News and noteworthy

Releases

v4.3.2 - 2026-03-10

• Updated to ph-commons 12.1.4 improves certificate revocation check caching (independent of check date time)
• (Peppol) Extended the Phase4PeppolSendingReport with fields:
  • c3SmpUrl for the SMP URL as resolved from the DNS
  • c3CertSubjectC for the country code of the AP Certificate Subject determined from the SMP lookup
  • lookupError to summarize error details specific on SMP lookup
  • lookupException to summarize exception on SMP lookup - only occurs in combination with the lookupError
  • lookupDurationMillis to contain the duration of the SMP lookup in milliseconds
  • sendingError to summarize error details specific to AS4 sending
  • sendingDurationMillis to contain the duration of the AS4 sending in milliseconds
• (Peppol) The incoming message processor now correctly uses the configured receiption IIdentifierFactory from Phase4PeppolDefaultReceiverConfiguration

v4.3.1 - 2026-03-03

• The log lines on incoming messages about the signing and decrypting certificate now also includes the certificate issuer
• The phase4-peppol-server-webapp demo application was updated to have full outbound proxy support by default
• (Peppol) Added an undocumented, temporary configuration property to disable rejecting messages on non-compliance

v4.3.0 - 2026-02-17

• Extended the SPI method IAS4IncomingMessageProcessorSPI.processAS4ResponseMessage with a parameter AS4ErrorList. Backwards incompatible change
• (Peppol) Extended the SPI method IPhase4PeppolIncomingSBDHandlerSPI.processAS4ResponseMessage with a parameter AS4ErrorList and made it non-default. Backwards incompatible change
• Extended the interface method IAS4RequestHandlerErrorConsumer.onAS4ErrorMessage with an additional IAS4IncomingMessageMetadata parameter. Backwards incompatible change
• (Peppol) Receiving messages are checking for the layout of the PartyInfo/From/PartyId and PartyInfo/To/PartyId constraints

v4.2.7 - 2026-02-13

• (Peppol) Improved the error handling on invalid originalSender and finalRecipient properties was improved. See #356 - thx @mikkelbm
• (Peppol) Improved the verification of FromPartyId and ToPartyId on the sending side, to follow the Peppol Seat-ID regular expression.

v4.2.6 - 2026-02-02

• Added new class AS4CertificateOnlySignatureTrustValidator to verify signature verification only happens on certificates and not on public keys
• (Peppol) Introduced new class Phase4PeppolAS4Servlet that uses AS4CertificateOnlySignatureTrustValidator
• Extended IAS4IncomingMessageState with the possibility to store the signing and decrypting certificate reference type
• (Peppol) The default inbound Peppol processor added a check that both signing and decrypting certificates are provided as direct references
• (Peppol) The scheduled time to transmit reports to OpenPeppol can be customized. See #355 - thx @alvarolivie

v4.2.5 - 2026-01-27

• (Peppol) The verification of Peppol Participant Identifier Values became more strict to be 100% aligned with the Peppol Policy for use of Identifiers 4.4.0
• Added the possibility to set the incoming unique ID in class AS4IncomingMessageMetadata
• Made method AS4RequestHandler.getMessageMetadata() public
• Made the CRL download more resilient (via ph-commons 12.1.2 update)
• The default revocation check was changed from "only CRL" to "CRL before OCSP" (via ph-commons 12.1.2 update)

v4.2.4 - 2026-01-13

• (Peppol) Changed the default identifier factory of Phase4PeppolDefaultReceiverConfiguration to PeppolIdentifierFactory
• (Peppol) Fixed the consistency check between AS4 originalSender and finalRecipient for case insensitivity
• (Peppol) Deprecated the possibility to disable the check that country C1 element is optional - the feature is required long time

v4.2.3 - 2026-01-08

• Inbound messages now log the certificate subject that signed the message
• Inbound messages now log the certificate subject that was used to decrypt the message
• (Peppol) The PeppolCompatibilityValidator got additional checks for AS4 Receipt consistency
• The PMode compatibility validators allow http as a protocol in all cases, not just if GlobalDebug debug mode is enabled
• (Peppol) Added an additional check, that the AS4 originalSender and finalRecipient match the SBDH Sender and Receiver
• (Peppol) The Peppol sending report in class Phase4PeppolSendingReport was extended to be able to keep the raw response in case of error
• (HR) The HR eDelivery sending report in class Phase4HREdeliverySendingReport was extended to be able to keep the raw response in case of error

v4.2.2 - 2025-12-16

• Updated to ph-commons 12.1.1
• Updated to BouncyCastle 1.83
• (HR) Fixed certificate parsing in Phase4HREDeliveryServletMessageProcessorSPI to not do extra Base64 decoding first

v4.2.1 - 2025-12-14

• (Peppol) The PeppolUserMessageSBDHBuilder now correctly applies the configured payloadContentID
• (HR) The HREDeliveryUserMessageSBDHBuilder now correctly applies the configured payloadContentID

v4.2.0 - 2025-12-09

• Updated to peppol-commons 12.3.0
• Class AS4DecompressException is now derived from Phase4RuntimeException instead of RuntimeException
• Introduced new class Phase4IncomingException especially for inbound error handling
• Changed the internal error hadling to use the new class AS4Error instead of Ebms3Error
• All APIs that were using ICommonsList<AS4Error> are now using AS4ErrorList - breaking change
• (HR) Made sure the received check is working, by explicitly relying on the BDXR metadata provider
• Extended the interface IAS4IncomingMessageMetadata to access the HTTP response status code
• All *SendingReport classes now have getters for all fields
• (DBNAlliance) Extended the sender builder to include the possibility to retrieve the technical contact from SMP query

v4.1.1 - 2025-11-24

• phase4 now tries to parse all messages received via HTTP, independent of the HTTP status code provided. Previously only messages using HTTP status code 2xx were parsed
• Introduced the new configuration property phase4.http.response.accept.allstatuscodes - by setting it to false phase4 will only process messages with HTTP status code 2xx as it did before

v4.1.0 - 2025-11-16

• Updated to ph-commons 12.1.0
• Using JSpecify annotations
• (HR) Fixed check that CollaborationInfo/AgreementRef must not be present
• (HR) Fixed the mandatory check that incoming messages must have been encrypted. To the contrary - they must not be encrypted according to the HR AS4 spec.
• (HR) Using a constant payload ID and payload Mime Type text/xml (instead of application/xml)

v4.0.2 - 2025-11-12

• Updated to BouncyCastle 1.82
• Updated to wss4j 4.0.1
• Updated to peppol-commons 12.1.1
• Fixed cloning SubjectCertConstraints in signing parameters - so the annoying warning message "No Subject DN Certificate Constraints were defined. This could be a security issue" for Peppol is finally gone
• (HR) Added the new submodules phase4-profile-hredelivery, phase4-hredelivery-client and phase4-hredelivery-servlet to support the Croatian eDelivery variant

v4.0.1 - 2025-09-09

• The usage of the configuration file phase4.properties and private-phase4.properties becomes deprecated. Use application.properties or private-application.properties instead. Support for these files will be removed in the next major release.
• (BDEW) Changed the default key identifier type for crypting. See #332 - thx @beth-soptim
• Added specfic Domibus compatibility flag, because Domibus can't handle XSD timestamp with less then 3 fraction second digits. See #335

v4.0.0 - 2025-08-27

• Requires Java 17 as the minimum version
• Updated to ph-commons 12.0.0
• Updated to WSS4J 4.0.0
• Removed all deprecated methods marked for removal
• (EESPA) Removed submodule phase4-profile-eespa as GENA/EESPA members are supposed to use the Peppol Network

v3.2.2 - 2025-08-13

• Requires at least ph-web 10.5.0
• (Peppol) Added support for the Peppol PKI G3 (2025)
• (Peppol) The SMP client no longer tries a protocol upgrade to TLS automatically
• Any proxy configuration for HttpClientSettings can now differentiate between "http" and "https" target hosts

v3.2.1 - 2025-07-10

• Ensuring that the mustUnderstand attribute of SOAP is present in each ebMS Messaging element. See #328 - thx @EnjoyPrasad
• Fixed a NullPointerException if no mandatory Security header is present

v3.2.0 - 2025-06-18

• Requires at least peppol-commons 11.0.0
• (Peppol) All traces of the Peppol Policy for use of Identifiers 4.2.0 were removed
• The exception class Phase4Exception was extended with a field, to indicate if retry is feasible or not
• Introduced the new sending status code EAS4UserMessageSendResult.TRANSPORT_ERROR_NO_RETRY for transport errors that won't benefit from retrying. See #325 - thx @chamikaCN
• Added interface method IAS4EndpointDetailProvider.getReceiverTechnicalContact()
• (Peppol) Extended Phase4PeppolSendingReport to include a field on "C3 technical contact"
• (Peppol) Added technicalContactConsumer callback to Phase4PeppolSender to be able to add it to the sending report
• Ensuring that the Timestamp element is always provided in UTC (according to ebMS Core 3.0 spec)
• Improved the error propagation for XML error handling on synchronous responses. See #324 - thx @chamikaCN

v3.1.1 - 2025-05-13

• (Peppol) Extended the PeppolUserMessageBuilder with methods to explicitly set the SBDH MLS_TO and MLS_TYPE parameters as needed by the MLS specification

v3.1.0 - 2025-05-11

• Requires at least peppol-commons 10.4.1
• (Peppol) Added method IPhase4PeppolIncomingSBDHandlerSPI.processAS4ResponseMessage passing the AS4 response message from IAS4IncomingMessageProcessorSPI
• (DBNAlliance) Added method IPhase4DBNAllianceIncomingXHEHandlerSPI.processAS4ResponseMessage passing the AS4 response message from IAS4IncomingMessageProcessorSPI
• (Peppol) Extended the Phase4PeppolSendingReport to contain the phase4 version in use
• (Peppol) Extended the Phase4PeppolSendingReport to contain the AS4 sending date time
• (Peppol) Extended the PeppolUserMessageBuilder with methods to explicitly set the SBDH Standard and Type elements as needed for non-XML payloads
• (Peppol) Disabled the strict SBDH checks when receiving non-XML payload inside the predefined TextContent or BinaryContent elements

v3.1.0-rc1 - 2025-04-29

• Requires at least peppol-commons 10.3.2
• Implemented the possibility to provide common log prefix and suffixes for all loggers. See #312 - thx @chamikaCN
• The method AbstractAS4MessageBuilder.finishFields (and in all derived classes) now have an AS4ResourceHelper parameter
• (Peppol) Extended the Phase4PeppolSendingReport to contain the codelist status of Document Type and Process ID
• (Peppol) Class Phase4PeppolServletMessageProcessorSPI received built-in support for Peppol Policy for use of Identifiers 4.3.0
• (Peppol) Using the NAPTR based SMP lookup by default (according to Peppol Policy for use of Identifiers 4.4.0)
• (Peppol) The Peppol sender callback sbdBytesConsumer is now deprecated, to allow for larger message sizes and less memory consumption

v3.1.0-beta2 - 2025-04-14

• Requires at least peppol-commons 10.2.0
• (DBNAlliance) Client and server can successfully communicate with each other

v3.1.0-beta1 - 2025-04-12

• Requires at least ph-commons 11.2.1
• Requires at least ph-web 10.4.1
• Requires at least peppol-commons 10.2.0
• Moved class HttpClientUrlDownloader to ph-web/ph-httpclient
• (DBNAlliance) Moved class Phase4DBNAllianceHttpClientSettings to module phase4-profile-dbnalliance (backwards incompatible change)
• (DBNAlliance) Added new submodules phase4-dbnalliance-servlet and phase4-dbnalliance-server-webapp as easy-to-use server components

v3.0.7 - 2025-04-03

• Allowing to set certificate issuer constraints when verifying certificates. See #307 - thx @beth-soptim
• PMode validation errors now lead to a correct AS4 Error Message instead of an HTTP 400. See #313 - thx @taalexlistex
• (Peppol) Made sure that EN16931 validation artefacts are available before the Peppol rules (required for phive-rules 3.2.8 and later)
• Improved honouring phase4.errormsg.include.stacktraces configuration, in case SPI handler was throwing an exception
• Converting all SPI handler exceptions into AS4 error messages
• (Peppol) Class AS4EndpointDetailProviderPeppol now has support to use an SMP lookup based on Policy for use of Identifiers 4.3.0 (the default is still 4.2.0)
• The verification of received signature references was improved, so it does not expected the exactly equal object, but only an object with the same data.

v3.0.6 - 2025-03-06

• Updated to ph-web 10.4.x
• Updated to ph-oton 9.3.x
• If no Java SPI handlers are registered for handling an incoming message, and the production mode is enabled (global.production = true) than incoming messages are effectively rejected and not just logged and ignored
• A potentially wrong Content-Type response header in MIME encoded responses was fixed
• (BDEW) Avoid setting empty BDEW propperty values.
• (DBNAlliance) Fixed invalid constants when using the predefined XHE handler
• (Peppol) Updated to eDEC Code Lists v9.1

v3.0.5 - 2025-02-06

• (EESPA) Deprecated the profile "EESPA", as they decided to use the Peppol Network
• (Peppol) Added class Phase4PeppolSendingReport to resemble a complete sending report for Peppol messages
• Added IAS4IncomingMessageState.(get|has)(Signing|Decrypting)Certificate methods to explicitly access the signing and decryption certificates for incoming messages
• Deprecated IAS4IncomingMessageState.(get|has)UsedCertificate for removal in favour of the new methods

v3.0.4 - 2025-02-03

• Updated to ph-commons 11.2.0
• (Peppol) Updated to peppol-commons 10.0.0
• Avoid unnecessary warning log entry, if a custom crypto factory is used. See #295 - thx @koes-soptim

v3.0.3 - 2025-01-23

• (Peppol) Extended Phase4PeppolReceiverConfiguration and Phase4PeppolDefaultReceiverConfiguration with a Peppol AP CA Checker

v3.0.2 - 2025-01-21

• Updated to BouncyCastle 1.80
• Updated to Apache HttpClient 5.4.x
• (Peppol) Updated to peppol-commons 9.7.x
• The default value for the configuration property phase4.errormsg.include.stacktraces was changed to false for security reasons
• Enumeration EEbmsErrorSeverity now implements IHasID<String>
• Deprecated ICryptoSessionKeyProvider.INSTANCE_RANDOM_AES_128_GCM and INSTANCE_RANDOM_AES_256_GCM in favour of the versions without GCM - see#294 - thx @beth-soptim

v3.0.1 - 2024-12-06

• Updated to ph-commons 11.1.11
• Configuration properties can now use default values. See #291 - thx @piotr-dajlido
• Added getter and setter for IAS4SignalMessageValidationResultHandler to AbstractAS4PullRequestBuilder and AbstractAS4UserMessageBuilder. See #220 - thx @problemzebra2
• Added a check on message reception that the encryption and signature algorithms from the PMode are actually used
• Added new default ICryptoSessionKeyProvider instances for AES-128-GCM and AES-256-GCM. See #289 - thx @piotr-dajlido
• Added class Phase4RuntimeException
• Return values of AS4KeyStoreDescriptor.createFromConfig may now be nullable
• The constructors of class AS4CryptoFactoryConfiguration now throw a Phase4RuntimeException if there is a keystore misconfiguration
• (Peppol) Added possibility to customize the Identifier Factory to be used for SBDH parsing via Phase4PeppolDefaultReceiverConfiguration.setSBDHIdentifierFactory and Phase4PeppolReceiverConfigurationBuilder.sbdhIdentifierFactory. The default is SimpleIdentifierFactory for backwards compatibility.
• (BDEW) Added possibility to define BDEWApplicationReference. See #292 - thx @beth-soptim

v3.0.0 - 2024-11-17

• Updated to WSS4J 3.0.4
• Included received HTTP headers in IAS4IncomingMessageMetadata JSON representation

v3.0.0-rc1 - 2024-11-10

• Updated to xmlsec 3.0.5
• Updated to ph-commons 11.1.10
• (Peppol) Updated to peppol-commons 9.6.0
• Removed the phase4-spring-boot-demo submodule in favour of https://github.com/phax/phase4-peppol-standalone
• (Peppol) Added new class Phase4PeppolReceiverConfigurationBuilder to build Phase4PeppolReceiverConfiguration objects
• (Peppol) Removed the overload Phase4PeppolDefaultReceiverConfiguration.getAsReceiverCheckData(X509Certificate) created in beta6 in favour of the builder
• Removed the interfaces IAS4TrustStoreDescriptor and IAS4KeyStoreDescriptor (added in beta2) in favour of ITrustStoreDescriptor and IKeyStoreAndKeyDescriptor from ph-commons
• The classes AS4KeyStoreDescriptor and AS4TrustStoreDescriptor (added in beta2) are only shells to provide phase4 specific setup
• (Peppol) Made the AP certificate checker in the Peppol sender builder customizable

v3.0.0-beta6 - 2024-11-04

• (Peppol) Added new overload of Phase4PeppolDefaultReceiverConfiguration.getAsReceiverCheckData(X509Certificate)
• Added new methods IAS4IncomingMessageState.getCryptoFactorySign() and getCryptoFactoryCrypt()

v3.0.0-beta5 - 2024-11-04

• Updated to BouncyCastle 1.79.0
• Fixed an exception when using AS4Configuration and the default configuration properties were missing.

v3.0.0-beta2 - 2024-10-25

• Moved classes to different packages without changing the internals. See Migrations for details
• The configuration files private-crypto.properties and crypto.properties are also deprecated. Please move the properties to application.properties, environment variables or Java system properties instead.
• Added verification of AS4 Receipt XMLDSig "Reference" objects against the ones sent out in the User Message. See #220 - thx @problemzebra2
• Added new interface IAS4SignalMessageValidationResultHandler to customize the result handling of DSig reference verification
• The internal configuration object now needs to implement IConfigWithFallback instead of just IConfig
• Implementations of IAS4CryptoFactory now need to implement ´getKeyPasswordPerAliasCharArrayinstead ofgetKeyPasswordPerAlias`
• Created new class AS4CryptoFactoryConfiguration to replace AS4CryptoFactoryProperties as the default AS4 crypt factory
• Deprecated classes AS4CryptoFactoryProperties and AS4CryptoProperties in favour of AS4CryptoFactoryConfiguration
• Added new class AS4KeyStoreDescriptor to describe the parameters of a key store
• Added new class AS4TrustStoreDescriptor to describe the parameters of a trust store
• The internal AS4 configuration is now based on the IConfigWithFallback interface
• Support for a default AS4 profile inside the AS4 Profile Manager was removed in the favour of the configuration property phase4.default.profile (previously called phase4.profile)
• The "as4ProfileID" field is now mandatory when using the AS4 sender builder
• The AS4 sender builder no longer overwrites the PMode Resolver if an AS4 profile is set, but makes sure a PMode resolver is present
• The AS4DefaultPModeResolver no longer creates a default PMode if no AS4 profile is present
• Class AbstractAS4PullRequestBuilder can now also handle a specific PMode ID
• Added class AS4IncomingProfileSelectorConstant
• Improved default handling of inbound AS4 Profile selection to automatically use the sending Profile
• Added new EdDSA algorithms to ECryptoAlgorithmSign
• Added new key encrypt algorithms in ECryptoKeyEncryptionAlgorithm

v3.0.0-beta1 - 2024-09-20

• Moved classes to different packages without changing the internals. See Migrations for details
• (BPC) Removed the profile phase4-profile-bpc in favour of phase4-profile-dbnalliance
• Removed all deprecated methods marked for removal
• Added possibility to Dynamically set responder address. See #233 - thx @koes-soptim
• Added new classes IAS4IncomingReceiverConfiguration and AS4IncomingReceiverConfiguration for receiver checks
• (Peppol) Added a "/peppol-status" status endpoint to the demo application. See #215 - thx @RichardVanMaaren
• (EuCtp) Renamed class EuCtpPullRequestBuilder to AbstractEuCtpPullRequestBuilder and made abstract. Use Phase4EuCtpSender.builderPullRequest () instead
• (EuCtp) Renamed method Phase4EuCtpSender.builder to builderUserMessage
• Added new method IAS4IncomingMessageState.getEffectiveDecryptedSoapDocument
• Added getters for nearly all sender builder properties
• If an AS4 Receipt does not contain non-repudiation information, it now contains the original user message wrapped, to stay XSD compliant
• The class AS4ClientReceipt can now also take an outside RefToMessageId. See #267 - thx @sywong2000
• The AS4 Timestamp manager is now limiting the precision to milliseconds to ensure safe XML serializability.
• Added new class Ebms3UserMessageMarshaller to solely serialize the UserMessage object

v2.9.3 - 2025-04-03 (backport)

• Improved honouring phase4.errormsg.include.stacktraces configuration, in case SPI handler was throwing an exception
• Converting all SPI handler exceptions into AS4 error messages

v2.9.2 - 2025-02-13 (backport)

• (BDEW) Added possibility to define BDEWApplicationReference. See #292 and [#29[(https://github.com/phax/phase4/issues/298) - thx @beth-soptim and @koreiffer

v2.9.1 - 2025-02-11 (backport)

• Updated to BouncyCastle 1.80
• Updated to Apache HttpClient 5.4.x
• Updated to ph-commons 11.2.x
• Updated to Peppol Commons 10.0.x
• (EESPA) Deprecated the profile "EESPA", as they decided to use the Peppol Network
• Added IAS4IncomingMessageState.(get|has)(Signing|Decrypting)Certificate methods to explicitly access the signing and decryption certificates for incoming messages
• Deprecated IAS4IncomingMessageState.(get|has)UsedCertificate for removal in favour of the new methods
• If no Java SPI handlers are registered for handling an incoming message, and the production mode is enabled (global.production = true) than incoming messages are effectively rejected and not just logged and ignored

v2.9.0 - 2024-11-28

• Updated to BouncyCastle 1.79.0
• Updated to WSS4J 3.0.4
• Updated to xmlsec 3.0.5
• Updated to ph-commons 11.1.10
• (Peppol) Updated to peppol-commons 9.6.0
• Removed the special change V3 annotation, as V3 is out now
• Added new methods IAS4IncomingMessageState.getCryptoFactorySign() and getCryptoFactoryCrypt()

v2.8.6 - 2024-10-03

• (DBNAlliance) Fixed an exception in the sender builder, if the XHE payload was created on the outside.
• Class AS4OutgoingAttachment and the builder can now deal with custom properties. See #276 - thx @piotr-dajlido

v2.8.5 - 2024-09-17

• (Peppol) Updated to phive 10.x and phive-rules 3.2.x

v2.8.4 - 2024-09-12

• Using BouncyCastle bcjmail artefact instead of bcmail to use the Jakarta namespace correctly. See #271 - thx @problemzebra2

v2.8.3 - 2024-09-10

• Updated to ph-commons 11.1.8 making sure the Content-Type HTTP header only uses a single space as separator between parameters

v2.8.2 - 2024-08-23

• Added support for selecting AS4 profile on sending. See #244
• Improved the overall AS4 Content-Type header. See #263
• Added some sanity methods in AS4XServletHandler

v2.8.1 - 2024-08-13

• (Peppol) Extended client builder by adding smpClient overload including the wildcard selection mode

v2.8.0 - 2024-07-30

• Extended the UserMessage builder to be able to set the AgreementRef "type" value. See #243 - thx @sywong2000
• (Peppol) Updated to dnsjava 3.6.0 fixing CVE-2024-25638
• (Peppol) Updated to peppol-reporting 3.0.0
• (Peppol) Updated to Peppol eDEC Code Lists v8.9
• (EuCtp) Added new AS4 profiles for "EU CTP" supporting the exchange of messages in customs. See #39 - thx @jonrios
• (BDEW) Extended the PMode configuration for the BDEW profile. See #251 - thx @koreiffer
• (DBNAlliance) improved the DBNAlliance client to create the XHE. See #247 - thx @robinsongarciax

v2.7.7 - 2024-05-24

• Updated to peppol-commons 9.4.0
• (DBNAlliance) Added new submodule phase4-dbnalliance-client.
• Renamed the AS4 profile names for the EESPA module to "GENA". The AS4 profile IDs are unchanged.
• Added new ICryptoSessionKeyProvider.INSTANCE_RANDOM_AES_256 constant
• (BPC) Deprecated the BPC PMode classes

v2.7.6 - 2024-05-07

• Updated to BouncyCastle 1.78
• (BDEW) Increased the compliance of the validator to check for EMT/MAKO certificates. See #235 - thx @problemzebra2
• Extended API to support AgreementRef/@type attribute as well. See #238 - thx @sywong2000
• In case a reception SPI processor returned a failure without an error message, a default error message with code EBMS:0004 is returned.

v2.7.5 - 2024-03-29

• Updated to WSS4J 3.0.3
• Updated to xmlsec 3.0.4
• Updated to ph-commons 11.1.5
• Ensured Java 21 compatibility
• Added new class Ebms3SignalMessageMarshaller to easy the logging of Ebms3SignalMessage messages
• Added new configuration property phase4.errormsg.include.stacktraces to be able to disable stack traces in AS4 Error messages. See #225
• Started more structured logging around specific activity sections. See #219 - thx @Stefan4112

v2.7.4 - 2024-01-29

• (Peppol) Updated to peppol-reporting 2.2.2
• (Peppol) Fixed the ErrorDetail value, if a participant is not serviced by an AP (Peppol AS4 profile section 4.4)
• (Peppol) Moved class Phase4PeppolHttpClientSettings from com.helger.phase4.peppol to com.helger.phase4.profile.peppol in module phase4-profile-peppol
• (Peppol) Added new class PeppolCRLDownloader to allow the CRL download via Apache HttpClient for easier customization
• Backported change from commit https://github.com/mmpaszkowski/phase4/commit/72673b63320a3f621acc4009f59e62319760d6d9

v2.7.3 - 2024-01-23

• (Peppol) Updated to peppol-commons 9.3.0
• The IAS4IncomingMessageMetadata now also contains the HTTP headers of the source request
• Fixed a typo in an error message. Used that to further improve the specific error messages. See #211 - thanks @problemzebra2
• (Peppol) Extended Phase4PeppolReceiverCheckData with the SMP wildcard lookup selection mode
• (Peppol) Incoming messages can now also checked using the Wildcard lookup. Added Phase4PeppolServletConfiguration.setWildcardSelectionMode to configure this. See #209 - thanks @sakasaka19

v2.7.2 - 2024-01-10

• (Peppol) Updated to peppol-commons 9.2.3
• (Peppol) The default revocation check method for Peppol was changed from OCSP to CRL_BEFORE_OCSP to work around the issue mentioned at https://github.com/phax/phase4/issues/124#issuecomment-1884441835. Use CertificateRevocationChecker.setRevocationCheckMode (ERevocationCheckMode) to change the default value in your code.

v2.7.1 - 2024-01-09

• (Peppol) Updated to peppol-commons 9.2.2
• (Peppol) Added a signing certificate revocation check when receiving Peppol messages
• (Peppol) Via Phase4PeppolServletConfiguration.setCheckSigningCertificateRevocation(boolean) the signing certificate revocation check can be disabled globally
• (Peppol) Via Phase4PeppolServletConfiguration.setCheckSBDHForMandatoryCountryC1(boolean) the check for the mandatory COUNTRY_C1 Peppol SBDH element can be disabled globally

v2.7.0 - 2024-01-07

• (Peppol) Updated to peppol-commons 9.2.0
  • All occurrences of PeppolSBDHDocument need to be changed to PeppolSBDHData
  • The "Country C1" field is now always mandatory
• (DBNAlliance) Added new AS4 profile "DBN Alliance". See #200 - thanks @ri4a
• (Peppol) Removed the date check for the mandatoriness of the "Country C1" field in the Peppol SBDH when sending out messages
• (Peppol) Fixed an invalid @Nonnull annotation at IPhase4PeppolCertificateCheckResultHandler. See #206 - thanks @Florianisme
• AS4 Error Messages are signed if possible, but it is still possible that unsigned error messages are returned. See #188 - thanks @problemzebra2; also affects Oxalis-AS4#205

v2.6.0 - 2023-12-07

• (Peppol) Updated to peppol-reporting 2.2.0
• (BDEW) For the BDEW profile the ping messages are now passed into the custom SPI handler. See #175 - thanks @problemzebra2
• (Peppol) Added a new parameter to IPhase4PeppolIncomingSBDHandlerSPI.handleIncomingSBD to be able to provide better error messages. (backward incompatible change) See #196
• Improved the internal error handling, so that EBMS errors are propagated with more details. (backward incompatible change) See #198 - thx @arj03

v2.5.2 - 2023-11-15

• Updated to BouncyCastle 1.77
• Updated to WSS4J 3.0.2
• (Peppol) Updated to peppol-reporting 2.1.6 containing the updated Schematron rules for EUSR and TSR
• (BDEW) Improved the BDEW PMode validator etc. See #187 and #190 - thanks @koes-soptim
• The classes AbstractAS4IncomingDumperWithHeaders and AbstractAS4OutgoingDumperWithHeaders can now configure if headers should be dumped or not

v2.5.1 - 2023-10-27

• Added a parameter to enforce the packaging in MIME messages, even if no attachment is present. See #186 - thanks @problemzebra2
• Fixed an error that if no payload is present no encryption will be performed

v2.5.0 - 2023-10-25

• (Peppol) Updated to peppol-reporting 2.1.4 containing the updated Schematron rules for EUSR and TSR
• Added the missing call to IAS4ProfileValidator.validateSignalMessage
• (BDEW) Fixed the ID type for BDEW participants. See #178 - thanks @problemzebra2
• (BDEW) Made the payload check for BDEW optional. See #180 - thanks @problemzebra2
• Added new SPI interface com.helger.phase4.incoming.spi.IAS4IncomingMessageProcessingStatusSPI to be used as a callback for incoming message processing start and end
• Added a possibility to verify the TLS client certificate via the AS4 profile. See #182 - thanks @problemzebra2
• Extended the API of IAS4SignalMessageConsumer.handleSignalMessage with IAS4IncomingMessageMetadata. (backward incompatible change) See #177 - thanks @sopgreg
• Extended the API of IAS4UserMessageConsumer.handleUserMessage with IAS4IncomingMessageMetadata for consistency. (backward incompatible change)

v2.4.0 - 2023-09-26

• Updated to peppol-reporting 2.1.3 containing the updated Schematron rules for EUSR and TSR
• The BDEW sender client sets a the agreementRef value to https://www.bdew.de/as4/communication/agreement by default
• Added new enum ECryptoMode to differentiate between sign/encrypt and verify/decrypt
• Added a mandatory ECryptoMode parameter to IAS4CryptoFactory.getCrypto(...)
• Fixed a regression introduced in v2.2.2 that affects BDEW and ENTSOG - the payload parameters are set correctly again. See #172 - thanks @problemzebra2

v2.3.0 - 2023-09-20

• Updated to phive 9.x
• Deprecated AS4MessageProcessorResult.createFailure(String) in favour of AS4MessageProcessorResult.createFailure(). See issue #162 - thanks @sopgreg
• Deprecated AS4SignalMessageProcessorResult.createFailure(String) in favour of AS4SignalMessageProcessorResult.createFailure(). See issue #162 - thanks @sopgreg
• Extended the AS4UserMessage.create message to also include the optional MPC parameter
• Peppol incoming handler denies messages that are not signed and encrypted
• Fixed the default BDEW crypting key identifier. See issue #167 - thanks @problemzebra2
• Extended the IAS4IncomingSecurityConfiguration interface to include the full AS4SigningParams and AS4CryptParams objects. See #165 and issue #166 - thanks @sopgreg and @problemzebra2
• The method AS4ProfileSelector.getAS4ProfileID () now also falls back to IAS4ProfileManager.getDefaultProfileOrNull()

v2.2.2 - 2023-09-12

• Updated to peppol-commons 9.0.8
• The "Certificate Consumer" in the Peppol client is now also invoked, when .checkReceiverAPCertificate(false) is called
• The class AbstractENTSOGUserMessageBuilder is now derived from AbstractAS4UserMessageBuilderMIMEPayload and yet customization of the attachment part works
• The class AbstractBDEWUserMessageBuilder is now derived from AbstractAS4UserMessageBuilderMIMEPayload and yet customization of the attachment part works
• Added new interface IAS4SendingDateTimeConsumer to determine the effective sending date and time
• Made the determination of the effective sending date and time more consistent
• In the Peppol client, the country code of C1 will be checked for mandatoriness from 1.1.2024 onwards
• Added new interface IWSSecSignatureCustomizer to customize created WSSecSignature objects. Handle with care
• Added support for Peppol Reporting via the peppol-reporting-api project as defined in https://github.com/phax/peppol-reporting

v2.2.1 - 2023-08-20

• Updated to ph-oton 9.2.0 for reduced dependencies
• Reduced defined versions in the parent-pom and moved it to the module POMs where applicable

v2.2.0 - 2023-08-20

• Allowing separate IAS4CryptoFactory configurations for signing/signature verification and encrypting/decrypting. See issue #139 - thanks @sopgreg
  • Most internal APIs that previously took one parameter for "cryptoFactory" now take two parameters for "cryptoFactorySign" and "cryptoFactoryCrypt"
• Removed IAS4CryptoFactory.isAllowRSA15KeyTransportAlgorithm()
  • The configuration property org.apache.wss4j.dom.handler.RequestData.allowRSA15KeyTransportAlgorithm is no longer supported
  • As an alternative the interface IAS4DecryptParameterModifier was introduced to allow even more fine-grained customization
• Improved the unique PMode determination, by comparing all fields of Initiator and Responder. See issue #118 - thanks @sopgreg
• Removed the Serializable interface from objects where it is not needed
• The interface IPModeIDProvider now relies on the PModeParty of initiator and responder instead on the ID only
• Allowed an external customization of the WSSConfig object created for decryption. See issue #150 - thanks @sopgreg
  • This and the RequestData object can be customized via a callback using IAS4DecryptParameterModifier

v2.1.5 - 2023-08-03

• Reverted the incorrect use of the Binary Security Token value type "#X509PKIPathv1" for Peppol and others (introduced in v2.1.3). Only BDEW needs this. See Discussion #149 - thanks to @binaradarsha

v2.1.4 - 2023-08-01

• Updated to WSS4J 3.0.1
• Updated to ph-commons 11.1
• Add a possibility to customize the signingParams and cryptParams in AbstractAS4MessageBuilder
• Made the Java security Provider for encryption customizable
• Increased customizability of security configuration

v2.1.3 - 2023-07-13

• Updated to BouncyCastle 1.75
• Improved support for the COUNTRY_C1 field in Peppol SBDH
• Added a consistency check to avoid that pre-built SBD documents are used with the plain Peppol sender builder
• The BinarySecurityToken for signed AS4 messages now uses the ValueType of ...#X509PKIPathv1 by default
• The default response timeout for Peppol client messages was changed from 5 minutes to 2 minutes to reflect SLA changes
• Added new interface IAS4IncomingSecurityConfiguration to customize AS4RequestHandler security configuration

v2.1.2 - 2023-06-06

• Made the session key provider for AS4 encryption session keys customizable
• Made some backwards incompatible changes to the API of BDEWPayloadParams so that it is chainable

v2.1.1 - 2023-05-26

• Updated to Spring Boot 3.1.0 fixing CVE-2023-20883
• Requires at least peppol-commons 9.0.6
• Added support for the COUNTRY_C1 field in Peppol SBDH

v2.1.0 - 2023-04-30

• Requires at least ph-commons 11.0.4
• Requires at least peppol-commons 9.0.4
• Added new submodules phase4-profile-bdew and phase4-bdew-client to support the German BDEW profile for the gas industry. See PR #122 - thanks to @sopgreg
• Added interface IAS4PModeAwareCryptoFactory to make keystore / truststore decisions based on the selected PMode. See PR #121 - thanks to @sopgreg
• Deprecated class EXMLDSigDocumentType
• Avoid closing the dumping OutputStream more then once. See issue #120
• Fixed support for Surrogate characters for e.g. Japanese

v2.0.0 - 2023-04-13

• Updated to xmlsec 3.0.2
• Using XML marshalling based on GenericJAXBMarshaller instead of separate reader/writer classes
• The paths of the internal XML schemas have changed to contain external/

v2.0.0-RC1 - 2023-02-24

• Using Java 11 as the baseline
• Using Servlet API 5.0.0 as the baseline: JakartaEE 9, Java 11+, Apache Tomcat v10.0.x, Jetty 11.x
• Using Eclipse Angus 2.0.x
• Updated to xmlsec 3.0.1
• Updated to WSS4J 3.0.0
• Updated to ph-commons 11
• Updated to Spring Boot 3.0.x
• Removed deprecated classes and methods
• Renamed class Phase4OutgoingAttachment to AS4OutgoingAttachment
• Renamed class IManagerFactory to IAS4ManagerFactory
• Renamed class ManagerFactoryInMemory to AS4ManagerFactoryInMemory
• Renamed class ManagerFactoryPersistingFileSystem to AS4ManagerFactoryPersistingFileSystem
• Renamed class Phase4Sender to AS4Sender
• Renamed class Phase4KeyStoreCallbackHandler to AS4KeyStoreCallbackHandler
• Added new base interfaces ICryptoAlgorithm(C14N|Crypt|Sign|SignDigest) for future usage
• Added new enum entry ECryptoKeyIdentifierType.ISSUER_SERIAL_QUOTE_FORMAT
• Added support for new signing algorithms (ECDSA with SHA (256|384|512), RSA with SHA (256|384|512) and MGF1 and RSA with SHA3 (256|384|512) and MGF1)
• Enabled the variable replacement in the default configuration properties

v1.4.6 - 2025-02-10 (backport)

• Updated to wss4j to 2.4.3
• Updated to xmlsec to 2.3.5
• (EESPA) Deprecated the profile "EESPA", as they decided to use the Peppol Network
• Added IAS4IncomingMessageState.(get|has)(Signing|Decrypting)Certificate methods to explicitly access the signing and decryption certificates for incoming messages
• Deprecated IAS4IncomingMessageState.(get|has)UsedCertificate for removal in favour of the new methods
• If no Java SPI handlers are registered for handling an incoming message, and the production mode is enabled (global.production = true) than incoming messages are effectively rejected and not just logged and ignored

v1.4.5 - 2024-01-17 (backport)

• Updated to Spring Boot 2.7.18
• Updated to xmlsec to 2.3.4
• Updated to wss4j to 2.4.2
• Updated to Log4J to 2.22.1
• (Peppol) Added a signing certificate revocation check when receiving Peppol messages
• (Peppol) Via Phase4PeppolServletConfiguration.setCheckSigningCertificateRevocation(boolean) the signing certificate revocation check can be disabled globally

v1.4.4 - 2023-05-26 (backport)

• Updated to Spring Boot 2.7.12 fixing CVE-2023-20883
• Requiring peppol-commons 8.8.6
• Updated to ph-commons 10.2.4 fixing the issue with surrogate characters. See #123
• Enabled the variable replacement in the default configuration properties. See #128

v1.4.3 - 2023-01-12

• Updated to xmlsec 2.3.2
• Added new class Phase4PeppolClientException for more control over error message handling

v1.4.2 - 2022-12-27

• Updated to peppol-commons 8.8.1
• Added new submodule phase4-eudamed-client that offers a specific client builder for the CEF profile
• Fixed an NPE in AS4RawResponseConsumerWriteToFile when the file could not be opened for writing
• Allow RSA 1.5 Key Transport Algorithm in WSS4J
• Added another overload of Phase4PeppolSender.Builder.payload(IHasInputStream) to be more memory efficient
• Extended API of EAS4MessageMode with isRequest and isResponse methods
• Extended API of AS4IncomingMessageMetadata to include the request AS4 message ID, if this is for a response message

v1.4.1 - 2022-10-21

• Updated to BouncyCastle 1.72 using the new artefact names bc*-jdk18on (instead of the old bc*-jdk15on)
• Included a small change in IAS4CryptoFactory that allows to make the key password flexible per chosen alias
• Extended the API in AS4RawResponseConsumerWriteToFile to have a callback that receives opened files

v1.4.0 - 2022-08-17

• Updated to Apache HttpClient v5.x - incompatible change
• Updated to peppol-commons 8.8.0
• Updated to ph-web 9.7.1
• Needed to make the HttpMimeMessageEntity constructor protected - use the static create method instead

v1.3.10 - 2022-08-17

• Updated to peppol-commons 8.7.6 with Peppol Code Lists v8.2
• Extended API of AbstractPeppolUserMessageBuilder to disable the AP receiver certificate check
• Extended API of AbstractAS4MessageBuilder to provide a custom IHttpPoster implementation
• The httpRetrySettings of the sending builder are not correctly honoured and not overwritten by the PMode settings

v1.3.9 - 2022-05-25

• Updated to xmlsec 2.3.1
• Updated to peppol-commons 8.7.5 with Peppol Code Lists v8.1
• Improved the ENTSOG profile to remove some checks

v1.3.8 - 2022-05-06

• Reverted the change to try to use TLS 1.3 connections. See issue #80. Thx @Florianisme

v1.3.7 - 2022-05-04

• Updated the callback interface of AS4DumpReader to be able to decrypt all attachments
• The Peppol, BPC and ENTSOG profile now also try to use TLS 1.3 connections
• Added new submodule phase4-profile-eespa to support the EESPA AS4 profile
• Deprecated class Phase4PeppolServlet in favour of AS4Servlet because they do the same thing

v1.3.6 - 2022-04-02

• Moved all the documentation into a Wiki for better structuring of information
• Added new submodule phase4-profile-bpc to support the BPC market pilot
• Added support for a CEF two-corner profile. See issue #79. Thx @Nagendra-Naidu1629
• Increased the debug logging for the sample Peppol Server application
• The data type of PModeReceptionAwareness.RetryIntervalMS was changed from int to long

v1.3.5 - 2021-12-21

• Updated to Log4J 2.17.0 for security reasons (CVE-2021-45105) - see https://logging.apache.org/log4j/2.x/security.html

v1.3.4 - 2021-12-14

• Updated to Log4J 2.16.0 for security reasons (CVE-2021-45046) - see https://www.lunasec.io/docs/blog/log4j-zero-day/

v1.3.3 - 2021-12-10

• Updated to Log4J 2.15.0 for security reasons (CVE-2021-44228) - see https://www.lunasec.io/docs/blog/log4j-zero-day/
• Updated to WSS4J 2.4.0
• Updated to xmlsec 2.3.0
• Fixed a typo in method name of class AbstractPeppolUserMessageBuilder (missing p of endpoint)
• Fixed the interface name from IPhase4PeppolValidatonResultHandler to IPhase4PeppolValidationResultHandler. See issue #68.
• Updated the Maven JAXB2 plugin so that it also build with Java 17

v1.3.2 - 2021-09-27

• Updated to ph-web 9.6.1
• Updated to phive-rules 2.1.7
• Updated to xmlsec 2.2.3 (security fix)
• Allowing to set the "RefToMessageId" in the client sender builders
• Improved the error handling of ISOAPHeaderElementProcessor invocations. See issue #52.

v1.3.1 - 2021-05-21

• Updated to xmlsec 2.2.2
• Added the possibility to provide the content ID in the Peppol AS4 sender
• Changed the layout of the default, random Content-IDs to match RFC 822
• The error handling of the SPI invocations was improved
• AS4MessageProcessorResult.createFailure now also takes empty arguments
• Extended the internal API of AS4XServletHandler to make calls from the outside simpler
• Added a new class AS4DumpReader that can be helpful in reading dumped ".as4in" messages at a later point in time

v1.3.0 - 2021-05-02

• Updated to ph-commons 10.1
• Moved the classes AS4IncomingDumperFileBased, AS4OutgoingDumperFileBased and AS4RawResponseConsumerWriteToFile from package com.helger.phase4.servlet.dump to package com.helger.phase4.dump. The old classes remain there, but deprecated.
• IAS4IncomingDumper.onEndRequest is only called if onNewRequest returned a non-null stream
• Improved logging in case of failed sending prerequisites
• Changed from Offset(Date|Time|DateTime) to XMLOffset(Date|Time|DateTime) where the message exchange is affected
• The JAXB implementation must now explicitly be added to an application pom.xml e.g. like this:

<dependency>
<groupId>com.sun.xml.bind</groupId>
<artifactId>jaxb-impl</artifactId>
</dependency>

• v1.2.0 - 2021-03-28
• Added the response AS4 Message ID as parameter to IAS4ServletMessageProcessorSPI.processAS4ResponseMessage
• Renamed class EAS4IncomingMessageMode to EAS4MessageMode
• Extended IAS4OutgoingDumper API with an EAS4MessageMode param
• Extended the IAS4MessageState with "ref to message ID" and "message timestamp"

v1.1.1 - 2021-03-23

• Made the AS4 message ID suffix customizable (see issue #50) using MessageHelperMethods.setCustomMessageIDSuffix(String)

v1.1.0 - 2021-03-22

• Updated to ph-commons 10
• Changed from Local(Date|Time|DateTime) to Offset(Date|Time|DateTime) where the message exchange is affected

v1.0.0 - 2021-03-10

• Updated to phive-rules 2.0.5 with the more lightweight Peppol validation
• Changed the default timeout of the Peppol HTTP settings from 100 seconds to 300 seconds (5 minutes) to comply with the TIA requirements
• Added new submodule phase4-spring-boot-demo kindly provided by @jmrleal from Opensoft

v1.0.0-rc1 - 2021-02-17

• Updated to peppol-commons 8.4.0
• The configuration files private-crypto.properties, crypto.properties, private-as4.properties and as4.properties are no longer read
• The configuration properties server.debug, server.production, server.nostartupinfo, server.datapath, server.profile, server.incoming.duplicatedisposal.minutes and server.address are no longer supported
• Removed all deprecated elements
• Extended the API of ESimpleUserMessageSendResult
• Added AbstractAS4UserMessageBuilder.sendMessageAndCheckForReceipt overload with an exception consumer (see issue #48)

v0.14.0 - 2021-01-27

• Changed the default directory structure of the incoming and outgoing dumper as well as the raw response consumer to have subdirectories for year, month and day of month
• Extended Phase4OutgoingAttachment to also have a Charset parameter. Thanks to @pavelrotek for pointing this out.
• Phase4OutgoingAttachment can now work on byte[] and File.
• Added support for the ENTSOG AS4 profile (see issue #46). Therefore the new submodules phase4-profile-entsog as well as phase4-entsog-client were added. Thanks to @pavelrotek for providing it.
• Removed all elements deprecated in 0.13.x or earlier

v0.13.2 - 2021-01-22

• Fixed an error that an empty MessageProperties element is created which would not be XSD compliant. Thanks to Amish Regmi for pointing this out.

v0.13.1 - 2021-01-20

• Updated to WSS4J 2.3.1
• Updated to ph-web 9.5.2 updating the U-NAPTR lookup code for BDXL lookups
• Added new class EbmsError to implement IEbmsError next to EEbmsError
• The AS4RequestHandler received a SoapProcessingFinalizedCallback to be able to get notified on asynchronous processing finalization
• Extended IAS4IncomingProfileSelector to allow to disable the AS4 profile validation of PModes
• Remembering the MessageID earlier in the process, so that error messages can always use the RefToMessageId properly
• Fine-tuned the CEF and Peppol PMode checks a bit

v0.13.0 - 2020-12-11

• Extended exception API to that constructors with only another exception are present
• Extended the Peppol demo server to store the attachments by default, even if the payload check does not work
• Updated to peppol-commons 8.3.1 that fixes the Peppol SBDH TypeVersion check
• The Peppol client builder no longer sets an invalid default TypeVersion in the SBDH
• Added new interface IAS4SenderInterrupt to allow all sender builders to interrupt sending at a late stage
• The HTTP retry settings are now assembled in the class HttpRetrySettings
• AbstractAS4Client is no longer derived from BasicHttpPoster but instead has a customizable member that is responsible for the sending. This allows for exchanging the underlying HTTP engine.
• The UserMessage builder now has a simplified sendMessageAndCheckForReceipt method that does all the success/error checks internally
• Extended the AS4ClientSentMessage to also contain the HTTP response status line and the response HTTP headers
• Added a new interface IAS4IncomingProfileSelector to make profile selection customizable
• Renamed interface IIncomingAttachmentFactory to IAS4IncomingAttachmentFactory
• Added new abstract base class AbstractAS4RawResponseConsumer to customize handling of status line and http headers
• AS4RawResponseConsumerWriteToFile now logs the status line and the response headers by default (backward incompatible change)
• The default filenames created from AS4RawResponseConsumerWriteToFile now use the extension .as4response instead of -response.xml because they are no longer pure XML
• Moved method readCryptoPropertiesFromFile from AS4CryptoFactoryPropertiesFile to AS4CryptoFactoryProperties

v0.12.6 - 2020-11-25

• Updated from "ph-bdve*" to "phive*" - see https://github.com/phax/phive and https://github.com/phax/phive-rules for details

v0.12.5 - 2020-11-25

• Updated to peppol-commons 8.3.0

v0.12.4 - 2020-11-18

• Remembering the original compression state of incoming attachments
• Updated to ph-bdve-rules 1.0.14 including Peppol Fall 2020 release corrigendum

v0.12.3 - 2020-11-06

• The phase4-server-webapp project now also stores all incoming messages to the dump path
• Ensure the incoming dumper AS4IncomingDumperFileBased creates a unique filename by default
• Allow an empty AS4 Conversation ID in a UserMessage
• Ensuring that outgoing messages can be dumped, even if retries is set to 0 (see issue #43)

v0.12.2 - 2020-10-05

• Extended the IPhase4PeppolIncomingSBDHandlerSPI interface to be able to reject messages on the AS4 layer
• Updated to ph-bdve-rules 1.0.8

v0.12.1 - 2020-09-28

• Updated to peppol-commons 8.2.4
• Made the value checks when reading Peppol SBDH documents customizable via Phase4PeppolServletConfiguration.setPerformSBDHValueChecks
• Extended the Peppol client sender API to easily send special binary and text payload

v0.12.0 - 2020-09-22

• Extended the IPModeResolver to also contain the agreementRef value (for ENTSOG) - backwards incompatible change
• Added support for custom "Part properties" in IAS4Attachment (for ENTSOG)
• The sending date and time of the AS4 message can now be configured in the client
• Made class PMode more static (see issue #41)
• PModeValidationException is now a subclass of Phase4Exception
• Added setters to some PMode related domain classes
• A default serialization of the PMode objects as JSON is available (see issue #40)
• The internal interface IAS4MessageState is now standalone
• Made the incoming message metadata in class AS4XServletHandler easily customizable.
• Made truststore accessible through IAS4CryptoFactory
• Added new interface IAS4UserMessageConsumer
• Extended API to make PullRequest sending simpler
• Moved shared fields from AbstractAS4UserMessageBuilder to AbstractAS4MessageBuilder
• Added new sanity builder for AS4 Pull Requests using Phase4Sender.builderPullRequest()
• Changed PMode IAS4ServletPullRequestProcessorSPI.processAS4UserMessage to IPMode IAS4ServletPullRequestProcessorSPI.findPMode

v0.11.1 - 2020-09-17

• Updated to Jakarta JAXB 2.3.3
• Updated to ph-sbdh 4.1.1
• Updated to peppol-commons 8.2.2

v0.11.0 - 2020-09-08

• Extracted new enum ECryptoKeyIdentifierType to make the key information type customizable
• Reworked the configuration so that system properties and environment variables can also be used
• The class AS4Configuration is now the primary source for configuration stuff
• Class AS4ServerConfiguration was deleted
• Extracted the class AS4CryptoFactoryProperties as the base class for AS4CryptoFactoryPropertiesFile
• Deprecated class AS4CryptoFactoryPropertiesFile in favour of AS4CryptoFactoryProperties
• The file crypto.properties is considered deprecated. All values should be placed now in phase4.properties.
• By default the "in memory" managers are enabled. To disable this, add phase4.manager.inmemory=false in your configuration.
• Dumping interfaces no longer implement Serializable
• Added missing onEndRequest call to the outgoing dumper when sending responses
• v0.10.6 - 2020-09-03
• The CEF client now has support for OASIS BDXR SMP v2
• The signature canonicalization method can now be customized
• Created new submodule phase4-dynamic-discovery that contains the shared parts used for dynamic discovery with SML and SMP
• phase4-peppol-client and phase4-cef-client use the classes from phase4-dynamic-discovery - backwards incompatible change

v0.10.5 - 2020-08-30

• Updated to ph-commons 9.4.7
• Updated to ph-oton 8.2.6
• Updated to peppol-commons 8.1.7
• Replaced AS4WorkerPool with PhotonWorkerPool
• Improved validation of Peppol requirements for incoming messages, if the correct AS4 Profile "peppol" is selected
• Using Java 8 date and time classes for JAXB created classes

v0.10.4 - 2020-07-22

• Extracted IAS4ProfileManager interface
• Added profile manager to the IManagerFactory interface
• Reworked the WSS4J initialization code to try to avoid the WSS-660 issue

v0.10.3 - 2020-07-15

• Updated to ph-commons 9.4.6
• Added AS4ServerInitializer.shutdownAS4Server to gracefully unschedule all jobs
• Improved customizability of the Phase4CEFSender to define if the @type attribute should be emitted or not
• Fixed an invalid Content-Type parsing issue, if an empty parameter is contained

v0.10.2 - 2020-07-07

• Fixed an UnsupportedOperationException when AS4 HTTP Debugging was enabled AND an outgoing dumper was registered (see issue #39)
• Extended Peppol SBDH based builder to set the identifiers from the SBDH (see issue #22)
• Moved the HttpClientFactory setting one class up from AbstractAS4UserMessageBuilder to AbstractAS4MessageBuilder
• Improved the configurability of the dumpers

v0.10.1 - 2020-06-24

• Added the possibility to provide a custom VESRegistry to the Peppol client to provide additional validation rules
• Changed the method IAS4DuplicateManager method findFirst to getItemOfMessageID to be implementable in different ways
• Updated to WSS4J 2.3.0 and XMLSec 2.2.0
• Using ph-xsds-xlink and ph-xsds-xml for a shared "XLink" JAXB artefact

v0.10.0 - 2020-06-08

• Updated to ph-bdve 6.0.0
• Merged phase4-servlet into phase4-lib; therefore dropped phase4-servlet submodule
• Moved internal classes to new packages: BasicHttpPoster, AS4BidirectionalClientHelper
• Added a new class Phase4Sender that does offer sending capabilities with the builder pattern
• All the client builders were unified - that creates incompatible name changes to Phase4PeppolSender (as in setSenderPartyID → senderPartyID)
• Extracted IAS4TimestampManager to be able to provide custom timestamps

v0.9.17 - 2020-05-27

• Changed Maven groupId to com.helger.phase4
• Updated to ph-commons 9.4.4

v0.9.16 - 2020-05-20

• Becoming more specific in thrown exceptions. Avoiding all "throws Exception"
• Fixed a potential concurrency error in IPModeManager implementations when calling "createOrUpdatePMode"
• Fixed a potential concurrency error in AS4CryptoFactoryPropertiesFile.getDefaultInstance()
• Added new class Phase4OutgoingAttachment for easier creation of outgoing attachments
• Extended the Phase4CEFSender to handle multiple attachments.
• Extended the Phase4CEFSender to allow overriding "Action" and "Service"

v0.9.15 - 2020-05-19

• Increased customizability of AS4XServletHandler
• Added a new submodule phase4-cef-client for easy sending using the CEF profile
• Note: this version had a problem when deploying to Maven Central - so it's binary representation is broken

v0.9.14 - 2020-04-28

• Updated to WSS4J 2.2.5
• Updated to ph-commons 9.4.1
• Improved configurability of MetaAS4Manager
• Moved callback interface IPhase4PeppolResponseConsumer to IAS4RawResponseConsumer in phase4-lib
• Moved callback interface IPhase4PeppolSignalMessageConsumer to IAS4SignalMessageConsumer in phase4-lib
• Moved Phase4PeppolSender.parseSignalMessage to class AS4IncomingHandler in phase4-servlet
• Removed the check for the refToMessageInError attribute when receiving "Error SignalMessages"

v0.9.13 - 2020-03-17

• Moved originalSender and finalRecipient tests to the CEF and Peppol profiles (see issue #33)
• Added new class AS4ProfileSelector for more flexible profile selection
• Added possibility for dumping the created SBDH in Phase4PeppolSender.Builder (see issue #34)
• Made the setter of Phase4PeppolServletMessageProcessorSPI chainable
• Extracted class Phase4PeppolReceiverCheckData to make the consistency check more flexible.

v0.9.12 - 2020-03-09

• Fixed potential NPE in error case (see issue #32)
• Fixed the setting of the originalSender and the finalRecipient message properties for Peppol. The type attribute must contain the identifier scheme.

v0.9.11 - 2020-03-03

• Updated to ph-web 9.1.10
• Propagating processing errors to the client (see issue #30) - thanks to https://github.com/RovoMe
• Replaced the unchecked AS4BadRequestException with the checked Phase4Exception (backwards incompatible change)

v0.9.10 - 2020-02-16

• Fixed a stupid error in the demo code that prohibits the correct receiver check activation - see https://github.com/phax/phase4/commit/796c054d972562d31fe33597b8f7938081b8183e for the resolution
• Invoking the AS4RequestHandler error consumer also on asynchronous processing
• Extended the error consumer interface of AS4RequestHandler from Consumer to IAS4RequestHandlerErrorConsumer (backwards incompatible change)
• Extended the message metadata class AS4IncomingMessageMetadata
• Updated to ph-web 9.1.9

v0.9.9 - 2020-02-09

• Removed the methods deprecated in v0.9.8
• Updated to peppol-commons 8.x
• Extended Phase4PeppolEndpointDetailProviderSMP API
• Added new subproject phase4-peppol-server-webapp with a demo server for receiving messages via Peppol
• Extended IAS4IncomingDumper API with an "end request" notifier
• The asynchronous response now also uses the outgoing dumper
• Merged two methods in class IAS4ResponseAbstraction into one (backwards incompatible change)
• Invoking the outgoing dumper also for responses sent for incoming messages

v0.9.8 - 2020-01-29

• Added possibility to use external message ID in Peppol client
• Added new classes AS4IncomingDumperSingleUse and AS4OutgoingDumperSingleUse for easier per-call dumping
• Peppol client now has an additional callback to retrieve the AS4 URL where the message is send to
• No longer throwing an exception if phase4.properties is not available. Changed to a warning.
• Added new class AS4IncomingMessageMetadata to hold metadata for each incoming message
• The IAS4ServletMessageProcessorSPI API was modified to now include IAS4IncomingMessageMetadata (backwards incompatible change)
• The IPhase4PeppolIncomingSBDHandlerSPI API was modified to now include IAS4IncomingMessageMetadata as well as PeppolSBDHDocument, Ebms3UserMessage and IAS4MessageState (backwards incompatible change)
• The IAS4IncomingDumper API was modified to now include IAS4IncomingMessageMetadata (backwards incompatible change)
• Added the original (potentially encrypted) SOAP document into IAS4MessageState
• Renamed type ESOAPVersion to ESoapVersion (backwards incompatible change)
• Method names in IAS4ClientBuildMessageCallback changed to use Soap instead of SOAP
• Extended IAS4ServletMessageProcessorSPI with a possibility to process the response message send out
• Renamed AS4CryptoFactory to AS4CryptoFactoryPropertiesFile (backwards incompatible change)

v0.9.7 - 2020-01-20

• Removed the default configuration files from phase4-peppol-client
• Added the new submodule phase4-peppol-servlet with the Peppol specific receiving stuff
• Extracted interface IAS4Attachment from WSS4JAttachment for read-only access
• Fixed NPE when receiving an attachment without a "Content-ID"
• Removed all deprecated and unused methods from previous versions
• Extracted IAS4CryptoFactory interface for broader usage
• Added possibility to use a preconfigured receiver AP certificate and endpoint URL for the Peppol client
• Changed IPhase4PeppolValidatonResultHandler to be an empty interface and Phase4PeppolValidatonResultHandler is the default implementation
• The base class of Phase4PeppolException changed from Exception to Phase4Exception
• Incoming messages are checked via against the values configured in class Phase4PeppolServletConfiguration
• For security reasons the dependency to the XML pull parser "woodstox" was removed
• For security reasons the dependency to the DNS library "dnsjava" was removed
• Added the new class AS4CryptoFactoryInMemoryKeyStore that takes an in-memory key store and trust store (see issue #28)
• Updated to peppol-commons 7.0.6 with more flexible SMP client API
• SOAPHeaderElementProcessorRegistry is no longer a singleton
• The Peppol client can now handle Receipts that are MIME encoded
• The Peppol client now verifies the signatures of the response messages
• The Peppol client now honours the "incoming dumper" for the response messages

v0.9.6 - 2019-12-12

• Removed the "ExceptionCallback" from Phase4PeppolSender
• Changed the data types of "ResponseConsumer" and "SignalMsgConsumer" from Phase4PeppolSender to be able to throw exception (binary incompatible change)
• Added the possibility to configure the keystore without the need of having the crypto.properties file
• Extracted interface IMPCManager from MPCManager and using it internally
• Extracted interface IPModeManager from PModeManager and using it internally
• The method IPModeManager.validatePMode now throws a checked PModeValidationException exception (incompatible change)
• Added the possibility to customize the outgoing dumper in class Phase4PeppolSender
• Added specific Phase4PeppolSMPException for SMP lookup errors (incompatible change)
• Extracted interface IAS4DuplicateManager from AS4DuplicateManager and using it internally
• Added the possibility to send pre-build SBDH messages (see issue #22) (binary incompatible change)
• Added support for creating in-memory managers only, using the system property phase4.manager.inmemory
• Parameter type of IAS4IncomingDumper.onNewRequest changed to HttpHeaderMap (incompatible change)
• Made AS4RequestHandler usage more flexible to not solely rely on the Servlet API
• New logo thanks to Maria Petritsopoulou - http://stirringpixels.com/

v0.9.5 - 2019-11-27

• Enforcing the usage of Phase4PeppolSender.builder() by making the main sending method private
• Updated to peppol-commons 7.0.4 (moved classes PeppolCerticateChecker and EPeppolCertificateCheckResult there) (incompatible change)
• Replaced the Peppol client "certificate consumer" type to be IPhase4PeppolCertificateCheckResultHandler (incompatible change)

v0.9.4 - 2019-11-20

• Updated to ph-commons 9.3.8
• Added OCSP/CLR check for Peppol certificates
• Added support for validation of outgoing Peppol messages using the default Peppol Schematrons
• Extended the Peppol client API a bit for client side validation (see issue #19)
• Outgoing messages now have the User-Agent HTTP header set (see issue #20)
• Fixed a typo in the short name of EBMS_FAILED_DECRYPTION (see issue #21)
• Added a new Builder class for the Peppol AS4 client - use Phase4PeppolSender.builder() to get started

v0.9.3 - 2019-11-05

• Updated to peppol-commons 7.0.3
• Added new subproject phase4-peppol-client to easily send AS4 messages to Peppol
• Fixed default initiator URL (see issue #18)

v0.9.2 - 2019-10-07

• Fixed an invalid assumption in the Peppol PMode validator.

v0.9.1 - 2019-09-06 - Peppol conformant

• Ignored WSS4J dependency "ehcache" to create smaller deployments
• Added new subproject phase4-profile-peppol for the Peppol AS4 profile
• From Party ID type and To Party ID type can now be set in the client
• The service type can now be set in a PMode
• Requires ph-commons 9.3.6
• Requires ph-web 9.1.3
• This is the first version passing the Peppol Testbed v1

v0.9.0 - 2019-08-08 - CEF conformant

• The GitHub repository was officially renamed to phase4
• All Maven artifact IDs were renamed from ph-as4-* to phase4-*
• The package names changes from com.helger.as4.* to com.helger.phase4.*
• Updated to WSS4J 2.2.4
• Updated to ph-oton 8.2.0
• Updated to peppol-commons 7.0.0
• Updated to ph-commons 9.3.5
• The submodule ph-as4-esens was renamed to phase4-profile-cef
• The AS4 message handler now have a chance to access the received HTTP headers
• Renamed ph-as4-server-webapp-test to phase4-test
• Improved Crypto stuff configurability
• Renamed AS4ResourceManager to AS4ResourceHelper
• Renamed AS4Handler to AS4RequestHandler
• Reworked client API so that it can be used chainable
• Added retry support to clients
• Added possibility to dump incoming and outgoing requests using AS4DumpManager
• This version passes the CEF "AS4 Basic Connectivity Tests"
• This version passes the CEF "AS4 Common Profile Test Assertions"
• This version passes the CEF "AS4 Four Corner Profile Enhancement Test Assertions"

v0.8.2 - 2019-02-27

• Adoptions for integration into TOOP

v0.8.1 - 2018-11-26

• The web application now uses LOG4J 2.x
• Requires at least ph-commons 9.2.0
• Added @type-fix from https://issues.oasis-open.org/projects/EBXMLMSG/issues/EBXMLMSG-2

v0.8.0 - 2018-06-21

• Updated to ph-commons 9.1.2
• Updated to BouncyCastle 1.59
• Updated to WSS4J 2.2.2
• Successfully send test messages to AS4.NET and Holodeck 3.x

v0.7.0 - 2017-07-24

• Added HTTP retry for client
• Added server duplicate message detection for incoming messages
• MessageInfo/Timestamp uses UTC - thanks Sander
• Added two-way handling
• Fixed bug that Receipt is not signed (if desired)
• Removed PModeConfig in favor of redundant PMode objects
• Removed partner handling - not needed anymore
• To be on the safe side, delete all previously created as4-*.xml files as there were incompatible changes.
• Added a second webapp - one for demo, one for testing

v0.6.0 - 2017-01-26

• Extracted subproject ph-as4-servlet with only the AS4Servlet
• Unified the namespaces across the sub-projects
• Requires ph-web 8.7.2 or higher
• Renamed ph-as4-server to ph-as4-server-webapp-demo

v0.5.0 - 2017-01-18

• Initial release
• Has everything needs for sending and receiving using the eSENS P-Mode profiles
• Basic compatibility with Holodeck 2.1.2 is provided
• Supports signed messages
• Supports encrypted messages
• Supports compressed messages
• Targets to be easily integrateable into existing solutions
• Requires Java 8 for building and execution