v7.1.10 ***************************************************************************** Signature creation and validation - Introduced pen tablet Bridglet for capturing handwritten signatures with biometric data (to be used with gears) - Fixed: bridge UI shows empty window instead of offering certificates for selection v7.1.9 ***************************************************************************** General - Introduced support for Windows 11 - Introduced support for Windows 2022 Server - Replace log4j API libraries by version 2.16.0 - Fixed: Variable date formatting - character ':' not possible Signature creation and validation - Support D-Trust eHBA 2.1 - Support SHC eHBA 2.1 - Use profile "Standard" for signature creation by default v7.1.8 ***************************************************************************** General - Aligned TLS server certificate validation with CA browser forum guidelines Signature creation and validation - Internationalized texts of CertificateViewer dialog - Improved initial layout for bridge signing window PDF - Identify PDF version from header even if directly followed by binary characters - Fixed: RandomAccessViewport reads beyond its bounds - Fixed: Font entries directly contained in default resources cannot be reused v7.1.7 ***************************************************************************** General - Support bridge installation without admin permissions - Removed update check Signature creation and validation - Support D-Trust eHBA Generation 2 - Disallow PDF signature creation on certified documents where no modifications are allowed v7.1.6 ***************************************************************************** Signature creation and validation - Added support for D-TRUST 4.1 smartcard - Added support for D-TRUST 4.4 smartcard - Fixed: External XML signature uses non-schema-compliant IDs when embedding content - Fixed: External XML signature with with embedding of to-be-signed document leads to invalid digest v7.1.5 ***************************************************************************** General - Improved client-side TLS handling - Fixed: Proxy setting "use system settings" doesn't work with Java 11 Signature creation and validation - Preferably display pseudonym / given name + username for certificates - Support creation of XAdES-B-T signatures by adding timestamps - Improve validation path detection in case of expired / not yet valid CA certificates (experienced with MyCard) - XMLDSig: X509SubjectName should be converted to RFC 2253 - Fixed: Reuse of XRefStream object id may lead to signature-compromising change Services and interfaces - Disable TRACE HTTP method in Jetty - Redirect from Relay is missing query string for Firefox (bug workaround) - Windows user name is not case sensitive causing Zeroconf selection to fail PDF - Support signature creation on PDFs larger than 2 GB - Fixed: When saving an encrypted PDF document, an existing /Lang entry gets modified, potentially leading to signature rejection - Prevent replacement text strings to be encoded as UTF-16BE v7.1.3 ***************************************************************************** General - Do not show splash screen during auto start sequence - Included vmpotions template for proxy "auth tunneling" Signature creation and validation - Support refresh of certificates available via Windows crypto API - Fixed: Certificates on D-Trust 3.1 card are not offered for signing - Fixed: PKCS#11 device throws exception if card is removed v7.1.2 ***************************************************************************** General - Proxy settings now support domain - Fix memory leak with documents - BusyIndicator no longer keeps holding references to UI components. - fix resource cleanup after expiration Signature creation and validation - Creating 2nd signature after initial failure now supported. - The internal handling of multiple device providers is improved - The caller can define a filter for including/excluding device providers - Devices have improved NLS Services and interfaces - The brige agent communication default is no longer via bridge.intarsys.de with CA certified certificate. - Align all default session timeouts. Decouple HTTP session from logical bridge session. Attention: The brige agent communication default is no longer via bridge.intarsys.de with CA certified certificate. This means you may have to adapt your web client code and/or your installation settings. v7.1.1 ***************************************************************************** Signature creation and validation - Improved smartcard connection keep-alive handling. v7.1.0 ***************************************************************************** - Support Java 11. - Support bridge integration using URL protocol handler Attention: Due to the discontinuation of Java Web Start in Java 11, you will always require a local installation of Sign Live! cloud suite bridge in order to participate in cloud suite workflows. v7.0.7 ***************************************************************************** - Support D-Trust 3.1 card. - Improved bridge UI for keyboard-based control. - Support selection of local to-be-signed documents. - Support signature using PKCS#11 tokens. - Added splash screen. v7.0.6 ***************************************************************************** - Support purely server-based communication between bridge JavaScript module and bridge through the Remote Processor. No direct client-side HTTP connection is involved here. - Support D-Trust officer card. - Use XAdES property SigningCertificateV2 in signature creation to meet ETSI TS 319 132 requirements. - Support string expansion within appearance creation regardless of the signing device. - Support deactivation of TLS in bridge settings. - Bridge JavaScript module is now loaded from the web application server, not the bridge itself. - Support autostart control for bridge service container. - Fixed: Inconsistencies when updating from version 7.0.0. - Fixed: Cannot change PIN with class 1 card reader. - Fixed: Unprecise error message if D-Trust PIN is locked. v7.0.5 ***************************************************************************** - Extended license check. The origin URL must match the documentbase pattern in the bridge license file. - Show version info on bridge welcome page. - Bridge setting changes are used directly without bridge restart. - Improved bridge uninstallation. - Restrict Bridge and Applet to use Java 8. (Java 9 is not yet supported.) v7.0.3 ***************************************************************************** - Suppress /Encrypt entry in trailer dictionary of unencrypted documents. - "enforceSPE" can no longer be set via bridge arguments. - Fixed: "enforceSPE" settings page - Clean shutdown, unregister zeroconf services - A relay bridge will test for stale connections before redirect - Proxy settings are now available in the preferences page - Make command line parameters available. Support "-profile". - When a valid bridge was found that refuses to connect, no longer continue with retries - Improve self test fox JaxRS - Fixed: Empty credentials are not correctly serialized/deserialized - Fixed: Datev Stick (Kobil Stick) no longer causes cloud suite to "freeze". System will no longer retry indefinitely. - Re-entering a signature process for the RemoteProcessor will be aware of previously prepared signatures and reuse the "slot" - Unregister ZeroconfService when connection attempt fails - Create unique service name upfront for Zeroconf - Add a settings page that displays all properties that can be used when selecting a bridge client via the relay bridge (zeroconf properties). - Only dedicated relay bridges will redirect select requests. "Relay" is a property that can be switched on in the properties pages. - Timeout in "connectRetry" will now propagate to the "bridge.state" - Added a self test checking for "bridge.intarsys.de" (proxy exception required) v7.0.2 ***************************************************************************** - Added support for D-Trust 3.1 signature card - Added support for D-Trust 3.4 signature card (seal) v7.0.1 ***************************************************************************** - Renewed SSL certificate for bridge.intarsys.de - Support eGK gen 2 - Signature applet: support signature using PKCS#11 devices - Signature applet: support interactive file selection v7.0.0 ***************************************************************************** - Major release with initial support for the bridge technology - BouncyCastle upgrade 1.54 - Smartcard PSS encoding support - Feature updates see SignLive! CC release notes v6.3.0 ***************************************************************************** - NLS extensions v6.2.1 ***************************************************************************** - Added support for Windows NCrypt: Use the native Windows certificate store to create signatures. - CredentialManagementApplet shows retry count for each PIN, if available - CredentialManagementApplet updates PIN states, if an error occured - CredentialManagementApplet: improved PIN state management for Telesec cards - Multiple bug fixes v6.2.0.3 ***************************************************************************** - Added Feature: SmartcardDevice offers a new object containing the current card terminal state for the key word "cardTerminalState". See JavaDoc of de.intarsys.security.device.smartcard.device.SmartcardDevice. v6.2.0.2 ***************************************************************************** - BugFix display proxy authentication mask v6.2.0.1 ***************************************************************************** - Added parameter 'TELESEC_SHOW_PLACEHOLDER' and argument 'telesec.showPlaceholder' to make Telesec placeholder certificates available for authentication/signature. - Added activity progress notifications while signing documents. v6.2.0 ***************************************************************************** - Added Trusted PDF Viewer - Extended Trusted Text Viewer - Extended Trusted XML Viewer - Support XMLDSig signature without RemoteProcessor - Added eId client applet - Support PDF tag detection - Highly flexible activity API - Removed RemoteProcessor eANV aliases for job factory. Current valid name is 'de.intarsys.cloudsuite.remoteprocessor.processor.eanv.EANVSignatureJobDocumentProcessorFactory'. - Updated RemoteProcessor eANV XML transformations according to BMU recommendation. - NPA: all cards, which support the eID application (ID: 0xE80704007F00070302 in the file EF.DIR (see [TR-03110]) are assumed to be a eAT/NPa. v6.1.0 ***************************************************************************** - Fixed merging of indexed arguments from HTML forms, ARGS and ARGS_0, ... - Fixed logging - Fixed error message on failed PACE authentication - Added check ReinerSCT firmware version before usage (on Windows platforms) - Added new parameter 'LANGUAGE' and argument 'language' to set the UI language overwriting the system language settings - Added RemoteProcessor support for ECDSA signatures - Added/Updated permission attributes in JAR manifest file - Added support for HTML embedded license file - Added support for storage of PIN-Dialog preferences - Packaged applet in less JARs (cs_applet.jar, cs_mod_pdf.jar, bcprov-jdk15on-147.jar) - Updated Bouncy Castle JAR file (repackaged and signed with intarsys crypto provider certificate) - Updated SDK/JavaScript/deployJava.js from https://www.java.com/js/deployJava.js - Removed parameter "ARG_FILES". Use parameter "ARGS", "ARGS_*", HTML form fields or argument "override.args" instead. - Removed parameter "SIGNER_IDENTIFIER". Use parameter "PRINCIPAL_FILTER" or argument 'principalFilter' instead. - Removed parameter "DIGEST" and argument "digest" for the SignatureApplet. Use argument "hash" or "hashes" instead. - Removed parameter "HOST_URI" for the RemoteSignatureApplet. Use "HOST_URL" or argument "host.url" instead. - Removed class named "de.intarsys.stage.remoteprocessor.device.applet.model.RemoteSignerApplet". Use "de.intarsys.cloudsuite.applet.control.workflow.RemoteSignatureApplet" instead. - Removed class named "de.intarsys.stage.remoteprocessor.device.applet.RemoteSignerApplet". Use "de.intarsys.cloudsuite.applet.control.workflow.RemoteSignatureApplet" instead. v6.0.6 ***************************************************************************** - Fixed configuration bug in snippets authentication / monitor demo. - Fixed font path lookup with JRE 7. - Fixed documentation: The 'certificate' property of a principal used in a 'principalFilter' is actually named 'certificateBase64'. - Improved concurrent access to smart cards between applets and SignLive! CC client. - Added support for argument signing parameter 'signer.certificate.*'. - Added support for document individual 'digestSignerArgs' in batch mode. - Added new feature: Import applet returns the card serial number as an import result. - Updated JNLPs with codebase_lookup=false to reduce unnecessary requests to the code base. - Updated argument source priorities. HTML form arguments will have a lower priority than directly passed arguments and parameters. - Updated MonitorApplets default pricipalFilter: it is no longer limited to certificates supporting authentication. - Removed support for argument signing parameter 'signer.key.*'. - Removed support for token based argument signature. - Deprecation as of this version. Changes compared to the next minor version (6.1.0): - Parameter "ARG_FILES" will be removed. Use parameter "ARGS", "ARGS_*", HTML form fields or argument "override.args" instead. - Parameter "SIGNER_IDENTIFIER" will be removed. Use parameter "PRINCIPAL_FILTER" or argument 'principalFilter' instead. - Parameter "DIGEST" and argument "digest" for the SignatureApplet will be removed. Use argument "hash" or "hashes" instead. - Parameter "HOST_URI" for the RemoteSignatureApplet will be removed. Use "HOST_URL" or argument "host.url" instead. - Class name "de.intarsys.stage.remoteprocessor.device.applet.model.RemoteSignerApplet" will be removed. Use "de.intarsys.cloudsuite.applet.control.workflow.RemoteSignatureApplet" instead. - Class name "de.intarsys.stage.remoteprocessor.device.applet.RemoteSignerApplet" will be removed. Use "de.intarsys.cloudsuite.applet.control.workflow.RemoteSignatureApplet" instead. v6.0.5 ***************************************************************************** Out of order custom build for client. v6.0.4 ***************************************************************************** - Fixed: avoid loading a document only to detect if it can be previewed. This requires new meta information from the remote processor. - Added meta information for document type and size in the remote processor. - Added support for HTTP proxies with basic authentication - Added support for HTTP proxies with digest authentication v6.0.3 ***************************************************************************** - Fixed: CredentialManagement applet shows PINs and actions, which are not supported - Fixed: Error reading certificate of the "neuer Personalausweis" - Fixed: Layout bug for long certificate attributes - Fixed: Qualified certificates without a QC-Statement are not visible - Fixed: CredentialManagement applet only supported class 2/3 card readers. Added support for class 1 card readers. - Fixed: Multiple missing translations - Fixed: Error creating ECC signatures with Java 7. - Fixed: Missing native NTLM support for windows. - Fixed: Authentication certificates of the HBA are not filtered. - Improved status message, when no card reader is connected - Improved status message, when no certificate is visible - Improved status message, when all certificate were removed by the filter expression - Improved messages for "neuer Personalausweis" - Updated documentation to intarsys consulting GmbH code signing certificate - Updated documentation for parameters 'CERTIFICATE_VALIDATION_NOTBEFORE_ACTION' and 'CERTIFICATE_VALIDATION_NOTAFTER_ACTION' - Changed method name in JavaScript UI: renamed 'setObservable' to 'setValue' - Added new JavaScript UI demos to the snippets web app v6.0.2 ***************************************************************************** - New support for RemoteDeviceServices - New RemoteDeviceServices detection with Zeroconf - New support for batch signatures - Certificate validity period is checked during signature creation by default - DER-encode EC signatures in PKCS#7 - Extended PKCS#15 key property processing - Improved identification of QuoVadis ElDI-V smartcards - Added support for Telesec TCOS 3.0 Signature Card v2 (multi / single signature, initialization, pin change) - Fixed: Cannot initialize Telesec v1 smartcards due to error 0x69f0 - Fixed: PIN change message is incomplete when using a KOBIL card reader. - Updated licensing policy v6.0.1 ***************************************************************************** - Improved / updated support for Swisscom smartcards (single and multi) - Added support for QuoVadis ElDI-V smartcards - Added support for SwissSign SuisseID smartcards - New Credential Management Applet - New interface to connect a JavaScript based user interface with LiveConnect v6.0.0 ***************************************************************************** - New improved user interface - New base framework based on Claptz and SignLive - New APIs for easier integration - Full support of PDF and PKCS#7 signature creation