mendelson opensource AS2 1.1 b55 released

Profile picture for user service

Hello all,

we released a new version of the mendelson AS2 community edition. These are the release notes:

Enhancement:
*The configuration check now includes a check for the mendelson test keys - configuration problems are displayed when they are used to encrypt data or as SSL/TLS keys
*The status bar in the client has been reworked.
*The system now displays what the partner actually sent back when a synchronous MDN was expected but none came. Mostly these are messages that the partner HTTP server is in maintenance mode or something similar.
*The icons for sending and receiving messages have been revised.
*The dialog for transaction details has been reworked, you no longer have to search in the tab of the log where the problem was - this is displayed directly as a status.
*The SHA-256 fingerprint has been added to any certificate information
*The restart of a transaction was not documented in the log
*Support of SHA-3 signatures added:

SHA-3-224 (SHA-3)
SHA-3-256 (SHA-3)
SHA-3-384 (SHA-3)
SHA-3-512 (SHA-3)
SHA-3-224 (SHA-3, RSASSA-PSS)
SHA-3-256 (SHA-3, RSASSA-PSS)
SHA-3-384 (SHA-3, RSASSA-PSS)
SHA-3-512 (SHA-3, RSASSA-PSS)

*Conversion of the directory polling process to nonblocking IO (NIO) - this should be more resource-saving
*The storage of incoming messages has been changed to nonblocking IO (NIO) - this should be more resource-saving.
*System events have been introduced that are stored in the file system independently of the database. These replace the System Activity Log and can be searched via the client. The new notification system accesses these system events directly and informs the user in a separate process. Since faulty transactions are also considered system events, they can be tracked as long as required using this mechanism. The system events can be searched using free text search, and indexing takes place on the server side.
*SMTP connection to mail server for notification now supports TLS 1.2 and TLS 1.3
*The server log format has been changed - it can now be searched via the client for MDN id, custom id and message number. Thus, the transaction log is not lost as long as the log directories are available.
*Support of TLS 1.3 for data transfer
*The test keys key1 and key2 were replaced in the initial configuration by the new test keys key3 and key4, which have already been delivered as additional keys in all versions for one year. key1 and key2 will expire in 08/2019.
*Java 11 is now a system requirement

Fixes:
*There was a change in both the underlying JVM Crypto and the BC Crypto API - thus certificates with a faulty structure were rejected. The error message was "invalid info structure in RSA public key". This is now ignored - although the certificate structure remains incorrect.
*Sometimes there were errors in the client when moving the mouse over the display of the configuration problems
*There was a problem in the database cache that allowed a maximum cache size of 10MB. This caused the error "SendOrderAccessDB.add: Data cache size limit is reached: 10000" if this was exceeded and the server had to be restarted. To change the cache settings, the runtime database must be deleted after updating to the mendelson AS2 2018. The next time the server is started, the runtime database will be created with different cache settings.
*The CEM has been completely reworked - now there are no automatisms when receiving CEM messages that certificates are overwritten. Also there are no more problems if a certificate was manually deleted, which was armed at a later time by a CEM message.
*Only one line at a time can be selected in the certificate manager - this is then also the line to which the respective action of the user refers.
*The Windows Installer overwrote the jetty.xml and thus the HTTP configuration with each update - this was not prevented by the question whether files should be overwritten.
*The defined connection timeout for connections is now also used for the connection test
*In the settings of the notification there were fields for the mail account and the mail account password - but this is not needed for SMTP connection to mail server at all
*The Max Poll Files entry of a partner was only taken over if the server is restarted.
*The Notification System has been completely revised. This now decouples the notification system from the data processing and there can be no more error loops with database errors. You can also set the maximum number of notifications per minute and the system summarizes them as a single mail. Therefore, there can no longer be a flood of mail, as was previously possible in the event of an error.
*The connection test did not use the proxy settings defined in the server settings, but always tried it directly.

Updates (3rd party libs):
*Update to HSQLDB 2.41 (DB System)
*Update to Bouncycastle v160 (Crypto API)
*Update to MINA 2.0.17
*Update of jetty 9.2.9 to 9.2.25 (Embedded HTTP Server)
*Update to MINA 2.0.17
*Added lucene 7.5.0 (file indexing)

Please download your copy at http://as2.mendelson-e-c.com

---
Thank you all for your feedback and your help

Your mendelson dev team

Forum
AS2

Comments

Permalink

Anyone else get an error "Using 32bit Java VM is not recommended for production use as the max heap memory is limited there to 1.3GB" ? I thought the Mendelson installer took care of installing it's own JVM in a subfolder. Is it possible that mendelson isn't using the subfolder JVM that's bundled and using the system JVM?

I think everyone is getting this warning with out of the box installation of the open source version. The JVM shipped with 1.1b55 opensource is Java v11 32bits. Is probably part of a (legit) commercial strategy to favor the commercial version for production uses.

Permalink

Also one more thing. The fixes says "*The Windows Installer overwrote the jetty.xml and thus the HTTP configuration with each update - this was not prevented by the question whether files should be overwritten." but when we installed 55 over 53 our jetty.xml was overwritten without a prompt to ask me to replace it. It was a simple fix to change the port but this bug definitely still exists.