDocument provided
- [DSS-3406] CertificateValues in validation report incorrect format
- [DSS-3407] Validation of ASiC-E containg an ASN.1 ER when the reducedHashtree field is not present
- [DSS-3408] RevocationValues in validation report incorrect format
- [DSS-3409] XAdES : reference name check fails for URL-encoded entries
- [DSS-3410] Hash Failure when validating XMLERS with 3 ArchiveTimeStampChain or more
- [DSS-3411] ASiC with XAdES creates manifest.xml with null media-type
- [DSS-3412] Hash Failure when validating an XMLERS with a hashtree renewal followed by a timestamp renewal
- [DSS-3415] JAXBPKILoader invalid behavior for multiple cross certificates
- [DSS-3423] ASiC-E signatures are not reported when no linked manifest found
- [DSS-3424] ASiC with ER chooses wrong DocumentValidator
- [DSS-3438] Sha2FileCacheDataLoader should rethrow original exception
Improvements
- [DSS-3436] dss-demo-bundle to use JDK 21 by default
+ All the changes included in DSS 6.1.RC1.
NOTE: This release includes a breaking change, impacting the signature validation process. If you use validation, please include the following module to the list of dependencies:
<dependencies>
...
<dependency>
<groupId>eu.europa.ec.joinup.sd-dss</groupId>
<artifactId>dss-validation</artifactId>
</dependency>
...
</dependencies>
For more information about code changes and migration process, please refer to the Migration Guide in documentation.
Release Notes - eSignature DSS - Version 6.1.RC1
New features
- [DSS-3006] Warn the user if the PDF contains annotations done after the signature
- [DSS-3124] Add policy constraints for certificate attributes
- [DSS-3181] Add support of ASN.1 Evidence records
- [DSS-3238] DSS Demos: add configuration of TrustAllStrategy on TL loading
- [DSS-3240] Add configuration of revocation skip condition in validation policy
- [DSS-3248] Introduce Document Digest Generator for Evidence Record creation and validation
- [DSS-3278] Improve cache handling of LOTL/TLs with sha2 files
- [DSS-3283] Create Document Digest Generator for ASiC containers
- [DSS-3289] Add a possibility to specify a signature field for a visual time-stamp
- [DSS-3301] Create Document Digest Generator for Evidence Record renewal
- [DSS-3315] JAdES : add support of RFC 7519 'iat' header
- [DSS-3344] Introduce TimestampTokenVerifier
- [DSS-3364] DSS Demonstrations : add property to configure maximum number of XML manifest references
- [DSS-3372] Allow partial documents validation within an XML Manifest
- [DSS-3373] Add JAdES base64url signature parameters to signature creation endpoints
Improvements
- [DSS-2322] Allow to configure alerts in CertificateVerifier for the signature validation
- [DSS-2392] Add developer extension augmented documents
- [DSS-2751] Use CertificateVerifier to enforce certificate validation on signature creation
- [DSS-2935] Support for ISO 32001 and ISO 32002
- [DSS-3025] Placing LT signature on document containing LTA signature
- [DSS-3108] Differentiate RSA and RSA-PSS and validation policy
- [DSS-3123] PAdESService : verify if the provided document is a PDF file
- [DSS-3125] Custom CertificateSource implementations for trusted lists certificate sources
- [DSS-3204] Align Id attributes produced for XAdES timestamps
- [DSS-3223] Add support of Evidence Records on standalone time-stamps
- [DSS-3226] Detection of numeric object modification faulty/dubious
- [DSS-3235] ASN.1 Evidence Records : add verification of digest algorithm
- [DSS-3236] Merge reference digest algorithm cryptographic validation block
- [DSS-3242] XAdES: Cannot sign multiple times with Enveloped transform
- [DSS-3279] DSSDocument.getDigest should return byte array
- [DSS-3297] ASiC merger : add handling of evidence records
- [DSS-3298] Configurable revocation update based on maximum revocation freshness constraint
- [DSS-3326] Ease requirements for JAdES protected headers within 'crit'
- [DSS-3331] dss-demo - add config property to load Java default proxy settings
- [DSS-3338] Skip .sha2 file verification for LOTL Pivots
- [DSS-3367] Allow ASiC signature of 2GB+ documents
Bug fixes / Issues
- [DSS-2730] Revocation data not considered fresh in LTA with qualified timestamp
- [DSS-2805] Validation result depends on signature certificate validity
- [DSS-3053] SVG : notBefore/notAfter dates displayed on hover are duplicated between all certificates
- [DSS-3191] DSS does not detect duplicated signing-certificate attributes in CMS
- [DSS-3192] NOT_YET_VALID certificate passes validation when basic validation process returns REVOCATION_OUT_OF_BOUNDS_NO_POE
- [DSS-3221] Different validation outcomes in two logically identical scenarios
- [DSS-3228] NPE when two equivalent evidence records with the same filename provided to validation
- [DSS-3233] ER ArchiveTimeStampSequence time-stamp's validation does not ensure all original documents are covered
- [DSS-3234] Fix Dockerfile in master
- [DSS-3239] PdfByteRangeDocument cannot be used on document validation
- [DSS-3241] Inconsistencies in handling the signature policy ID in XAdESSignature::buildSignaturePolicy
- [DSS-3269] Double signature annotation when open action is set with destination array targeting the first page
- [DSS-3271] Cannot compile Transformer for Simple Report PDF when using Saxon-HE 12.4
- [DSS-3281] DiagnosticDataBuilder fails on evidence record covering an orphan reference
- [DSS-3323] Wrong timestamp order returned from unsigned properties (BC 1.78+)
- [DSS-3330] ASiC-E with CAdES validation : ASICManifest documents get duplicated in the report
- [DSS-3336] QCForLegalPerson qualifier is not processed correctly
- [DSS-3342] Cryptographic constraint shall be applied at current time for X509 certificate validation
- [DSS-3348] Possible memory leak in XAdESSignature on Santuario signature creation
- [DSS-3349] xades signature with empty namespace prefix
- [DSS-3356] Validation fails when SigningCertificateDigestAlgorithm constraint level is higher than failed Cryptographic level
- [DSS-3365] DSS returns XAdES-BASELINE-* for a signature without signing-certificate in KeyInfo
- [