CVE-2022-21449, UI enhancements
- Display the used TLS security provider in the connection test dialog
- Updated the BC crypto provider to v171 and added the BC JSSE provider
- (CVE-2022-21449): Currently it looks as if this is a problem of the security provider. The bouncycastle security provider seems not to have this problem. The mendelson AS4 uses the BC security provider for data encryption and data signature but the jre default security provider for TLS related operations.
As this release includes the BC JSSE provider for TLS operations (see above) it is possible to switch the jres default security provider for TLS operations to the BC JSSE provider.
Please contact the mendelson support if you need instructions regarding this issue. If you are using a non windows OS please ensure to install a jre 11 >= jdk-11.0.15+10 - the problem seems to be fixed there.
- The UI notifications have been reworked
- Every server setting change now shows up a UI notification on each connected client
- The certificate manager now allows to show references to the partners that use the certifciates. This makes it easy to find out what to change in the partner configuration once a certifcate has been expired
- Updated lucene to v9.1 (used for the event and log indicies)