Skip to main content
Skip table of contents

SignServer 7.2 Release Notes

FEBRUARY 2025

The SignServer team is pleased to announce the release of SignServer 7.2.

This release introduces support for the CAdES signature format and also brings REST-based HSM enhancements.

The SignServer 7.2 release is available for software and container-based deployments. For available deployment options and associated versions, refer to Supported Versions.

Highlights

CAdES Signature Format

SignServer 7.2 supports Baseline Signature Levels for CAdES (CMS Advanced Electronic Signatures) as defined in ETSI TS 103 173. This includes signature levels CAdES-B, CAdES-T, CAdES-LT, and CAdES-LTA.

Level CAdES-B includes a document signature only. Level CAdES-T also includes a timestamp. In addition to the timestamp, level CAdES-LT also includes certificate revocation information. Level CAdES-LTA adds an additional timestamp and is suited for long-term archiving of documents.

SignServer support for CAdES signature format is implemented in the AdES Signer.

REST-based HSM enhancements

SignServer 7.2 has a number of improvements to the REST-based CryptoTokens. The performance has been improved as well as the addition of client-side hashing when using Fortanix. For both the usage of Fortanix and Azure KeyVault, support for database protection (audit log signing) has been added.

Announcements

Security Issue

A medium severity vulnerability was found that affects the SignServer EE/CE container deployments. Other deployment formats are unaffected and an upgrade of the container will prevent this issue from happening further. Once SignServer 7.2 has been generally available for at least six weeks, a CVE with the identifier CVE-2025-26787 will be published.

Upgrade Information

Review the SignServer Upgrade Notes for important upgrade information. For upgrade instructions, see Upgrade SignServer.

Change Log: Resolved Issues

The following lists implemented features and fixed issues in SignServer 7.2.

Issues Resolved in 7.2

Released February 2025

New Features

DSS-2807 Database Integrity Protection via CryptoTokens that are using their REST APIs

DSS-2847 Support Fortanix ECDSA with pre computed hash

DSS-2968 Add support for h2 database in container

DSS-2972 Add SignServer Dockerfile

Improvements

DSS-2891 Adding CAdES-B/T/LT/LTA to AdES signer

DSS-2892 Upgrade org.eclipse.jetty:jetty-http to version 12.0.12 or later

DSS-3029 Upgrade to P11NG 0.25.4 to enable Java TLS connections with the use of NJI11StaticSessionPrivateKey

DSS-3030 Increase number of threads available for REST based crypto tokens

DSS-3035 Update copyright year for 2025

DSS-3052 Bump up WildFly base image version for next release

Bug Fixes

DSS-2874 Regression: InvalidKeyException: Supplied key ... is not a RSAPrivateKey instance failures for XAdESSigner with SunP11 and P11NG after signing XAdES with AdESSigner

DSS-2878 P11NG: Signing of large files broken with PlainSigner as P11NG puts all data in memory before hashing

DSS-2880 P11NG: Importing certificate chain with duplicated certificate results in key entry without any certificate and the entry disappears

DSS-3050 Regression: Missing labels in container

DSS-3058 Security Issue

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close