Oxalis-AS4 6.7.0 Release

• Added eDEC Codelist version 8.9 support
• Bump Oxalis version to 6.7.0
• Bump vefa-peppol version to 3.7.0
• Bump dnsjava version to 3.6.0
• Bump commons-certvalidator version to 4.2.0
• Replaced expired Peppol test certificate
• Optimized BdxlLocator and BusdoxLocator to fix network-level errors as participant not found

# Following additional "maxRetries" and "timeout" properties configured in "reference.conf" for BusdoxLocator and BdxlLocator
mode.default.lookup.locator = {
    class: network.oxalis.vefa.peppol.lookup.locator.BusdoxLocator

    bdxl: {
        .....
        .....
        maxRetries: 3
        timeout: 30
    }

    busdox: {
        .....
        .....
        maxRetries: 3
        timeout: 30
    }
}

Full Changelog: v6.6.0...v6.7.0

Oxalis-AS4 6.6.0 Release

• Added eDEC Codelist version 8.8 support
• Bump vefa-peppol version to 3.6.0
• Bump cxf version to 3.5.8
• Bump Bouncycastle version to 1.78.1 to fix following vulnerabilities:
  • Bouncy Castle crafted signature and public key can be used to trigger an infinite loop
  • Bouncy Castle affected by timing side-channel for RSA key exchange ("The Marvin Attack")
  • Bouncy Castle certificate parsing issues cause high CPU usage during parameter evaluation.
  • Bouncy Castle Denial of Service (DoS)
  • Bouncy Castle For Java LDAP injection vulnerability
• Bump commons-certvalidator to version 4.1.0
• Bump dnsjava to 3.5.3 version
• France Peppol certificate update

Full Changelog: v6.5.0...v6.6.0

Oxalis-AS4 6.5.0 Release

• Bump Oxalis to version 6.5.0 and added certification validation
• Fixed test-cases

Full Changelog: v6.4.0...v6.5.0

Oxalis-AS4 6.4.0 Release

• Added eDEC codelist v8.7 support
• Fixed security vulnerability related to logback-classic by version upgrade from 1.3.5 to 1.3.12
• Bump Oxalis to Oxalis 6.4.0

Full Changelog: v6.3.0...v6.4.0

Oxalis-AS4 6.3.0 Release

• Bump Oxalis version to 6.3.0 to fix AS4 Transport value
  Full Changelog: v6.2.0...v6.3.0

Oxalis-AS4 6.2.0 Release

What's Changed

• Made C1 country code mandatory as per Peppol SBDH v2.0.1 i.e. Outbound message will fail, if C1 country code is Missing in SBD Header. Note that since Oxalis version 4.1.0, it is duty of SP AP to construct SBD Header and pass it as input payload.
• Fix for C1CountryIdentifier (COUNTRY_C1) not set in As4PayloadHeader … by @seciq in #218

New Contributors

• @seciq made their first contribution in #218

Full Changelog: v6.1.1...v6.2.0

Oxalis-AS4 6.1.1 Release

• Added support for Peppol SBDH v2.0.1 and eDEC Code Lists v8.6
• Oxalis to 6.1.1
• Bump vefa.peppol to 3.2.0
• Bump Peppol specifications to 2.2.0

Full Changelog: v6.0.0...v6.1.1

Oxalis-AS4 6.0.0 Release

• Java 11 as minimum supported Java version
• Upgraded to Jakarta EE 8
• Added minimum level support for Peppol France POC
• Peppol Wildcard Scheme Support
• Bump Oxalis to 6.0.0
• Bump Peppol specifications to 2.0.0
• Bump vefa.peppol to 3.1.0

Full Changelog: v5.5.0...v6.0.0

Oxalis-AS4 6.0.0-RC3 Release

Refer instruction as mentioned in https://github.com/OxalisCommunity/oxalis/releases/tag/v6.0.0-RC3

---

Full Changelog: v6.0.0-RC2...v6.0.0-RC3

Oxalis-AS4 5.5.0 Release

• Bump Oxalis to 5.5 (OxalisCommunity/oxalis@v5.4.0...v5.5.0)
• Bump cxf to 3.5.5 fixing #198 and Dependabot alerts (https://github.com/OxalisCommunity/Oxalis-AS4/security/dependabot/1 and https://github.com/OxalisCommunity/Oxalis-AS4/security/dependabot/2)
• Bump wss4j to 2.4.1
• Bump Peppol specification to 1.1.0
• Add dependency for soap api and saaj impl to fix nullpointer error
• Excluded conflicting libraries

Full Changelog: v5.4.0...v5.5.0

NOTE: If you are using Oxalis 5.5.0/Oxalis-AS4 5.5.0 and you are compiling source on Java 8, then download attached "dummy.zip" and place it's content in \oxalis-5.5.0\oxalis-test\src\main\resources\dummy . This will fix certification expiration issue.