mendelson AS4 2025 released

Jan
08
2025
3
min read
A- A+
read
By development
mendelson AS4

mendelson AS4 server 2025

What is new

  • Configuration Check: The following checks have been added: number of file handles and sufficient memory availability.
  • REST API: Introduction of a REST API for system access.
  • REST API: An endpoint for a SendOrder functionality has been created. This includes messages with a single attachment as well as messages with multiple attachments (required for the AS4 profile ICS2).
  • REST API: Endpoints for viewing, adding, and deleting partners have been created.
  • REST API: An endpoint for a connection test has been created.
  • REST API: An endpoint for sending test messages and BDEW-specific messages has been created.
  • REST API: An endpoint for modifying and adding PModes has been created.
  • REST API: An endpoint for reading and writing server settings has been created.
  • REST API: An endpoint for accessing system configuration issues has been created.
  • REST API: An endpoint for accessing message parts has been created.
  • Automatic Configuration Check: CRL issues of certificates are now displayed. This check can be disabled as not all certificates include valid CRLs.
  • Client: Most checkboxes have been replaced with toggle switches.
  • Client: New font sizes for buttons, tabs, and logs have been introduced.
  • Client: A new High Contrast Mode is now available.
  • Client: Bitmap icons in the property sheets of PModes have been replaced with scalable icons.
  • Client: The display of the AS4 message structure has been revised, as the AS4 profile ICS2 allows multiple attachments, each with its own values.
  • Client/Server: The client and server now support Spanish, Italian, and Portuguese in addition to German, English, and French. The language can either be set manually (via command-line parameters or client settings) or automatically detected based on the language selected in your operating system.
  • Display of an attachment in the client: The file encoding is now automatically detected and used for display.
  • Partner: Directory monitoring can now be enabled or disabled per partner.
  • Partner: There are now global settings for directory monitoring that apply to all partners. This allows all directory monitoring settings for all partners to be configured at once.
  • Partner: Warnings are now displayed in partner management if AS4 profiles are not suitable for directory monitoring. For example, the BDEW AS4 profile requires content data in metadata, meaning additional information must be provided with the send job. This is possible via the REST API.
  • Partner: Directory monitoring per PMode has been introduced. A subdirectory of the partner with the name of the respective PMode is now monitored. This is particularly useful for the AS4 profiles ICS2 and Peppol V2.
  • ICS2 AS4 Profile: It is now possible to add ICS test messages. These have a special format and do not meet AS4 requirements.
  • BDEW AS4 Profile: Extension for the BDEW PATH CHANGE REQUEST messages: involved partners have been added to the log. This is now parseable.
  • Peppol V2 AS4 Profile: Support for the profile, including Peppol V2 service discovery, creation of a new dialog specifically for creating Peppol V2 partners, and restriction of outgoing ports.
  • Partner TLS certificates can now be regularly checked and retrieved. This is an optional module.
  • Brainpool curve support for TLS is now available.
  • Certificate Manager: A CRL check has been added.
  • Certificate Manager: Not all certificates have valid CRLs; a setting has been added to suppress these errors.
  • Certificate Manager: The entire certification chain of a certificate can now be exported as PEM in a single step.
  • Certificate Manager: During the export/import of a private key (PKCS#12), the entire certification chain can now optionally be exported/imported.
  • Certificate Manager: Private keys can now also be exported as PEM.
  • Certificate Manager: Certificates now display the link to the certificate policy, if the certificate includes it.
  • Certificate Manager: Certificate signing requests can now also be created in the Certificate Request Message Format.

Resolved problems

  • Certificate Manager: The copy function between certificate managers copied only keys but not certificates.
  • Certificate Manager: No CSR could be generated for EC keys.
  • Certificate Manager: Invalid keys were partially displayed as valid but marked in red.
  • BDEW AS4 Profile: Adjustments to the message structure were necessary due to compatibility issues with other AS4 systems.
  • BDEW AS4 Profile: The conversation ID must be empty for both incoming and outgoing messages.
  • BDEW AS4 Profile: The xenc:EncryptedKey element lacked the expected reference attribute `Id`. While not technically required, some AS4 systems cannot receive AS4 data without it.
  • BDEW AS4 Profile: Test message responses could not be manually restarted.
  • ICS2 AS4 Profile: Incorrect default values in the profile (e.g., `PMODE_INITIATOR_PARTY_TYPE`).
  • The content ID of AS4 message attachments was not unique under high load.
  • Performance: Adding new partners became extremely slow with more than approximately 1,000 partners, resulting in a timeout.
  • Post-processing: All Exec calls for post-processing did not wait for the return code when executing system commands.
  • There was a security vulnerability in displaying XML data (CVE-2024-39334).
  • Postgres Plugin: Postgres does not automatically create an index for secondary keys-this has now been added via the system update function or during the initial installation.
  • Postgres Plugin: During migration from HSQLDB to Postgres, certificates and server settings are now also migrated.
  • Timestamps in SOAP messages must always be in UTC, which was not previously the case.
  • MessageProperties and PartProperties in the database were too limited. This caused issues with the AS4 profile ICS2, where multiple attachments each have their own properties.
  • If certificates in the metadata of an AS4 message were referenced by their issuer and the issuer contained escaped values, the certificate could not be found in the system.

Updated software packages

  • Update to Bouncycastle v179 (Crypto API).
  • Update to Lucene 9.11.0 (indexing of system events).
  • Update to MINA 2.2.4 (client-server interface).
  • Update to HSQLDB 2.74 (integrated database server).
  • Update to Batik 1.18 (SVG icons).
  • Update to Hikari 6.2.1 (database pool).
  • Update to Jetty 10.0.24 (HTTP server).
Tags
AS4