mendelson opensource OFTP2 1.1 b43 released

min read
A- A+
mendelson opensource OFTP2

Yearly release of mendelson opensource OFTP2 for 2021

What is new

  • Support for color blindness: Since the icons in the transaction overview are in red or green and therefore in case of red/green blindness (9% of all men are affected, 0.8% of all women) problems with the assignment can occur, additional icons can now be displayed, which are shown above the colored icons.
  • The Linux shell scripts for starting the software have been completely renewed in their structure - they can thus be extended more easily in the future
  • A new notification system for the user interface has been introduced. Most notifications no longer have to be confirmed via a dialog. Instead, there is a notification mechanism where the respective message is displayed in a colored window (overlay) at the bottom right corner of the main window and is hidden accordingly after a short time.
  • For expired certificates there is now additional information in the notification system and in the system events, so that the user can quickly identify the certificate
  • The post-processing (formerly partner events) of transactions has been revised. It is now possible not only to execute a command line, but also to alternatively move the data to a selectable directory or forward data directly to a registered partner
  • There is a warning if too many directories are monitored in too short a time. Each directory monitoring is a poll process of a directory. If the monitoring intervals are set too small with too many partners, either the time intervals can no longer be observed or the system is only busy polling directories. This can lead to the system reacting with timeouts to its own client or incoming data connections.
  • In the certificate management all expired certificates can now be deleted with one click.
  • Better Mac OS integration: In the Mac OS, there are sections for "About" and "Preferences" for each running software in a bar at the top of the screen. These are now provided with the corresponding functions. Also, the main application menu is now available at the top of the screen rather than directly in the main window. In addition, there were problems with displaying the icon for the application
  • The dependency on the "Apache HTTP Client" package has been removed and thus the associated libraries have been removed from the classpath. Necessary HTTP accesses (e.g. buying a certificate directly from the product) are now performed via the Java 11 HTTP Client.

Resolved problems

  • Client-Server Interface: On Cent OS, TLS 1.1 connections are no longer allowed by default, so internal communication between client and server was changed to TLS 1.2
  • Directory traversal vulnerability: It was possible to write data to arbitrary locations of the file system as a partner known to the system, because there was no content test of the fields "Virtual file time" and "Virtual file date".
  • It was possible to access the database from other hosts. Now this is only possible from the host where the application is also running. You can configure/extend this in the "database.acl" file in the installation directory if necessary.
  • In the certificate manager a key was also generated in the key generation dialog, if you closed the window with a click on "x
  • There was a problem with the lockfile of a server instance. Another started instance of the server recognized the lockfile, but then deleted it.
  • Fixed a problem with the interaction of the internal lib MINA and TLS 1.3
  • With some certificates the internal calculation of the trust chain took so long that the user got the impression that the client would hang. The calculation depth of the trust chain has been reduced - in very rare cases this can lead to no CA being displayed for a certificate, even though it is actually authenticated. However, this is only a display problem and seems to be a reasonable solution.
  • In the client, dialogs could be opened twice by a quick double click
  • In the "Event after dispatch" there was no possibility to access the original data. Here an additional variable was introduced.
  • In the partner management the comments to the partner were not stored, if only the comments and otherwise no further partner data has been changed.
  • In dark mode the log color "green" was too pungent and a darker shade of green was selected
  • If certificate data was in UTF-8, this was displayed incorrectly in the certificate management

Updated software packages

  • Update auf commons pool 2.9.0 (DB connection pooling)
  • Update auf commons dbcp 2.8.0 (DB connection pooling)
  • Update to Apache Batik 1.13 (SVG, scaleable images)
  • Update to Bouncycastle v1.67 (Crypto API)
  • Update to Lucene 8.6.0 (Indizierung der Systemereignisse)
  • Update to MINA 2.1.3 (Client-Server Interface)
  • Update to Flatlaf 0.45 ( [dark mode])