SignServer 5.9.1 Release Notes
MAY 2022
The SignServer team is pleased to announce the release of SignServer 5.9.1.
This release includes improvements for the integration with AWS CloudHSM. The release also brings new versions of OpenPDF and Bouncy Castle and other minor improvements and corrections.
Deployment options include SignServer Hardware Appliance and SignServer Cloud.
Highlights
AWS CloudHSM Improvements
New flexibility of the P11NG crypto token now allows P11NG to be used with SignServer for integration with AWS CloudHSM. A new setting on a worker or the crypto token can control if a certificate object is generated when a key pair is generated. When used for integration with AWS CloudHSM, the worker or crypto token must be configured not to generate certificates, using the P11NGCryptoToken property GENERATE_CERTIFICATE_OBJECT. A similar option is also available in the p11-ng tool (using the nocertificateobject flag).
Further improvements to the Android (APK) signers have been made in this release making the APK signers work fully without certificates in the token and thus function with AWS CloudHSM.
Bouncy Castle Upgraded to Latest Version
Bouncy Castle is upgraded to version 1.71.
OpenPDF Upgraded to Latest Version
OpenPDF is upgraded to version 1.3.28.
Upgrade Information
Review the SignServer Upgrade Notes for important information about this release. For upgrade instructions, see Upgrade SignServer.
SignServer 5.9.1 is included in SignServer Hardware Appliance 3.9.6 and SignServer Cloud 1.11.1.
Change Log: Resolved Issues
For full details of fixed bugs and implemented features in SignServer 5.9.1, refer to our Jira Issue Tracker.
Issues Resolved in 5.9.1
Released May 2022
New Features
DSS-2380 - Make key generation work with P11NG Tool with AWS CloudHSM
DSS-2381 - Support key entries without certificate with P11NG
Improvements
DSS-2369 - AdESSignerUnitTest fails in the build job
DSS-2451 - Add files that should not be tracked to .gitignore
DSS-2456 - Fix failing webtests
DSS-2457 - Do not fail parsing of PDF documents with negative indirect references
DSS-2459 - Upgrade BC to 1.71
DSS-2462 - Support for include certificate levels in APKHashSigner
DSS-2465 - Support in APK signers for certificate in config instead of import it into the token not only for other signers
DSS-2466 - Upgrade to OpenPDF 1.3.28
Bug Fixes
DSS-2453 - Keywrapping is not working with PostgreSQL
DSS-2463 - Regression: P11NG tool not included in P11NG CLI dist
DSS-2467 - Fail to verify the MSIX file signed with SignServer