﻿v8.14.6
*****************************************************************************

** Maintenance
    * [PSLCSGV-380] - Update cryptographic algorithm expiration dates (ETSI/SOGIS refresh)


v8.14.5
*****************************************************************************

** Bugs
    * [PSLCSGV-369] - derive validationpipeline mainStatus from ConformityCheckReport instead of ValidationReport


v8.14.4
*****************************************************************************

** Improvement
    * [PSLCSGV-367] - Extend trustCH and trustCHext with eIDAS TLs for improved consistency

** Maintenance
    * [PSLCSGV-361] - Update CH trusted list

** Bugs
    * [PSLCSGV-363] - PDF report attachment hash in the header is calculated incorrectly


v8.14.3
*****************************************************************************

** Story
    * [PSLCSGV-355] - Expand summary report creation API with generic args parameter

** Maintenance
    * [PSLCSGV-356] - CVE check: update spring dependencies


v8.14.2
*****************************************************************************

** Bugs
    * [PSLCSGV-334] - Corrupted OCSP responses are handled gracefully
    * [PSLCSGV-339] - Trust anchor evaluation fixed - fixes inconsistency between trustCH and database usage

** Story
    * [PSLCSGV-338] - New support for summary report creation via /reportcreator endpoint
    * [PSLCSGV-333] - augmentation consumes license budget from account "account_embed"


v8.14.1
*****************************************************************************

** Bug
    * [PSLCSGV-329] - DocMDP: Changed PDF catalog is not identified if new object ID is used

** Story
    * [PSLCSGV-263] - provide license information via REST API (manage/health) as in gears

** Maintenance
    * [PSLCSGV-331] - Update trusted lists


v8.14.0
*****************************************************************************

** Bugs
    * [PSLCSGV-293] - German Umlaut display issues in validation reports resolved

** Stories
    * [PSLCSGV-286] - New /validationpipeline endpoint added, to perform full SVA validation, conformity checks, and human-readable report generation
    * [PSLCSGV-210] - Offer explicit signature augmentation
    * [PSLCSGV-295] - Offer signature augmentation within validation pipeline
    * [PSLCSGV-313] - Enhanced discrete validation logic to transport information about changes according to MDP
    * [PSLCSGV-315] - Reports highlight visual modifications to signed PDFs post-signature, prompting manual review


v8.13.1
*****************************************************************************

** Improvements
	* [PSLCSGV-291] - Rules ...Qualified... shall accept qualified seals

** Bugs
	* [PSLCSGV-292] - TSA eutsa03.quovadisglobal.com is not accepted as EU QTSA


﻿﻿﻿﻿﻿﻿﻿﻿v8.13.0
*****************************************************************************

*** Upgrade notice ***
----------------------

Upgraded h2 embedded database to v2.3.232. Existing h2 databases of v1.4.196 are incompatible
and need to be rebuilt or explicitly  migrated.


Items addressed in this release:
--------------------------------

** New stories and features 

** Improvements
	* [PSLCSGV-261] - Report on document timestamp validation results
	* [PSLCSGV-285] - Let standard rules AllValid* be satisfied by valid timestamps
	* [PSLCSGV-262] - Extend validation report by hashvalues for certificates and signatures
	* [PSLCSGV-277] - Do not include the validated document into the SVA report
	* [PSLCSGV-281] - Check cryptographic algorithms and reject outdated ones
	* [PSLCSGV-284] - Convey PDF signature attributes (reason, name, contact info) in discrete signature representation
	* [PSLCSGV-288] - Write validation messages to XML report
	* [PSLCSG-2745] - Update 3rd party libraries
	* [PSLCSG-2713] - Do not expose stack traces in HTTP responses to client API requests
	* [PSLCSGV-290] - Update trusted lists

** Bugs
	* [PSLCSGV-287] - Enforce UTF-8 encoding for validation reports
	* [PSLCSGV-246] - Qualified Seal from Signius is presented as Qualified Signature
	* [PSLCSG-2678] - RollingFileAppender not usable (literal) as observation appender

** Stories and improvements for incubation
	* [PSLCSGV-237] - ETSI report on external RFC3161 document timestamp
	* [PSLCSG-2676] - Support log creation in XML format


﻿﻿﻿﻿﻿﻿﻿﻿v8.12.4
*****************************************************************************

** Improvements
	* [PSLCSGV-275] - Mark identical rewrites of objects as ignorable changes in PDF MDP validation
	
	
﻿﻿﻿﻿﻿﻿﻿﻿﻿﻿﻿﻿﻿﻿﻿﻿﻿﻿﻿﻿﻿﻿﻿﻿v8.12.3
*****************************************************************************

** Improvements
	* [PSLCSGV-271] - Provide access to PDF signature attributes (reason, name, contact info) in report creation
	* [PSLCSGV-272] - Provide access to all subject and issuer name attributes and values in report creation

** Fixed bugs
	* [PSLCSGV-274] - Fixed: Constraint validation fails if directory name is included in a certificate's policies
	
	
﻿﻿﻿﻿﻿﻿﻿﻿﻿﻿﻿﻿﻿﻿﻿﻿v8.12.2
*****************************************************************************

** Improvements
	* [PSLCSGV-273] - Updated 3rd party libs logback, thymeleaf and woodstock

	
﻿﻿﻿﻿﻿﻿﻿﻿v8.12.1
*****************************************************************************

** Fixed bugs
	* [PSLCSGV-257] - PDF DocMDP validation: Form changes sometimes go unidentified and are thus rejected as unknown

	
v8.12.0
*****************************************************************************

*** Important notice ***
------------------------
This version requires Apache Tomcat 10.


Items addressed in this release:
--------------------------------

** New features and stories
	* [PSLCSGV-252] - Integrate official trusted list for CH from BAKOM

** Improvements
	* [PSLCSGV-249] - Lookup revocation signer certs in signature data if not provided within the revocation resource
	* [PSLCSGV-248] - Improve change comparison performance for documents with many signatures
	* [PSLCSG-2609] - Expose license infos via JMX and actuator health endpoints.
	* [PSLCSG-2623] - Updated supported platforms
	* [PSLCSG-2635] - Updated trusted lists

** Fixed bugs
	* [PSLCSGV-247] - Change level handling differs in discrete validation from PDF validation
	* [PSLCSGV-245] - Existence of /Tabs entry is always marked as change in MDP validation
	* [PSLCSGV-250] - Non-latin characters cannot be used in content stream generation
	

﻿﻿﻿﻿﻿﻿﻿﻿v8.11.1
*****************************************************************************

** New features and stories
	* [PSLCSGV-220] - Generate report according to OASIS-DSS format
	* [PSLCSGV-206] - Provide standard report template
	* [PSLCSGV-209] - Provide standard rules
	* [PSLCSGV-215] - Support report template lookup from multiple sources
	* [PSLCSGV-221] - OASIS report on external RFC3161 document timestamp
	* [PSLCSGV-222] - OASIS report on external evidence record
	* [PSLCSGV-229] - Create validation report in plain text format
	
** Improvements
	* [PSLCSGV-234] - Collect applicable trust service territories
	* [PSLCSGV-243] - Update trusted lists

** Fixed bugs
	* [PSLCSGV-242] - Fixed NPE retrieving XML signature attribute SigningCertificate (v1)

	
v8.11.0
*****************************************************************************

*** Important notice ***
------------------------
This is the LAST APPLICATION VERSION supporting
- Tomcat 9
Support for this environment component will be discontinued in the next minor release.

Please be prepared to migrate your gears runtime environment for future versions, using
- Apache Tomcat 10


*** Upgrade notice ***
----------------------

This version requires Java v17.
Please ensure that Azul Zulu 17 (17.34.19 or newer) is available in your
runtime environment and used by Tomcat 9 when you upgrade to this gears version.

Template-based string evaluation within gears configuration and APIs now applies
access restrictions to certain variable namespaces. In case of issues, please
refer to section 9.13 "String Expansion" of the gears manual for configuration details.

This release introduces loadbalancing support and relies on correct processing of the
_links property returned in gears flow creation responses.


Items addressed in this release:
--------------------------------

** Major features and improvements
	* [PSLCSG-808] - Support multi-stage conversations in loadbalanced setups (applying stickyness)
	* [PSLCSG-1618] - Extensive application monitoring capabilities and integration features

** New features and stories
	* [PSLCSGV-225] - Provide validation info (crl, ocsp, certs) in validation result
	* [PSLCSG-2488] - Support flow authentication using a bearer token provided by d.velop's ecosystem
	* [PSLCSG-2359] - Support scheduled updates of trusted lists
	* [PSLCSG-2289] - Restrict access to sensitive information in template evaluation

** Improvements
	* [PSLCSGV-216] - Mark PDF changes as warnings, but don't invalidate the state
	* [PSLCSG-2341] - Only load built-in demo licenses if profile ""demo"" is active
	* [PSLCSG-2440] - Documented well-known Spring security beans
	* [PSLCSG-2464] - Do not show unnecessary LDAP health endpoint as down
	* [PSLCSG-2493] - Updated crypto dates based on ETSI TS 119 312 1.4.2 from 2022-02 and SOGIS 1.2 from 2020
	* [PSLCSG-2502] - Updated 3rd party libraries
	* [PSLCSG-2510] - Updated trusted lists
	* [PSLCSG-2445] - Make gears default security configuration optional
	* [PSLCSG-2281] - Improve error message for user "deny" in context of ACL
	* [PSLCSG-2303] - Expect and support non-String types in Spring properties
	* [PSLCSG-2311] - Observe spring security authentication failures.
	* [PSLCSG-2328] - Improved variable initialization
	* [PSLCSG-2332] - Enhanced HTTP security, adding referrer-policy header
	* [PSLCSG-2333] - Enhanced HTTP security, adding content-security-policy header
	* [PSLCSG-2353] - Fixed typo in OpenAPI documentation: redirectUrl --> redirectUri
	* [PSLCSG-2360] - Persist CRLs collected during validation
	* [PSLCSG-2388] - Disable access to external entities when parsing XMP metadata
	* [PSLCSG-2408] - Application properties and arguments are now logged in sorted order at startup
	* [PSLCSG-2303] - Expect and support non-String types in Spring properties
	* [PSLCSG-2095] - Document cryptdec algorithm configuration for key wrapping and password encryption
	* [PSLCSG-2124] - Support Java 17 as runtime environment
	* [PSLCSG-2131] - Improve log output quality correlating entries
	* [PSLCSG-2014] - Updated EU trusted lists and added QuoVadis CH TSUs chtsa01, chtsa02, chtsa03 to ZertES-reconized timestamp services	
	* [PSLCSG-2028] - Use more strict argument checks
	* [PSLCSG-2109] - Substitute log4j JARs by version 2.16.0 due to CVE-2021-44228 (Log4Shell). Note: The affected log4j-core library hasn't been included anyway!
	* [PSLCSG-2006] - Ensure that the master password is hidden from the log file
	* [PSLCSG-1985] - Updated trusted lists
	* [PSLCSG-1586] - Write license use data to log
	* [PSLCSG-1706] - Allow modifications on InfoDict in PDF MDP validation
	* [PSLCSG-1716] - Provide support for encrypted passwords in configuration files
	* [PSLCSG-1758] - Support Adobe V5/V6 PDF encryption algorithm in encryption and decryption
	* [PSLCSG-1823] - Do not log stacktrace for cancellations
	* [PSLCSG-1865] - Provide API allowing the cancellation of a running flow conversation
	* [PSLCSG-1638] - Support Red Hat Enterprise Linux as runtime environment
	* [PSLCSG-1538] - Base API documentation on OpenAPI Specification 3.0
	* [PSLCSG-1540] - Added examples to API documentation.
	* [PSLCSG-1542] - Support HTTP Basic Authentication when accessing gears APIs from Swagger UI

** Fixed bugs
	* [PSLCSG-2425] - Fixed: Wrong path reported upon forbidden API access
	* [PSLCSG-2195] - Secured processing of external XML entities
	* [PSLCSG-2104] - Mitigated possible deadlock when cleaning the OCSP cache.

** Stories and improvements for incubation
	* [PSLCSG-2213] - Track authorization decisions via log (undocumented)

	
v8.6.0.17
*****************************************************************************

** Improvements
	* [PSLCSGV-232] - Respect requested font style when using replacement fonts in HTML-to-PDF conversion
	

v8.6.0.16
*****************************************************************************

** Improvements
	* [PSLCSGV-217] - Do not log admin graphql messages on TRACE level
	* [PSLCSGV-218] - Use dedicated substatus for violated PDF MDP permissions
	* [PSLCSGV-219] - Support candidate list in analyzer model
	

v8.6.0.15
*****************************************************************************

** Improvements
	* [PSLCSGV-213] - Accept conversion between indirect and direct objects in MDP
	* [PSLCSGV-214] - Provide status access in validation report model for rule scripting
	

v8.6.0.14
*****************************************************************************

** Improvements
	* [PSLCSGV-205] - Add white background to header of imported pages
	

v8.6.0.13
*****************************************************************************

** Bugs
	* [PSLCSGV-202] - Last signed revision is not correctly sized if it ends the document with a CR
	

v8.6.0.12
*****************************************************************************

** New features and stories
	* [PSLCSGV-197] - Add header to imported pages of validated PDF documents

** Improvements
	* [PSLCSGV-201] - Retain signature appearance in imported pages
	

v8.6.0.11
*****************************************************************************

** Improvements
	* [PSLCSGV-198]  - Provide PDF signature reason in ETSI report
	* [PSLCSGV-199]  - Make signature reason accessible in conformity scripting
	* [PSLCSGV-200]  - Make signer's multiple OUs from subject DN accessible in conformity scripting

** Bugs
	* [PSLCSGV-196]  - Error when checking the conformity of documents with more than 5 signatures
	

v8.6.0.10
*****************************************************************************

** Bugs
	* [PSLCSGV-194]  - Swiss regulated seals are additionally typed as qualified seals
	* [PSLCSGV-195]  - Allowable revision change is not identified as such
	

v8.6.0.9
*****************************************************************************

** Bugs
	* [PSLCSGV-193]  - Embedded CRL is ignored in LTV validation if OCSP validation succeeds
	

v8.6.0.8
*****************************************************************************

** Improvements
	* [PSLCSGV-187]  - MDP validation: Be lenient about replacements of form default resources, alternate field names and readonly-setting
	* [PSLCSGV-188]  - MDP validation: Be lenient about replacements of field's default resources and default appearance
	* [PSLCSGV-189]  - Add Claimed Signer Roles to ETSI report and provide access in conformity checks
	* [PSLCSGV-190]  - Provide support for additional infos (e.g. UPReg version) to conformity check report
	* [PSLCSGV-192]  - Provide logging facility for conformity rule scripts

** Bugs
	* [PSLCSGV-191]  - Document not identified as LTV-enabled if ICA revocation info not embedded
	

v8.6.0.7
*****************************************************************************

** Improvements
	* [PSLCSGV-185]  - Accept changes to page's /tabs entry in MDP signature validation
	

v8.6.0.6
*****************************************************************************

** Improvements
	* [PSLCSGV-180]  - Sort signatures depending on their signed revision in chronological order
	* [PSLCSGV-181]  - Be tolerant checking the byte range coverage with respect to the revisions final EOL marker
	* [PSLCSGV-182]  - MDP validation: Ignore any DSS changes
	* [PSLCSGV-183]  - MDP validation: Ignore StructTreeRoot changes
	* [PSLCSGV-184]  - MDP validation: Accept changes to asignature field's /Lock entry
	

v8.6.0.5
*****************************************************************************

** Improvements
	* [PSLCSGV-170] - Conformity rule API: Provide signature substatus access
	* [PSLCSGV-171] - Provide distinction between qualified seal and qualified signature to conformity check
	* [PSLCSGV-172] - Accept untypical key usage on trusted CAs
	* [PSLCSGV-173] - Conformity rule API: Streamline state access
	* [PSLCSGV-174] - Conformity rule API: Allow setting of substatus in case of mainstatus "passed"
	* [PSLCSGV-175] - ETSI report: Encode generic signature attributes (UPReg)
	* [PSLCSGV-176] - Conformity rule API: Streamline timestamp access
	* [PSLCSGV-177] - Add new Swiss Government TSA certificate (2020-12) to Trusted List
	* [PSLCSGV-178] - Conformity rule API: Provide access to signature attributes
	* [PSLCSGV-179] - Conformity rule API: Streamline certificate access


v8.6.0.4
*****************************************************************************

** Improvements
	* [PSLCSGV-165]  - Accept changes to default resources in PDF MDP validation


v8.6.0.3
*****************************************************************************

** Improvements
	* [PSLCSGV-159]  - Follow redirects in CRL and OCSP
	* [PSLCSGV-160]  - Activate CRL caching
	* [PSLCSGV-161]  - Prefer HTTP over LDAP for CRL downloads


v8.6.0.1
*****************************************************************************

** Improvements
	* [PSLCSGV-155]  - Support signature representation without digest
	* [PSLCSGV-156]  - Support signature representation without signing time
	* [PSLCSGV-157]  - Support change level in discrete validation


v8.6.0
*****************************************************************************

Initial release
