Skip to content

Releases: OxalisCommunity/oxalis

Oxalis 6.7.0

10 Aug 17:31
Compare
Choose a tag to compare
  • Added eDEC Codelist version 8.9 support
  • Bump vefa-peppol version to 3.7.0
  • Bump dnsjava version to 3.6.0
  • Bump commons-certvalidator version to 4.2.0
  • Replaced expired Peppol test certificate
  • Optimized BdxlLocator and BusdoxLocator to fix network-level errors as participant not found
# Following additional "maxRetries" and "timeout" properties configured in "reference.conf" for BusdoxLocator and BdxlLocator
mode.default.lookup.locator = {
    class: network.oxalis.vefa.peppol.lookup.locator.BusdoxLocator

    bdxl: {
        .....
        .....
        maxRetries: 3
        timeout: 30
    }

    busdox: {
        .....
        .....
        maxRetries: 3
        timeout: 30
    }
}

Full Changelog: v6.6.0...v6.7.0

Oxalis 6.6.0

19 May 22:33
Compare
Choose a tag to compare
  • Added eDEC Codelist version 8.8 support
  • Bump vefa-peppol version to 3.6.0
  • Bump Bouncycastle version to 1.78.1 to fix following vulnerabilities:
    • Bouncy Castle crafted signature and public key can be used to trigger an infinite loop
    • Bouncy Castle affected by timing side-channel for RSA key exchange ("The Marvin Attack")
    • Bouncy Castle certificate parsing issues cause high CPU usage during parameter evaluation.
    • Bouncy Castle Denial of Service (DoS)
    • Bouncy Castle For Java LDAP injection vulnerability
  • Bump commons-certvalidator to version 4.1.0
  • Bump dnsjava to 3.5.3 version
  • France Peppol certificate update

Full Changelog: v6.5.0...v6.6.0

Oxalis 6.5.0

04 Mar 14:05
Compare
Choose a tag to compare
  • Bump vefa-peppol to version 3.5.0
  • Added Dummy certificates and fixed Test cases

Full Changelog: v6.4.0...v6.5.0

Oxalis 6.4.0

09 Dec 07:53
Compare
Choose a tag to compare
  • Added eDEC codelist v8.7 support
  • Fixed security vulnerability related to logback-classic by version upgrae from 1.3.5 to 1.3.12
  • Fixed Test cases

Full Changelog: v6.3.0...v6.4.0

Oxalis 6.3.0

13 Nov 12:25
Compare
Choose a tag to compare
  • Bump vefa-peppol version to 3.3.1 to fix AS4 Transport value
    Full Changelog: v6.2.0...v6.3.0

Oxalis 6.2.0

14 Oct 19:26
Compare
Choose a tag to compare
  • Made C1 country code mandatory as per Peppol SBDH v2.0.1 i.e. Outbound message will fail, if C1 country code is Missing in SBD Header. Note that since Oxalis version 4.1.0, it is duty of SP AP to construct SBD Header and pass it as input payload.
  • Fixed Jetty Vulnerability
  • Fixed H2 database Vulnerability

Full Changelog: v6.1.1...v6.2.0

Oxalis 6.1.1

24 Sep 16:31
Compare
Choose a tag to compare
  • Added support for Peppol SBDH v2.0.1 and eDEC Code Lists v8.6: 745b40e
  • Bump h2 from 2.1.214 to 2.2.220: d4020bd
  • Bump vefa.peppol to 3.2.0
  • Bump Peppol specifications to 2.2.0

Full Changelog: v6.0.0...v6.1.1

Oxalis 6.0.0

18 Jun 10:37
Compare
Choose a tag to compare
  • Java 11 as minimum supported Java version
  • Upgraded to Jakarta EE 8
  • Added minimum level support for Peppol France POC
  • Additional Document Type Identifier "peppol-doctype-wildcard" Scheme Support
  • Participant identifier schemes JP:IIN (0221) for Japan and MY:EIF (0230) for Malaysia added as per OpenPeppol eDEC Code List version 8.5
  • Transport profiles START, AS2v1 and ASv2 deprecated as per OpenPeppol eDEC Code List version 8.4, will be removed in future released
  • Participant identifier schemes IT:VAT (9906), IT:CF (9907), NO:ORGNR (9908), SE:VAT (9955), DE:LID (9958) removed as per OpenPeppol eDEC Code List version 8.4
  • Participant identifier schemes IT:COD (0205) added as per OpenPeppol eDEC Code List version 8.4
  • Bump dnsjava to version 3.5.2
  • Improvement in SML Locator (busdox locator and bdxl locator) changes, error handling and retries mechanism
  • ApacheFetcher is now the default Fetcher
  • Bump vefa.peppol to 3.1.0
  • Bump commons-certvalidator to 4.0.0
  • Bump Peppol specifications to 2.0.0
  • Bump Guava version to 32.0.1-jre
  • Bump Jetty version to 10.0.13
  • Bump TestNG version to 7.7.1
  • Bump mockito-core version to 4.11.0
  • Updated Dummy Test Certificate

Full Changelog: v5.5.0...v6.0.0

Oxalis 6.0.0-RC3

11 May 19:08
Compare
Choose a tag to compare
Oxalis 6.0.0-RC3 Pre-release
Pre-release

This version of Oxalis support France Peppol POC. Also note that this version of Oxalis use java 11 as baseline.

Before configuring "oxalis.conf", make sure that you received certificate zip from OpenPeppol Service desk after registration. Add PoC Certificate details in "oxalis.conf" (Keep rest of configuration "as-is" or as per your requirement):

oxalis.keystore {
path="PFR00000X.p12"
password = ""
key.alias = pfr00000X
key.password = "
"


For the French PoC, OpenPeppol used self-signed CA "root" & "intermediate" certificates.
To make sure that Java Trust those certificates, you need to add certificate in java cacerts. You can extract "Peppol_POC_Root_TEST_CA.cer" and "Peppol_FRPOC_AP_TEST_CA.cer" from "ca-chain.cert.pem" which is available in cert ZIP which you received via email from OpenPeppol Service Desk. You also have to extract public key of your certificate which you received (available in format as PFR00000X.p12, X is placeholder).

You can use keytool to add POC "root" & "intermediate" certificates in cacerts (adjust it according to your requirement or you can use alternative way as well) :

keytool -import -noprompt -trustcacerts -alias Peppol_POC_Root_TEST_CA -file Peppol_POC_Root_TEST_CA.cer -keystore "%JAVA_HOME%/lib/security/cacerts" -storepass changeit
keytool -import -noprompt -trustcacerts -alias Peppol_FRPOC_AP_TEST_CA -file Peppol_FRPOC_AP_TEST_CA.cer -keystore "%JAVA_HOME%/lib/security/cacerts" -storepass changeit
keytool -import -noprompt -trustcacerts -alias PFR00000X -file PFR00000X.cer -keystore "%JAVA_HOME%/lib/security/cacerts" -storepass changeit

Replace "PFR00000X" with your certificate seat number. Replace "changeit" password if you are using different java keystore password.

In order to ensure/verify that certificates added correctly inside java "cacerts" run below command and search for alias (Peppol_POC_Root_TEST_CA , Peppol_FRPOC_AP_TEST_CA , PFR00000X ):

keytool -list -v -keystore "%JAVA_HOME%/lib/security/cacerts" -storepass changeit | grep "Alias name|Valid from:"


Note: Root certificate - "Peppol_POC_Root_TEST_CA.cer" and Intermediate certificate - "Peppol_FRPOC_AP_TEST_CA.cer" are included in the release artifacts below


Full Release Changelog: v6.0.0-RC2...v6.0.0-RC3

Oxalis 5.5.0

02 Jan 15:38
Compare
Choose a tag to compare
  • Bump vefa.peppol to 2.5.0
  • Bump google guice to 5.1.0
  • Bump slf4j to 2.0.6
  • Bump logback to 1.3.5
  • Bump lombok to 1.18.24
  • Bump hsqldb to 2.7.1

Full Changelog: v5.4.0...v5.5.0

NOTE: If you are using Oxalis 5.5.0/Oxalis-AS4 5.5.0 and you are compiling source on Java 8, then download attached "dummy.zip" and place it's content in \oxalis-5.5.0\oxalis-test\src\main\resources\dummy . This will fix certification expiration issue.