Skip to main content
Skip table of contents

SignServer Community 5.10 Release Notes

COMMUNITY EDITION SEPTEMBER 2022

The SignServer team is pleased to announce the newest release of our open-source signing software SignServer Community Edition with version 5.10 and thank each and every SignServer Contributor for your work in getting us here.

These release notes cover new SignServer Community features and improvements implemented between SignServer Community 5.9.1 and SignServer Community 5.10.

The latest SignServer Community Edition release includes support for Java Archive (JAR) file signing and enhanced post-quantum signing as well as bug fixes and improvements.

Highlights

Java Archive (JAR) File Signing

Java Archive (JAR) file signing is now supported in the SignServer Community Edition. Using the SignServer JArchive signer, you can digitally sign JAR files, including .jar, .war, and .ear files. The signature can optionally include a timestamp response from a Time Stamp Authority (TSA) using the RFC#3161 format. Using SignServer to digitally sign JAR files protects your code against tampering and helps secure software supply chains using Java Archives. For more information, see Code Signing Technical How-to.

Post-quantum Signing with upgraded SPHINCS+ Algorithm

SignServer enables you to prepare for quantum-safe signing by using the NIST Post-Quantum Cryptography (PQC) candidate algorithm SPHINCS+ through Bouncy Castle. Using the CMS Signer and the Keystore Crypto Token together with the SPHINCS+ algorithm allows you to experiment with creating post-quantum keys and signatures. For more information, see the Post-quantum Code Signing How-to.

SignServer 5.10 has upgraded the Bouncy Castle version to 1.71.1 which includes support for the SPHINCS+ v3.1 algorithm.

Downloads and Resources

SignServer Community releases follow the release schedule for the Enterprise Edition, including all major and feature releases.

There are several options available for downloading the latest SignServer Community:

  • SignServer Community is available for download from GitHub.

  • SignServer Community Container is available for download from Docker Hub.

  • SignServer Community is available for download from SourceForge.

For download links, documentation, and contact information, see signserver.org. For upgrade instructions, see Upgrade SignServer.

Want to learn more about our open-source software? Get in touch over at SignServer Discussions on GitHub, a collective space where you can share feedback and contribute ideas to future releases. We would love to hear from you.

Keyfactor Community

In the Keyfactor Community, developers, engineers, and security teams can get hands-on with Keyfactor's open-source PKI and signing software, share ideas with peers, and learn from industry experts. Find out more and sign up for the Keyfactor Community Newsletter at signserver.org.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close