SignServer 7.0 Release Notes
OCTOBER 2024
The SignServer team is pleased to announce the release of SignServer 7.0.
This release includes an upgrade to the entire technology stack of the application. The team has added support for Thales Data Protection on Demand (DPoD) HSMs and added new functionality to the AppX signer.
For available deployment options and associated versions, refer to Supported Versions.
Highlights
Upgraded Technology Stack
SignServer 7 introduces support for running on an upgraded technology stack. As of version 7.0, the deployment prerequisites now include WildFly 32 or JBoss EAP 8 as the supported application servers, and Java 17 as the required runtime environment. While Java 17 is required for this release, Java 21 is planned for a future releases.
Due to changes in recent WildFly versions and JBoss EAP 8, which are not backward compatible with WildFly 26 and JBoss 7.4, the upgrade from SignServer 6.3 to SignServer 7 requires a complete technology stack upgrade.
Announcements
Removal of DSA algorithm
Support for the DSA algorithm has been removed in SignServer 7.0, following its deprecation in SignServer 6.2. Users of this algorithm must migrate to other algorithms.
Removal of support for Java 11
Support for Java 11 has been removed as part of the migration to the upgraded technology stack released in 7.0. The minimum version of Java is now Java 17. This applies to both SignServer and SignClient.
Upgrade Information
Review the SignServer Upgrade Notes for important information about this release. For upgrade instructions, see Upgrade SignServer.
Change Log: Resolved Issues
The following lists implemented features and fixed issues in SignServer 7.0.
Issues Resolved in 7.0
Released October 2024
New Features
DSS-2786 Add Support for Thales DPOD when using P11NG
DSS-2800 Support for JBoss EAP 8 - Support for Jakarta EE 10
Improvements
DSS-1748 Test and Support SignServer with PostgreSQL 10+
DSS-2695 Upgrade to OpenPDF 1.3.34
DSS-2811 Drop support for DSA
DSS-2812 Upgrade x509-common-util and P11NG for 7.0
DSS-2814 PR #92 Update links in README etc
DSS-2815 Upgrade to Jakarta EE 10
DSS-2816 Upgrade sd-dss to 6.0
DSS-2817 Upgrade cesecore with support for Jakarta EE 10
DSS-2819 Patch commons-fileupload 1.5 to support Jakarta EE 10
DSS-2820 Upgrade REST Assured to 5.5.0
DSS-2821 Upgrade xmlsec to version 3.0.3
DSS-2822 Patch xades4j 2.2.1 to support Jakarta EE 10
DSS-2823 Upgrade guide to 7.0.0
DSS-2824 Upgrade apache cxf to version 4.0.4
DSS-2825 Upgrade jackson.core and jackson.module to 2.17.0
DSS-2826 Upgrade DeployTools to 2.3
DSS-2828 Upgrade to jakarta.jakartaee-api 10.0.0
DSS-2829 Upgrade jetty-util, jetty-io, jetty-http, and jetty-server to the same version and to work with Jakarta EE 10.
DSS-2833 Make SELFSIGNED_VALIDITY more robust
DSS-2834 Removed patched class after upgrade of OpenPDF
DSS-2836 Upgrade jacoco-maven-plugin to work with Java 17
DSS-2860 Drop support for Java 11
DSS-2867 Upgrade dependencies with reported vulnerable versions for 7.0
DSS-2869 Documentation: Clarify regarding masking of property value output in Admin CLI
DSS-2870 Add support for masking the output for getproperty and getconfig Admin CLI commands
DSS-2862 Changed the behavior of the SignServer Admin CLI when using the setproperty command to mask the PIN value
DSS-2791 Changed the behavior of the SignServer Admin CLI when using the setproperties command to mask the PIN value
Bug Fixes
DSS-2641 Authentication configuration not parsed properly when importing 2 or more workers
DSS-2773 JAR signature verification can fail after signing a jar file already signed by another tool
DSS-2780 Running admin CLI getstatus on a ZoneFileServerSideSigner gives exception
DSS-2784 Using large validity dates for self signed certificate is giving date in the past.
DSS-2796 JAR signature verification fails after signing a jar file already signed by another tool
DSS-2805 AdESSigner always checks revocation status of signer cert, even when NOCERTIFICATES=true is set
DSS-2808 Regression: P11NG: Key objects created when generating a wrapped key not explicitly removed
DSS-2818 Change in Java 17 breaks RenewalUtils.getRequestSignatureAlgorithm for EdDSA if a JCE cert is used
DSS-2830 Regression: Can not call RenewSignerBulkBean via JSF
DSS-2831 AdES Signer template can not be applied in AdminWeb
DSS-2832 Favicon not loading properly after JEE10 migration
DSS-2841 Regression: Can't add properties by clicking add in GUI
DSS-2850 Fix output of path to shortcut icon
DSS-2868 JSP error pages not loading different resources properly
DSS-2871 Regression: P11NG CryptoToken in web “RSA” shows as null
DSS-2872 Regression: "Missing key encoding" exception signing with XAdES Signer using PKCS#11
.png)