mendelson AS2 2024 b602 released

min read
A- A+
mendelson AS2

Security problem in client, File handle resource check

  • Fixed a security problem in the client if one of your trading partners sent you prepared XML data and you opened the details of this transaction in the client. Files can be written to the computer on which the client process is running. The server process is not affected.
  • Configuration check: When you create a user for the server process under Linux, the default value for maximum open files is 1024, which is not sufficient to run in server mode. You can check this value with ulimit -n. The configuration check now displays a warning if the maximum number of open files is less than 10000. This should not be a problem under Windows, as the default setting is > 100k open files per process.
  • Configuration check: The min check amount of memory for the server process is increased to 6GB (was 4GB)- if you reserved less there will be always a configuration warning now
  • Partner management: Added a check in the partner management for a receipt URL or MDN URL that is "localhost" or variations of it. Setting "localhost" as MDN URL is a common problem - but this value is used on your partners side and he will send the MDN to himself with this setup.
  • Certificate manager: An invalid key has been always displayed in red as "valid"
  • Dependencies: Update to lucene 9.11 (system event index, transaction log index), updated DB drivers for external databases, updated oauth2 lib to nimbus oauth-oidc-sdk-11.12