Skip to content

News and noteworthy

Philip Helger edited this page Oct 25, 2024 · 182 revisions

Releases

  • v3.0.0 - work in progress
  • v3.0.0-beta1 - 2024-10-25
    • Moved classes to different packages without changing the internals. See Migrations for details
    • The configuration files private-crypto.properties and crypto.properties are also deprecated. Please move the properties to application.properties, environment variables or Java system properties instead.
    • Added verification of AS4 Receipt XMLDSig "Reference" objects against the ones sent out in the User Message. See #220 - thx @problemzebra2
    • Added new interface IAS4SignalMessageValidationResultHandler to customize the result handling of DSig reference verification
    • The internal configuration object now needs to implement IConfigWithFallback instead of just IConfig
    • Implementations of IAS4CryptoFactory now need to implement ´getKeyPasswordPerAliasCharArrayinstead ofgetKeyPasswordPerAlias`
    • Created new class AS4CryptoFactoryConfiguration to replace AS4CryptoFactoryProperties as the default AS4 crypt factory
    • Deprecated classes AS4CryptoFactoryProperties and AS4CryptoProperties in favour of AS4CryptoFactoryConfiguration
    • Added new class AS4KeyStoreDescriptor to describe the parameters of a key store
    • Added new class AS4TrustStoreDescriptor to describe the parameters of a trust store
    • The internal AS4 configuration is now based on the IConfigWithFallback interface
    • Support for a default AS4 profile inside the AS4 Profile Manager was removed in the favour of the configuration property phase4.default.profile (previously called phase4.profile)
    • The "as4ProfileID" field is now mandatory when using the AS4 sender builder
    • The AS4 sender builder no longer overwrites the PMode Resolver if an AS4 profile is set, but makes sure a PMode resolver is present
    • The AS4DefaultPModeResolver no longer creates a default PMode if no AS4 profile is present
    • Class AbstractAS4PullRequestBuilder can now also handle a specific PMode ID
    • Added class AS4IncomingProfileSelectorConstant
    • Improved default handling of inbound AS4 Profile selection to automatically use the sending Profile
    • Added new EdDSA algorithms to ECryptoAlgorithmSign
    • Added new key encrypt algorithms in ECryptoKeyEncryptionAlgorithm
  • v3.0.0-beta1 - 2024-09-20
    • Moved classes to different packages without changing the internals. See Migrations for details
    • [BPC] Removed the profile phase4-profile-bpc in favour of phase4-profile-dbnalliance
    • Removed all deprecated methods marked for removal
    • Added possibility to Dynamically set responder address. See #233 - thx @koes-soptim
    • Added new classes IAS4IncomingReceiverConfiguration and AS4IncomingReceiverConfiguration for receiver checks
    • [Peppol] Added a "/peppol-status" status endpoint to the demo application. See #215 - thx @RichardVanMaaren
    • [EuCtp] Renamed class EuCtpPullRequestBuilder to AbstractEuCtpPullRequestBuilder and made abstract. Use Phase4EuCtpSender.builderPullRequest () instead
    • [EuCtp] Renamed method Phase4EuCtpSender.builder to builderUserMessage
    • Added new method IAS4IncomingMessageState.getEffectiveDecryptedSoapDocument
    • Added getters for nearly all sender builder properties
    • If an AS4 Receipt does not contain non-repudiation information, it now contains the original user message wrapped, to stay XSD compliant
    • The class AS4ClientReceipt can now also take an outside RefToMessageId. See #267 - thx @sywong2000
    • The AS4 Timestamp manager is now limiting the precision to milliseconds to ensure safe XML serializability.
    • Added new class Ebms3UserMessageMarshaller to solely serialize the UserMessage object
  • v2.8.6 - 2024-10-03
    • [DBNAlliance] Fixed an exception in the sender builder, if the XHE payload was created on the outside.
    • Class AS4OutgoingAttachment and the builder can now deal with custom properties. See #276 - thx @piotr-dajlido
  • v2.8.5 - 2024-09-17
    • [Peppol] Updated to phive 10.x and phive-rules 3.2.x
  • v2.8.4 - 2024-09-12
    • Using BouncyCastle bcjmail artefact instead of bcmail to use the Jakarta namespace correctly. See #271 - thx @problemzebra2
  • v2.8.3 - 2024-09-10
    • Updated to ph-commons 11.1.8 making sure the Content-Type HTTP header only uses a single space as separator between parameters
  • v2.8.2 - 2024-08-23
    • Added support for selecting AS4 profile on sending. See #244
    • Improved the overall AS4 Content-Type header. See #263
    • Added some sanity methods in AS4XServletHandler
  • v2.8.1 - 2024-08-13
    • Updated to peppol-commons 9.5.1
    • [Peppol] Improved support for determining availability status of Participants. See #248 - thx @tonytram
    • [Peppol] Extended class Phase4PeppolReceiverCheckData to contain all settings of Phase4PeppolServletConfiguration. See #250
    • [Peppol] Extended client builder by adding smpClient overload including the wildcard selection mode
  • v2.8.0 - 2024-07-30
    • Extended the UserMessage builder to be able to set the AgreementRef "type" value. See #243 - thx @sywong2000
    • [Peppol] Updated to dnsjava 3.6.0 fixing CVE-2024-25638
    • [Peppol] Updated to peppol-reporting 3.0.0
    • [Peppol] Updated to Peppol eDEC Code Lists v8.9
    • [EuCtp] Added new AS4 profiles for "EU CTP" supporting the exchange of messages in customs. See #39 - thx @jonrios
    • [BDEW] Extended the PMode configuration for the BDEW profile. See #251 - thx @koreiffer
    • [DBNAlliance] improved the DBNAlliance client to create the XHE. See #247 - thx @robinsongarciax
  • v2.7.7 - 2024-05-24
    • Updated to peppol-commons 9.4.0
    • [DBNAlliance] Added new submodule phase4-dbnalliance-client.
    • Renamed the AS4 profile names for the EESPA module to "GENA". The AS4 profile IDs are unchanged.
    • Added new ICryptoSessionKeyProvider.INSTANCE_RANDOM_AES_256 constant
    • Deprecated the BPC PMode classes
  • v2.7.6 - 2024-05-07
    • Updated to BouncyCastle 1.78
    • [BDEW] Increased the compliance of the validator to check for EMT/MAKO certificates. See #235 - thx @problemzebra2
    • Extended API to support AgreementRef/@type attribute as well. See #238 - thx @sywong2000
    • In case a reception SPI processor returned a failure without an error message, a default error message with code EBMS:0004 is returned.
  • v2.7.5 - 2024-03-29
    • Updated to WSS4J 3.0.3
    • Updated to xmlsec 3.0.4
    • Updated to ph-commons 11.1.5
    • Ensured Java 21 compatibility
    • Added new class Ebms3SignalMessageMarshaller to easy the logging of Ebms3SignalMessage messages
    • Added new configuration property phase4.errormsg.include.stacktraces to be able to disable stack traces in AS4 Error messages. See #225
    • Started more structured logging around specific activity sections. See #219 - thx @Stefan4112
  • v2.7.4 - 2024-01-29
  • v2.7.3 - 2024-01-23
    • [Peppol] Updated to peppol-commons 9.3.0
    • The IAS4IncomingMessageMetadata now also contains the HTTP headers of the source request
    • Fixed a typo in an error message. Used that to further improve the specific error messages. See #211 - thanks @problemzebra2
    • [Peppol] Extended Phase4PeppolReceiverCheckData with the SMP wildcard lookup selection mode
    • [Peppol] Incoming messages can now also checked using the Wildcard lookup. Added Phase4PeppolServletConfiguration.setWildcardSelectionMode to configure this. See #209 - thanks @sakasaka19
  • v2.7.2 - 2024-01-10
    • [Peppol] Updated to peppol-commons 9.2.3
    • [Peppol] The default revocation check method for Peppol was changed from OCSP to CRL_BEFORE_OCSP to work around the issue mentioned at https://github.com/phax/phase4/issues/124#issuecomment-1884441835. Use CertificateRevocationChecker.setRevocationCheckMode (ERevocationCheckMode) to change the default value in your code.
  • v2.7.1 - 2024-01-09
    • [Peppol] Updated to peppol-commons 9.2.2
    • [Peppol] Added a signing certificate revocation check when receiving Peppol messages
    • [Peppol] Via Phase4PeppolServletConfiguration.setCheckSigningCertificateRevocation(boolean) the signing certificate revocation check can be disabled globally
    • [Peppol] Via Phase4PeppolServletConfiguration.setCheckSBDHForMandatoryCountryC1(boolean) the check for the mandatory COUNTRY_C1 Peppol SBDH element can be disabled globally
  • v2.7.0 - 2024-01-07
    • [Peppol] Updated to peppol-commons 9.2.0
      • All occurrences of PeppolSBDHDocument need to be changed to PeppolSBDHData
      • The "Country C1" field is now always mandatory
    • [DBNA] Added new AS4 profile "DBN Alliance". See #200 - thanks @ri4a
    • [Peppol] Removed the date check for the mandatoriness of the "Country C1" field in the Peppol SBDH when sending out messages
    • [Peppol] Fixed an invalid @Nonnull annotation at IPhase4PeppolCertificateCheckResultHandler. See #206 - thanks @Florianisme
    • AS4 Error Messages are signed if possible, but it is still possible that unsigned error messages are returned. See #188 - thanks @problemzebra2; also affects Oxalis-AS4#205
  • v2.6.0 - 2023-12-07
    • [Peppol] Updated to peppol-reporting 2.2.0
    • [BDEW] For the BDEW profile the ping messages are now passed into the custom SPI handler. See #175 - thanks @problemzebra2
    • [Peppol] Added a new parameter to IPhase4PeppolIncomingSBDHandlerSPI.handleIncomingSBD to be able to provide better error messages. (backward incompatible change) See #196
    • Improved the internal error handling, so that EBMS errors are propagated with more details. (backward incompatible change) See #198 - thx @arj03
  • v2.5.2 - 2023-11-15
    • Updated to BouncyCastle 1.77
    • Updated to WSS4J 3.0.2
    • [Peppol] Updated to peppol-reporting 2.1.6 containing the updated Schematron rules for EUSR and TSR
    • [BDEW] Improved the BDEW PMode validator etc. See #187 and #190 - thanks @koes-soptim
    • The classes AbstractAS4IncomingDumperWithHeaders and AbstractAS4OutgoingDumperWithHeaders can now configure if headers should be dumped or not
  • v2.5.1 - 2023-10-27
    • Added a parameter to enforce the packaging in MIME messages, even if no attachment is present. See #186 - thanks @problemzebra2
    • Fixed an error that if no payload is present no encryption will be performed
  • v2.5.0 - 2023-10-25
    • [Peppol] Updated to peppol-reporting 2.1.4 containing the updated Schematron rules for EUSR and TSR
    • Added the missing call to IAS4ProfileValidator.validateSignalMessage
    • [BDEW] Fixed the ID type for BDEW participants. See #178 - thanks @problemzebra2
    • [BDEW] Made the payload check for BDEW optional. See #180 - thanks @problemzebra2
    • Added new SPI interface com.helger.phase4.incoming.spi.IAS4IncomingMessageProcessingStatusSPI to be used as a callback for incoming message processing start and end
    • Added a possibility to verify the TLS client certificate via the AS4 profile. See #182 - thanks @problemzebra2
    • Extended the API of IAS4SignalMessageConsumer.handleSignalMessage with IAS4IncomingMessageMetadata. (backward incompatible change) See #177 - thanks @sopgreg
    • Extended the API of IAS4UserMessageConsumer.handleUserMessage with IAS4IncomingMessageMetadata for consistency. (backward incompatible change)
  • v2.4.0 - 2023-09-26
    • Updated to peppol-reporting 2.1.3 containing the updated Schematron rules for EUSR and TSR
    • The BDEW sender client sets a the agreementRef value to https://www.bdew.de/as4/communication/agreement by default
    • Added new enum ECryptoMode to differentiate between sign/encrypt and verify/decrypt
    • Added a mandatory ECryptoMode parameter to IAS4CryptoFactory.getCrypto(...)
    • Fixed a regression introduced in v2.2.2 that affects BDEW and ENTSOG - the payload parameters are set correctly again. See #172 - thanks @problemzebra2
  • v2.3.0 - 2023-09-20
    • Updated to phive 9.x
    • Deprecated AS4MessageProcessorResult.createFailure(String) in favour of AS4MessageProcessorResult.createFailure(). See issue #162 - thanks @sopgreg
    • Deprecated AS4SignalMessageProcessorResult.createFailure(String) in favour of AS4SignalMessageProcessorResult.createFailure(). See issue #162 - thanks @sopgreg
    • Extended the AS4UserMessage.create message to also include the optional MPC parameter
    • Peppol incoming handler denies messages that are not signed and encrypted
    • Fixed the default BDEW crypting key identifier. See issue #167 - thanks @problemzebra2
    • Extended the IAS4IncomingSecurityConfiguration interface to include the full AS4SigningParams and AS4CryptParams objects. See #165 and issue #166 - thanks @sopgreg and @problemzebra2
    • The method AS4ProfileSelector.getAS4ProfileID () now also falls back to IAS4ProfileManager.getDefaultProfileOrNull()
  • v2.2.2 - 2023-09-12
    • Updated to peppol-commons 9.0.8
    • The "Certificate Consumer" in the Peppol client is now also invoked, when .checkReceiverAPCertificate(false) is called
    • The class AbstractENTSOGUserMessageBuilder is now derived from AbstractAS4UserMessageBuilderMIMEPayload and yet customization of the attachment part works
    • The class AbstractBDEWUserMessageBuilder is now derived from AbstractAS4UserMessageBuilderMIMEPayload and yet customization of the attachment part works
    • Added new interface IAS4SendingDateTimeConsumer to determine the effective sending date and time
    • Made the determination of the effective sending date and time more consistent
    • In the Peppol client, the country code of C1 will be checked for mandatoriness from 1.1.2024 onwards
    • Added new interface IWSSecSignatureCustomizer to customize created WSSecSignature objects. Handle with care
    • Added support for Peppol Reporting via the peppol-reporting-api project as defined in https://github.com/phax/peppol-reporting
  • v2.2.1 - 2023-08-20
    • Updated to ph-oton 9.2.0 for reduced dependencies
    • Reduced defined versions in the parent-pom and moved it to the module POMs where applicable
  • v2.2.0 - 2023-08-20
    • Allowing separate IAS4CryptoFactory configurations for signing/signature verification and encrypting/decrypting. See issue #139 - thanks @sopgreg
      • Most internal APIs that previously took one parameter for "cryptoFactory" now take two parameters for "cryptoFactorySign" and "cryptoFactoryCrypt"
    • Removed IAS4CryptoFactory.isAllowRSA15KeyTransportAlgorithm()
      • The configuration property org.apache.wss4j.dom.handler.RequestData.allowRSA15KeyTransportAlgorithm is no longer supported
      • As an alternative the interface IAS4DecryptParameterModifier was introduced to allow even more fine-grained customization
    • Improved the unique PMode determination, by comparing all fields of Initiator and Responder. See issue #118 - thanks @sopgreg
    • Removed the Serializable interface from objects where it is not needed
    • The interface IPModeIDProvider now relies on the PModeParty of initiator and responder instead on the ID only
    • Allowed an external customization of the WSSConfig object created for decryption. See issue #150 - thanks @sopgreg
      • This and the RequestData object can be customized via a callback using IAS4DecryptParameterModifier
  • v2.1.5 - 2023-08-03
    • Reverted the incorrect use of the Binary Security Token value type "#X509PKIPathv1" for Peppol and others (introduced in v2.1.3). Only BDEW needs this. See Discussion #149 - thanks to @binaradarsha
  • v2.1.4 - 2023-08-01
    • Updated to WSS4J 3.0.1
    • Updated to ph-commons 11.1
    • Add a possibility to customize the signingParams and cryptParams in AbstractAS4MessageBuilder
    • Made the Java security Provider for encryption customizable
    • Increased customizability of security configuration
  • v2.1.3 - 2023-07-13
    • Updated to BouncyCastle 1.75
    • Improved support for the COUNTRY_C1 field in Peppol SBDH
    • Added a consistency check to avoid that pre-built SBD documents are used with the plain Peppol sender builder
    • The BinarySecurityToken for signed AS4 messages now uses the ValueType of ...#X509PKIPathv1 by default
    • The default response timeout for Peppol client messages was changed from 5 minutes to 2 minutes to reflect SLA changes
    • Added new interface IAS4IncomingSecurityConfiguration to customize AS4RequestHandler security configuration
  • v2.1.2 - 2023-06-06
    • Made the session key provider for AS4 encryption session keys customizable
    • Made some backwards incompatible changes to the API of BDEWPayloadParams so that it is chainable
  • v2.1.1 - 2023-05-26
    • Updated to Spring Boot 3.1.0 fixing CVE-2023-20883
    • Requires at least peppol-commons 9.0.6
    • Added support for the COUNTRY_C1 field in Peppol SBDH
  • v2.1.0 - 2023-04-30
    • Requires at least ph-commons 11.0.4
    • Requires at least peppol-commons 9.0.4
    • Added new submodules phase4-profile-bdew and phase4-bdew-client to support the German BDEW profile for the gas industry. See PR #122 - thanks to @sopgreg
    • Added interface IAS4PModeAwareCryptoFactory to make keystore / truststore decisions based on the selected PMode. See PR #121 - thanks to @sopgreg
    • Deprecated class EXMLDSigDocumentType
    • Avoid closing the dumping OutputStream more then once. See issue #120
    • Fixed support for Surrogate characters for e.g. Japanese
  • v2.0.0 - 2023-04-13
    • Updated to xmlsec 3.0.2
    • Using XML marshalling based on GenericJAXBMarshaller instead of separate reader/writer classes
    • The paths of the internal XML schemas have changed to contain external/
  • v2.0.0-RC1 - 2023-02-24
    • Using Java 11 as the baseline
    • Using Servlet API 5.0.0 as the baseline: JakartaEE 9, Java 11+, Apache Tomcat v10.0.x, Jetty 11.x
    • Using Eclipse Angus 2.0.x
    • Updated to xmlsec 3.0.1
    • Updated to WSS4J 3.0.0
    • Updated to ph-commons 11
    • Updated to Spring Boot 3.0.x
    • Removed deprecated classes and methods
    • Renamed class Phase4OutgoingAttachment to AS4OutgoingAttachment
    • Renamed class IManagerFactory to IAS4ManagerFactory
    • Renamed class ManagerFactoryInMemory to AS4ManagerFactoryInMemory
    • Renamed class ManagerFactoryPersistingFileSystem to AS4ManagerFactoryPersistingFileSystem
    • Renamed class Phase4Sender to AS4Sender
    • Renamed class Phase4KeyStoreCallbackHandler to AS4KeyStoreCallbackHandler
    • Added new base interfaces ICryptoAlgorithm(C14N|Crypt|Sign|SignDigest) for future usage
    • Added new enum entry ECryptoKeyIdentifierType.ISSUER_SERIAL_QUOTE_FORMAT
    • Added support for new signing algorithms (ECDSA with SHA (256|384|512), RSA with SHA (256|384|512) and MGF1 and RSA with SHA3 (256|384|512) and MGF1)
    • Enabled the variable replacement in the default configuration properties
  • v1.4.5 - 2024-01-17 [backport]
    • Updated to Spring Boot 2.7.18
    • Updated to xmlsec to 2.3.4
    • Updated to wss4j to 2.4.2
    • Updated to Log4J to 2.22.1
    • [Peppol] Added a signing certificate revocation check when receiving Peppol messages
    • [Peppol] Via Phase4PeppolServletConfiguration.setCheckSigningCertificateRevocation(boolean) the signing certificate revocation check can be disabled globally
  • v1.4.4 - 2023-05-26 [backport]
    • Updated to Spring Boot 2.7.12 fixing CVE-2023-20883
    • Requiring peppol-commons 8.8.6
    • Updated to ph-commons 10.2.4 fixing the issue with surrogate characters. See #123
    • Enabled the variable replacement in the default configuration properties. See #128
  • v1.4.3 - 2023-01-12
    • Updated to xmlsec 2.3.2
    • Added new class Phase4PeppolClientException for more control over error message handling
  • v1.4.2 - 2022-12-27
    • Updated to peppol-commons 8.8.1
    • Added new submodule phase4-eudamed-client that offers a specific client builder for the CEF profile
    • Fixed an NPE in AS4RawResponseConsumerWriteToFile when the file could not be opened for writing
    • Allow RSA 1.5 Key Transport Algorithm in WSS4J
    • Added another overload of Phase4PeppolSender.Builder.payload(IHasInputStream) to be more memory efficient
    • Extended API of EAS4MessageMode with isRequest and isResponse methods
    • Extended API of AS4IncomingMessageMetadata to include the request AS4 message ID, if this is for a response message
  • v1.4.1 - 2022-10-21
    • Updated to BouncyCastle 1.72 using the new artefact names bc*-jdk18on (instead of the old bc*-jdk15on)
    • Included a small change in IAS4CryptoFactory that allows to make the key password flexible per chosen alias
    • Extended the API in AS4RawResponseConsumerWriteToFile to have a callback that receives opened files
  • v1.4.0 - 2022-08-17
    • Updated to Apache HttpClient v5.x - incompatible change
    • Updated to peppol-commons 8.8.0
    • Updated to ph-web 9.7.1
    • Needed to make the HttpMimeMessageEntity constructor protected - use the static create method instead
  • v1.3.10 - 2022-08-17
    • Updated to peppol-commons 8.7.6 with Peppol Code Lists v8.2
    • Extended API of AbstractPeppolUserMessageBuilder to disable the AP receiver certificate check
    • Extended API of AbstractAS4MessageBuilder to provide a custom IHttpPoster implementation
    • The httpRetrySettings of the sending builder are not correctly honoured and not overwritten by the PMode settings
  • v1.3.9 - 2022-05-25
    • Updated to xmlsec 2.3.1
    • Updated to peppol-commons 8.7.5 with Peppol Code Lists v8.1
    • Improved the ENTSOG profile to remove some checks
  • v1.3.8 - 2022-05-06
    • Reverted the change to try to use TLS 1.3 connections. See issue #80. Thx @Florianisme
  • v1.3.7 - 2022-05-04
    • Updated the callback interface of AS4DumpReader to be able to decrypt all attachments
    • The Peppol, BPC and ENTSOG profile now also try to use TLS 1.3 connections
    • Added new submodule phase4-profile-eespa to support the EESPA AS4 profile
    • Deprecated class Phase4PeppolServlet in favour of AS4Servlet because they do the same thing
  • v1.3.6 - 2022-04-02
    • Moved all the documentation into a Wiki for better structuring of information
    • Added new submodule phase4-profile-bpc to support the BPC market pilot
    • Added support for a CEF two-corner profile. See issue #79. Thx @Nagendra-Naidu1629
    • Increased the debug logging for the sample Peppol Server application
    • The data type of PModeReceptionAwareness.RetryIntervalMS was changed from int to long
  • v1.3.5 - 2021-12-21
  • v1.3.4 - 2021-12-14
  • v1.3.3 - 2021-12-10
    • Updated to Log4J 2.15.0 for security reasons (CVE-2021-44228) - see https://www.lunasec.io/docs/blog/log4j-zero-day/
    • Updated to WSS4J 2.4.0
    • Updated to xmlsec 2.3.0
    • Fixed a typo in method name of class AbstractPeppolUserMessageBuilder (missing p of endpoint)
    • Fixed the interface name from IPhase4PeppolValidatonResultHandler to IPhase4PeppolValidationResultHandler. See issue #68.
    • Updated the Maven JAXB2 plugin so that it also build with Java 17
  • v1.3.2 - 2021-09-27
    • Updated to ph-web 9.6.1
    • Updated to phive-rules 2.1.7
    • Updated to xmlsec 2.2.3 (security fix)
    • Allowing to set the "RefToMessageId" in the client sender builders
    • Improved the error handling of ISOAPHeaderElementProcessor invocations. See issue #52.
  • v1.3.1 - 2021-05-21
    • Updated to xmlsec 2.2.2
    • Added the possibility to provide the content ID in the Peppol AS4 sender
    • Changed the layout of the default, random Content-IDs to match RFC 822
    • The error handling of the SPI invocations was improved
    • AS4MessageProcessorResult.createFailure now also takes empty arguments
    • Extended the internal API of AS4XServletHandler to make calls from the outside simpler
    • Added a new class AS4DumpReader that can be helpful in reading dumped ".as4in" messages at a later point in time
  • v1.3.0 - 2021-05-02
    • Updated to ph-commons 10.1
    • Moved the classes AS4IncomingDumperFileBased, AS4OutgoingDumperFileBased and AS4RawResponseConsumerWriteToFile from package com.helger.phase4.servlet.dump to package com.helger.phase4.dump. The old classes remain there, but deprecated.
    • IAS4IncomingDumper.onEndRequest is only called if onNewRequest returned a non-null stream
    • Improved logging in case of failed sending prerequisites
    • Changed from Offset(Date|Time|DateTime) to XMLOffset(Date|Time|DateTime) where the message exchange is affected
    • The JAXB implementation must now explicitly be added to an application pom.xml e.g. like this:
<dependency>
  <groupId>com.sun.xml.bind</groupId>
  <artifactId>jaxb-impl</artifactId>
</dependency>
  • v1.2.0 - 2021-03-28
    • Added the response AS4 Message ID as parameter to IAS4ServletMessageProcessorSPI.processAS4ResponseMessage
    • Renamed class EAS4IncomingMessageMode to EAS4MessageMode
    • Extended IAS4OutgoingDumper API with an EAS4MessageMode param
    • Extended the IAS4MessageState with "ref to message ID" and "message timestamp"
  • v1.1.1 - 2021-03-23
    • Made the AS4 message ID suffix customizable (see issue #50) using MessageHelperMethods.setCustomMessageIDSuffix(String)
  • v1.1.0 - 2021-03-22
    • Updated to ph-commons 10
    • Changed from Local(Date|Time|DateTime) to Offset(Date|Time|DateTime) where the message exchange is affected
  • v1.0.0 - 2021-03-10
    • Updated to phive-rules 2.0.5 with the more lightweight Peppol validation
    • Changed the default timeout of the Peppol HTTP settings from 100 seconds to 300 seconds (5 minutes) to comply with the TIA requirements
    • Added new submodule phase4-spring-boot-demo kindly provided by @jmrleal from Opensoft
  • v1.0.0-rc1 - 2021-02-17
    • Updated to peppol-commons 8.4.0
    • The configuration files private-crypto.properties, crypto.properties, private-as4.properties and as4.properties are no longer read
    • The configuration properties server.debug, server.production, server.nostartupinfo, server.datapath, server.profile, server.incoming.duplicatedisposal.minutes and server.address are no longer supported
    • Removed all deprecated elements
    • Extended the API of ESimpleUserMessageSendResult
    • Added AbstractAS4UserMessageBuilder.sendMessageAndCheckForReceipt overload with an exception consumer (see issue #48)
  • v0.14.0 - 2021-01-27
    • Changed the default directory structure of the incoming and outgoing dumper as well as the raw response consumer to have subdirectories for year, month and day of month
    • Extended Phase4OutgoingAttachment to also have a Charset parameter. Thanks to @pavelrotek for pointing this out.
    • Phase4OutgoingAttachment can now work on byte[] and File.
    • Added support for the ENTSOG AS4 profile (see issue #46). Therefore the new submodules phase4-profile-entsog as well as phase4-entsog-client were added. Thanks to @pavelrotek for providing it.
    • Removed all elements deprecated in 0.13.x or earlier
  • v0.13.2 - 2021-01-22
    • Fixed an error that an empty MessageProperties element is created which would not be XSD compliant. Thanks to Amish Regmi for pointing this out.
  • v0.13.1 - 2021-01-20
    • Updated to WSS4J 2.3.1
    • Updated to ph-web 9.5.2 updating the U-NAPTR lookup code for BDXL lookups
    • Added new class EbmsError to implement IEbmsError next to EEbmsError
    • The AS4RequestHandler received a SoapProcessingFinalizedCallback to be able to get notified on asynchronous processing finalization
    • Extended IAS4IncomingProfileSelector to allow to disable the AS4 profile validation of PModes
    • Remembering the MessageID earlier in the process, so that error messages can always use the RefToMessageId properly
    • Fine-tuned the CEF and Peppol PMode checks a bit
  • v0.13.0 - 2020-12-11
    • Extended exception API to that constructors with only another exception are present
    • Extended the Peppol demo server to store the attachments by default, even if the payload check does not work
    • Updated to peppol-commons 8.3.1 that fixes the Peppol SBDH TypeVersion check
    • The Peppol client builder no longer sets an invalid default TypeVersion in the SBDH
    • Added new interface IAS4SenderInterrupt to allow all sender builders to interrupt sending at a late stage
    • The HTTP retry settings are now assembled in the class HttpRetrySettings
    • AbstractAS4Client is no longer derived from BasicHttpPoster but instead has a customizable member that is responsible for the sending. This allows for exchanging the underlying HTTP engine.
    • The UserMessage builder now has a simplified sendMessageAndCheckForReceipt method that does all the success/error checks internally
    • Extended the AS4ClientSentMessage to also contain the HTTP response status line and the response HTTP headers
    • Added a new interface IAS4IncomingProfileSelector to make profile selection customizable
    • Renamed interface IIncomingAttachmentFactory to IAS4IncomingAttachmentFactory
    • Added new abstract base class AbstractAS4RawResponseConsumer to customize handling of status line and http headers
    • AS4RawResponseConsumerWriteToFile now logs the status line and the response headers by default (backward incompatible change)
    • The default filenames created from AS4RawResponseConsumerWriteToFile now use the extension .as4response instead of -response.xml because they are no longer pure XML
    • Moved method readCryptoPropertiesFromFile from AS4CryptoFactoryPropertiesFile to AS4CryptoFactoryProperties
  • v0.12.6 - 2020-11-25
  • v0.12.5 - 2020-11-25
    • Updated to peppol-commons 8.3.0
  • v0.12.4 - 2020-11-18
    • Remembering the original compression state of incoming attachments
    • Updated to ph-bdve-rules 1.0.14 including Peppol Fall 2020 release corrigendum
  • v0.12.3 - 2020-11-06
    • The phase4-server-webapp project now also stores all incoming messages to the dump path
    • Ensure the incoming dumper AS4IncomingDumperFileBased creates a unique filename by default
    • Allow an empty AS4 Conversation ID in a UserMessage
    • Ensuring that outgoing messages can be dumped, even if retries is set to 0 (see issue #43)
  • v0.12.2 - 2020-10-05
    • Extended the IPhase4PeppolIncomingSBDHandlerSPI interface to be able to reject messages on the AS4 layer
    • Updated to ph-bdve-rules 1.0.8
  • v0.12.1 - 2020-09-28
    • Updated to peppol-commons 8.2.4
    • Made the value checks when reading Peppol SBDH documents customizable via Phase4PeppolServletConfiguration.setPerformSBDHValueChecks
    • Extended the Peppol client sender API to easily send special binary and text payload
  • v0.12.0 - 2020-09-22
    • Extended the IPModeResolver to also contain the agreementRef value (for ENTSOG) - backwards incompatible change
    • Added support for custom "Part properties" in IAS4Attachment (for ENTSOG)
    • The sending date and time of the AS4 message can now be configured in the client
    • Made class PMode more static (see issue #41)
    • PModeValidationException is now a subclass of Phase4Exception
    • Added setters to some PMode related domain classes
    • A default serialization of the PMode objects as JSON is available (see issue #40)
    • The internal interface IAS4MessageState is now standalone
    • Made the incoming message metadata in class AS4XServletHandler easily customizable.
    • Made truststore accessible through IAS4CryptoFactory
    • Added new interface IAS4UserMessageConsumer
    • Extended API to make PullRequest sending simpler
    • Moved shared fields from AbstractAS4UserMessageBuilder to AbstractAS4MessageBuilder
    • Added new sanity builder for AS4 Pull Requests using Phase4Sender.builderPullRequest()
    • Changed PMode IAS4ServletPullRequestProcessorSPI.processAS4UserMessage to IPMode IAS4ServletPullRequestProcessorSPI.findPMode
  • v0.11.1 - 2020-09-17
    • Updated to Jakarta JAXB 2.3.3
    • Updated to ph-sbdh 4.1.1
    • Updated to peppol-commons 8.2.2
  • v0.11.0 - 2020-09-08
    • Extracted new enum ECryptoKeyIdentifierType to make the key information type customizable
    • Reworked the configuration so that system properties and environment variables can also be used
    • The class AS4Configuration is now the primary source for configuration stuff
    • Class AS4ServerConfiguration was deleted
    • Extracted the class AS4CryptoFactoryProperties as the base class for AS4CryptoFactoryPropertiesFile
    • Deprecated class AS4CryptoFactoryPropertiesFile in favour of AS4CryptoFactoryProperties
    • The file crypto.properties is considered deprecated. All values should be placed now in phase4.properties.
    • By default the "in memory" managers are enabled. To disable this, add phase4.manager.inmemory=false in your configuration.
    • Dumping interfaces no longer implement Serializable
    • Added missing onEndRequest call to the outgoing dumper when sending responses
  • v0.10.6 - 2020-09-03
    • The CEF client now has support for OASIS BDXR SMP v2
    • The signature canonicalization method can now be customized
    • Created new submodule phase4-dynamic-discovery that contains the shared parts used for dynamic discovery with SML and SMP
    • phase4-peppol-client and phase4-cef-client use the classes from phase4-dynamic-discovery - backwards incompatible change
  • v0.10.5 - 2020-08-30
    • Updated to ph-commons 9.4.7
    • Updated to ph-oton 8.2.6
    • Updated to peppol-commons 8.1.7
    • Replaced AS4WorkerPool with PhotonWorkerPool
    • Improved validation of Peppol requirements for incoming messages, if the correct AS4 Profile "peppol" is selected
    • Using Java 8 date and time classes for JAXB created classes
  • v0.10.4 - 2020-07-22
    • Extracted IAS4ProfileManager interface
    • Added profile manager to the IManagerFactory interface
    • Reworked the WSS4J initialization code to try to avoid the WSS-660 issue
  • v0.10.3 - 2020-07-15
    • Updated to ph-commons 9.4.6
    • Added AS4ServerInitializer.shutdownAS4Server to gracefully unschedule all jobs
    • Improved customizability of the Phase4CEFSender to define if the @type attribute should be emitted or not
    • Fixed an invalid Content-Type parsing issue, if an empty parameter is contained
  • v0.10.2 - 2020-07-07
    • Fixed an UnsupportedOperationException when AS4 HTTP Debugging was enabled AND an outgoing dumper was registered (see issue #39)
    • Extended Peppol SBDH based builder to set the identifiers from the SBDH (see issue #22)
    • Moved the HttpClientFactory setting one class up from AbstractAS4UserMessageBuilder to AbstractAS4MessageBuilder
    • Improved the configurability of the dumpers
  • v0.10.1 - 2020-06-24
    • Added the possibility to provide a custom VESRegistry to the Peppol client to provide additional validation rules
    • Changed the method IAS4DuplicateManager method findFirst to getItemOfMessageID to be implementable in different ways
    • Updated to WSS4J 2.3.0 and XMLSec 2.2.0
    • Using ph-xsds-xlink and ph-xsds-xml for a shared "XLink" JAXB artefact
  • v0.10.0 - 2020-06-08
    • Updated to ph-bdve 6.0.0
    • Merged phase4-servlet into phase4-lib; therefore dropped phase4-servlet submodule
    • Moved internal classes to new packages: BasicHttpPoster, AS4BidirectionalClientHelper
    • Added a new class Phase4Sender that does offer sending capabilities with the builder pattern
    • All the client builders were unified - that creates incompatible name changes to Phase4PeppolSender (as in setSenderPartyIDsenderPartyID)
    • Extracted IAS4TimestampManager to be able to provide custom timestamps
  • v0.9.17 - 2020-05-27
    • Changed Maven groupId to com.helger.phase4
    • Updated to ph-commons 9.4.4
  • v0.9.16 - 2020-05-20
    • Becoming more specific in thrown exceptions. Avoiding all "throws Exception"
    • Fixed a potential concurrency error in IPModeManager implementations when calling "createOrUpdatePMode"
    • Fixed a potential concurrency error in AS4CryptoFactoryPropertiesFile.getDefaultInstance()
    • Added new class Phase4OutgoingAttachment for easier creation of outgoing attachments
    • Extended the Phase4CEFSender to handle multiple attachments.
    • Extended the Phase4CEFSender to allow overriding "Action" and "Service"
  • v0.9.15 - 2020-05-19
    • Increased customizability of AS4XServletHandler
    • Added a new submodule phase4-cef-client for easy sending using the CEF profile
    • Note: this version had a problem when deploying to Maven Central - so it's binary representation is broken
  • v0.9.14 - 2020-04-28
    • Updated to WSS4J 2.2.5
    • Updated to ph-commons 9.4.1
    • Improved configurability of MetaAS4Manager
    • Moved callback interface IPhase4PeppolResponseConsumer to IAS4RawResponseConsumer in phase4-lib
    • Moved callback interface IPhase4PeppolSignalMessageConsumer to IAS4SignalMessageConsumer in phase4-lib
    • Moved Phase4PeppolSender.parseSignalMessage to class AS4IncomingHandler in phase4-servlet
    • Removed the check for the refToMessageInError attribute when receiving "Error SignalMessages"
  • v0.9.13 - 2020-03-17
    • Moved originalSender and finalRecipient tests to the CEF and Peppol profiles (see issue #33)
    • Added new class AS4ProfileSelector for more flexible profile selection
    • Added possibility for dumping the created SBDH in Phase4PeppolSender.Builder (see issue #34)
    • Made the setter of Phase4PeppolServletMessageProcessorSPI chainable
    • Extracted class Phase4PeppolReceiverCheckData to make the consistency check more flexible.
  • v0.9.12 - 2020-03-09
    • Fixed potential NPE in error case (see issue #32)
    • Fixed the setting of the originalSender and the finalRecipient message properties for Peppol. The type attribute must contain the identifier scheme.
  • v0.9.11 - 2020-03-03
    • Updated to ph-web 9.1.10
    • Propagating processing errors to the client (see issue #30) - thanks to https://github.com/RovoMe
    • Replaced the unchecked AS4BadRequestException with the checked Phase4Exception (backwards incompatible change)
  • v0.9.10 - 2020-02-16
    • Fixed a stupid error in the demo code that prohibits the correct receiver check activation - see https://github.com/phax/phase4/commit/796c054d972562d31fe33597b8f7938081b8183e for the resolution
    • Invoking the AS4RequestHandler error consumer also on asynchronous processing
    • Extended the error consumer interface of AS4RequestHandler from Consumer to IAS4RequestHandlerErrorConsumer (backwards incompatible change)
    • Extended the message metadata class AS4IncomingMessageMetadata
    • Updated to ph-web 9.1.9
  • v0.9.9 - 2020-02-09
    • Removed the methods deprecated in v0.9.8
    • Updated to peppol-commons 8.x
    • Extended Phase4PeppolEndpointDetailProviderSMP API
    • Added new subproject phase4-peppol-server-webapp with a demo server for receiving messages via Peppol
    • Extended IAS4IncomingDumper API with an "end request" notifier
    • The asynchronous response now also uses the outgoing dumper
    • Merged two methods in class IAS4ResponseAbstraction into one (backwards incompatible change)
    • Invoking the outgoing dumper also for responses sent for incoming messages
  • v0.9.8 - 2020-01-29
    • Added possibility to use external message ID in Peppol client
    • Added new classes AS4IncomingDumperSingleUse and AS4OutgoingDumperSingleUse for easier per-call dumping
    • Peppol client now has an additional callback to retrieve the AS4 URL where the message is send to
    • No longer throwing an exception if phase4.properties is not available. Changed to a warning.
    • Added new class AS4IncomingMessageMetadata to hold metadata for each incoming message
    • The IAS4ServletMessageProcessorSPI API was modified to now include IAS4IncomingMessageMetadata (backwards incompatible change)
    • The IPhase4PeppolIncomingSBDHandlerSPI API was modified to now include IAS4IncomingMessageMetadata as well as PeppolSBDHDocument, Ebms3UserMessage and IAS4MessageState (backwards incompatible change)
    • The IAS4IncomingDumper API was modified to now include IAS4IncomingMessageMetadata (backwards incompatible change)
    • Added the original (potentially encrypted) SOAP document into IAS4MessageState
    • Renamed type ESOAPVersion to ESoapVersion (backwards incompatible change)
    • Method names in IAS4ClientBuildMessageCallback changed to use Soap instead of SOAP
    • Extended IAS4ServletMessageProcessorSPI with a possibility to process the response message send out
    • Renamed AS4CryptoFactory to AS4CryptoFactoryPropertiesFile (backwards incompatible change)
  • v0.9.7 - 2020-01-20
    • Removed the default configuration files from phase4-peppol-client
    • Added the new submodule phase4-peppol-servlet with the Peppol specific receiving stuff
    • Extracted interface IAS4Attachment from WSS4JAttachment for read-only access
    • Fixed NPE when receiving an attachment without a "Content-ID"
    • Removed all deprecated and unused methods from previous versions
    • Extracted IAS4CryptoFactory interface for broader usage
    • Added possibility to use a preconfigured receiver AP certificate and endpoint URL for the Peppol client
    • Changed IPhase4PeppolValidatonResultHandler to be an empty interface and Phase4PeppolValidatonResultHandler is the default implementation
    • The base class of Phase4PeppolException changed from Exception to Phase4Exception
    • Incoming messages are checked via against the values configured in class Phase4PeppolServletConfiguration
    • For security reasons the dependency to the XML pull parser "woodstox" was removed
    • For security reasons the dependency to the DNS library "dnsjava" was removed
    • Added the new class AS4CryptoFactoryInMemoryKeyStore that takes an in-memory key store and trust store (see issue #28)
    • Updated to peppol-commons 7.0.6 with more flexible SMP client API
    • SOAPHeaderElementProcessorRegistry is no longer a singleton
    • The Peppol client can now handle Receipts that are MIME encoded
    • The Peppol client now verifies the signatures of the response messages
    • The Peppol client now honours the "incoming dumper" for the response messages
  • v0.9.6 - 2019-12-12
    • Removed the "ExceptionCallback" from Phase4PeppolSender
    • Changed the data types of "ResponseConsumer" and "SignalMsgConsumer" from Phase4PeppolSender to be able to throw exception (binary incompatible change)
    • Added the possibility to configure the keystore without the need of having the crypto.properties file
    • Extracted interface IMPCManager from MPCManager and using it internally
    • Extracted interface IPModeManager from PModeManager and using it internally
    • The method IPModeManager.validatePMode now throws a checked PModeValidationException exception (incompatible change)
    • Added the possibility to customize the outgoing dumper in class Phase4PeppolSender
    • Added specific Phase4PeppolSMPException for SMP lookup errors (incompatible change)
    • Extracted interface IAS4DuplicateManager from AS4DuplicateManager and using it internally
    • Added the possibility to send pre-build SBDH messages (see issue #22) (binary incompatible change)
    • Added support for creating in-memory managers only, using the system property phase4.manager.inmemory
    • Parameter type of IAS4IncomingDumper.onNewRequest changed to HttpHeaderMap (incompatible change)
    • Made AS4RequestHandler usage more flexible to not solely rely on the Servlet API
    • New logo thanks to Maria Petritsopoulou - http://stirringpixels.com/
  • v0.9.5 - 2019-11-27
    • Enforcing the usage of Phase4PeppolSender.builder() by making the main sending method private
    • Updated to peppol-commons 7.0.4 (moved classes PeppolCerticateChecker and EPeppolCertificateCheckResult there) (incompatible change)
    • Replaced the Peppol client "certificate consumer" type to be IPhase4PeppolCertificateCheckResultHandler (incompatible change)
  • v0.9.4 - 2019-11-20
    • Updated to ph-commons 9.3.8
    • Added OCSP/CLR check for Peppol certificates
    • Added support for validation of outgoing Peppol messages using the default Peppol Schematrons
    • Extended the Peppol client API a bit for client side validation (see issue #19)
    • Outgoing messages now have the User-Agent HTTP header set (see issue #20)
    • Fixed a typo in the short name of EBMS_FAILED_DECRYPTION (see issue #21)
    • Added a new Builder class for the Peppol AS4 client - use Phase4PeppolSender.builder() to get started
  • v0.9.3 - 2019-11-05
    • Updated to peppol-commons 7.0.3
    • Added new subproject phase4-peppol-client to easily send AS4 messages to Peppol
    • Fixed default initiator URL (see issue #18)
  • v0.9.2 - 2019-10-07
    • Fixed an invalid assumption in the Peppol PMode validator.
  • v0.9.1 - 2019-09-06 - Peppol conformant
    • Ignored WSS4J dependency "ehcache" to create smaller deployments
    • Added new subproject phase4-profile-peppol for the Peppol AS4 profile
    • From Party ID type and To Party ID type can now be set in the client
    • The service type can now be set in a PMode
    • Requires ph-commons 9.3.6
    • Requires ph-web 9.1.3
    • This is the first version passing the Peppol Testbed v1
  • v0.9.0 - 2019-08-08 - CEF conformant
    • The GitHub repository was officially renamed to phase4
    • All Maven artifact IDs were renamed from ph-as4-* to phase4-*
    • The package names changes from com.helger.as4.* to com.helger.phase4.*
    • Updated to WSS4J 2.2.4
    • Updated to ph-oton 8.2.0
    • Updated to peppol-commons 7.0.0
    • Updated to ph-commons 9.3.5
    • The submodule ph-as4-esens was renamed to phase4-profile-cef
    • The AS4 message handler now have a chance to access the received HTTP headers
    • Renamed ph-as4-server-webapp-test to phase4-test
    • Improved Crypto stuff configurability
    • Renamed AS4ResourceManager to AS4ResourceHelper
    • Renamed AS4Handler to AS4RequestHandler
    • Reworked client API so that it can be used chainable
    • Added retry support to clients
    • Added possibility to dump incoming and outgoing requests using AS4DumpManager
    • This version passes the CEF "AS4 Basic Connectivity Tests"
    • This version passes the CEF "AS4 Common Profile Test Assertions"
    • This version passes the CEF "AS4 Four Corner Profile Enhancement Test Assertions"
  • v0.8.2 - 2019-02-27
    • Adoptions for integration into TOOP
  • v0.8.1 - 2018-11-26
  • v0.8.0 - 2018-06-21
    • Updated to ph-commons 9.1.2
    • Updated to BouncyCastle 1.59
    • Updated to WSS4J 2.2.2
    • Successfully send test messages to AS4.NET and Holodeck 3.x
  • v0.7.0 - 2017-07-24
    • Added HTTP retry for client
    • Added server duplicate message detection for incoming messages
    • MessageInfo/Timestamp uses UTC - thanks Sander
    • Added two-way handling
    • Fixed bug that Receipt is not signed (if desired)
    • Removed PModeConfig in favor of redundant PMode objects
    • Removed partner handling - not needed anymore
    • To be on the safe side, delete all previously created as4-*.xml files as there were incompatible changes.
    • Added a second webapp - one for demo, one for testing
  • v0.6.0 - 2017-01-26
    • Extracted subproject ph-as4-servlet with only the AS4Servlet
    • Unified the namespaces across the sub-projects
    • Requires ph-web 8.7.2 or higher
    • Renamed ph-as4-server to ph-as4-server-webapp-demo
  • v0.5.0 - 2017-01-18
    • Initial release
    • Has everything needs for sending and receiving using the eSENS P-Mode profiles
    • Basic compatibility with Holodeck 2.1.2 is provided
    • Supports signed messages
    • Supports encrypted messages
    • Supports compressed messages
    • Targets to be easily integrateable into existing solutions
    • Requires Java 8 for building and execution