changes.txt

Version 2.4.3 - 2017-10-20
This is a minor bugfix release:
       IMPORTANT NOTE: Please review upgrade notes below if you are upgrading

  1. Fix EXIT command not working when executed from remote socket comand processor. 

Version 2.4.2 - 2017-10-12
This is a minor bugfix and documentation enhancement release:
       IMPORTANT NOTE: Please review upgrade notes below if you are upgrading

  1. Fix using a Java 1.8 call to ensure 1.6 compatibility
  2. Enhance documentation around certifcate creation and deployment.
 
Version 2.4.1 - 2017-09-28
This is a minor enhancement release:
       IMPORTANT NOTE: Please review upgrade notes below if you are upgrading

  1. Enhance health check module to test all active modules. All modules now require implementing a healthcheck() method for self test.
 
Version 2.4.0 - 2017-09-25
This is a minor enhancement release:
       IMPORTANT NOTE: Please review upgrade notes below if you are upgrading

  1. Add initial basic health check listener on HTTP port for load balancer/high availability deployment
  2. Enhance POM to deploy code base to central maven repository 
 
Version 2.3.2 - 2017-08-17
This is a minor enhancement release:
       IMPORTANT NOTE: Please review upgrade notes below if you are upgrading

  1. Enhance the HTTP reader to allow logging the raw data when unable to determine how to process the data
  2. Correct the config.xml that was missing a $ sign in the log file name

Version 2.3.1 - 2017-08-06
This is a minor enhancement release:
       IMPORTANT NOTE: Please review release notes for upgrade steps if you are upgrading

  1. Remove reserved characters from dynamically generated file names
  2. Document feature to change reserved character list for file names.
  3. Document java tuning requirements for large files
  4. Change default logging date format to international standard
  5. Document logging date format configuration
  6. Document upgrade process as an appendix in OpenAS2HowTo
  7. Prevent HTTP header folding by default with config option to allow. (Fixes issue with NGINX)
  8. Change email logger to allow any exception to be logged through exception parser (not just OpenAS2Exception)
  9. Add support for Sentry logger for exceptions
  10. Enhanced documentation on logging system
  11. Change default log file name to use international date format
 
Version 2.3.0 - 2017-05-04
This is an enhancement and minor bugfix release:
       IMPORTANT NOTE: Please review ALL release notes for intermediate versions if you are upgrading

  1. Enhance message state tracking to correctly handle resends
  2. Support external databases that have JDBC drivers for message state tracking via configuration.
  3. Allow AS2 Message ID format to be configurable globally and overridden on a per partnership basis
  4. Persist message attributes for the full lifecycle of the message including resends.
  5. Provide support for proxy server authentication.
  6. Fix resending ASYNC MDN messages
  7. Document all of the enhancements and improve existing documentation.

Version 2.2.3 - 2017-04-07
This is a minor bugfix release:
       IMPORTANT NOTE: Please review ALL release notes for intermediate versions if you are upgrading

  1. Remove appending a UUID to the received AS2 filename allowing complete user control. To add one us $rand.UUID$ in the "filename" parameter

Version 2.2.1 - 2017-03-03
This is a minor bugfix release:
       IMPORTANT NOTE: Please review ALL release notes for intermediate versions if you are upgrading

  1. Remove the encapsulating "<" and ">" from the generated message ID as windows no longer allows that in file names 
  2. Minor update to documentation on handling SSL certificate issues

Version 2.2.0 - 2017-02-01
This is an enhancement and minor bugfix release:
       IMPORTANT NOTE: As of this release, OpenAS2 no longer supports Java 1.5 and below
  1. Add sample file for running OpenAS2 under systemd on NIX based systems
  2. Set the sender and recipient in the Message object when MDN is created to facilitate debugging due to config issues
  3. Extract the deployed version from the MANIFEST.MF file instead of embedding in the Session.java file
  4. Move to Maven build process
  5. Add an INFO level message for any files that are not writable in a polling directory
  6. Provide ability to generate a UUID using the dynamic parameter $rand.xxx
  7. Fix the method that creates a file name for storing pending messages (was removing the first character)
  8. Enhance error handling when using HTTPS and certificate checker class to facilitate debugging SSL certificate issues
  9. Reworked initialization structure to provide OSGi functionality to deploy as a standard OSGi bundle (OSGi deployment should be available in next release)
  10. Updated documentation relating to the enhancements including troubleshooting information.
  
Version 2.1.3 - 2016-11-09
This release is a bugfix release:
  1. Revert to default for allowing restricted HTTP headers (see OpenAS2HowTo for discussion on this issue)
  2. Remove \r (CR) character from logging and use the the system property to avoid issues on NIX based systems that parse logs
  3. Enhance documentation

Version 2.1.2 - 2016-10-29
This release is a bugfix release:
  1. Swap call to scan directory with the tracking processing call to ensure there is at least one full poll interval between scan and call to tracking processing to avoid sending incomplete files.
  2. Add documentation on Java tuning for large files and/or busy AS2 systems

Version 2.1.1 - 2016-10-17
This release is a bugfix release:
  1. Fix sending HTTP headers in a synchronous MDN that are copied from the inbound message causing some AS2 implementations to fail

Version 2.1.0 - 2016-10-11
  1. Add message tracking module to allow easy identification of sent and received messages based on state
  		- persists state change tracking of messages to H2 database
  		- allow user-plugin of custom tracking module(s)
  2. Enhanced documentation around certificate management
  3. Added properties element to config to allow easy custom config property access from java modules and helper classes
  4. Added support for parsing file name into partnership attributes using regular expressions
  5. Added script to support launching OpenAS2 as a daemon using the init.d paradigm
  6. Added system parameter to startup scripts to allow restricted HTTP headers that cause problems for some AS2 implementations


Version 2.0.0 - 2016-05-31
  1. Add support for custom HTTP headers
  		- configurable static headers as name/value pairs in the partnership
  		- configurable dynamic headers with header values set from parsing the name of the file to be sent
  2. Fix generator encoding for compression, encryption and signing
  3. Support configurable control of canonicalization when signing
  4. Support overriding digest "sha-1" algorithm name in signing to use "old" name without dash ("sha1")
  5. Support AES128, AES192, AES256 ciphers
  6. Support disabling the CMS algorithm protection OID for older AS2 systems that do not support it
  7. Added "Troubleshooting.." section to documentation
  8. Authenticated SMTP for email logging
  
Version 1.3.6 - 2015-11-23
  1. Fix handling creating a unique file name for storing message info for ASYNC MDN
  2. Rationalise the handling of received MDN so that there is a common handler for Async and Sync MDN
  3. Fix moving pending messages that fail after retries to the error folder.
  4. Enhance logging to pass MEssage object to log manager to facilitate finer grained and more targeted logging
  
Version 1.3.5 - 2015-11-13
  1. Fix handling of file streams to ensure file handle is always closed
  2. Fix async MDN functionality
  3. Fix calculation of MIC when content is signed and compressed
  4. Improved logic handling sending of MDN errors and HTTP responses
  5. Add compiler option to build file to ensure java 1.5 compatibility
  6. Add ability to control number of resend attempts

Version 1.3.4  - 2015-10-22
  1. add SHA224, SHA256, SHA384 and SHA512 encryption algorithms

Version 1.3.3 - 2015-09-14
  1. Fix sent MIC compare against returned MIC since the partner could return the algorithm identifier in different case to what was sent

Version 1.3.2  - 2015-09-09
  1. Add support for file name filtering by file extension in directory polling module
  2. Change the file writing mechanism in the file module to support NFS shares

Version 1.3.1  - 2015-09-08
  1. Bugfix for calculating MIC to include headers unless no encryption and no signing.

Version 1.3.0  - 2015-08-22
  1. Add support for using HTTPS as the transport protocol.
  2. Allow overriding the the password for the certificate store with a system parameter passed into the app at startup

Version 1.2.0  - 2015-08-17
    Add support for compression and decompression per RFC5402

Version 1.1.0  - 2015-08-03
    1. Enhanced logging to support configurable levels of output. Default level is INFO
       Added additional logging information to make it clearer what the real problem is  when errors occur
    2. Bouncy Castle Libraries upgraded to 1.5.2 and the code base changes implemented to support this.
    3. Upgrade other 3rd party libraries to latest versions

2010-08-26  Update and Corrections

	1. Content-Disposition will be set with filename if available.

    2. Update to bat shell program.
    
    3. Added two new parameters connecttimeout and readtimeout to the 
     two processors: AS2SenderModule and AsynchMDNSenderModule which 
     are defined in the config.xml file. These parameters define 
     timeout values in milliseconds for each respective function.  
     The parameters are optional and the default value for each is 
     30000.       

2009-10-18  Corrections

	1. Fix in AS2SenderModule.java. For some AS2 servers send MIC and 
	algorithm separated by comma only (no space).
	
	2. Fix in AsynchMDNSenderModule .  When verifying the command in 
	the canHandle method code should be using constant DO_SENDMDN.
	

2009-09-10  Update  -  Common Logging.

Added the Apache Group commons logging library to allow the
use of other logging packages like log4j and Sun's Java logging
implentation, along with the OpenAS2 logging.  

Side effects -
	1. These changes required replacing all log requests to use the 
	Common Logging log call. This includes changing the Level of the 
	log and Level description.
	
    2. If you continue to use the OpenAS2 logging package you must 
    include  -Dorg.apache.commons.logging.Log=org.openas2.logging.Log 
    in your startup call or as a property in the commons-logging.properties 
    file.  See http://commons.apache.org/logging/guide.html#commons-logging-api.jar
    for more information.

    3.  If you use any other logging package you MUST remove the 
    loggers node and its logger subnodes from the config.xml file.


2009-05-07 - Update and Corrections

Both Sender classes now accpet all 200 HTTP response codes from 
receiver.

2009-04-28 - Update and Corrections

Placed the unstable code into the stable code.  We all have been using this code
for sometime now so it must be stable.

Corrected the start-openas2 scripts in the sample-setup.

Note - you may want to try the new BC mail and provider classes available at BouncyCastle.org.
As of today BC is version 143.

Added a new attribute to the parntership node to allow specifying Content-Transfer-Encoding.


Corrected the following bugs
 2716888  	remove folding from HTTP headers
 2660947 	OpenAS2 uses incorrect RFC2822 date format
 2615775 	OpenAS2 allows malicious sender to overwrite files
 2609279 	Poor parsing of mic's

Applied the following patches
 2727470  	Optional extraction of encoded message content with headers
 2723552 	$msg.content-disposition.filename$ has incorrect filename
 2715448 	Compatibility with nuBridges e-commerce AS2
 2662179 	Outbound Async MDN's are saved but not sync MDN's
 2656852 	Saved MDN format puts text first. Last would be better
 2616405 	CompositeParameters exposes itself
 2615919 	Get rid of some little used code
 2612760 	Cope with Transfer-Encoding: chunked
 2593257 	allow setting of Content-Type from attributes
 2593214  	Allow per-partneship definition of message-id  

2009-01-09 - Updates and Corrections

Fix problem w/ CYCLONE MDN responses.
  
2008-06-13 - Updates and Corrections

Corrected message header date reporting.  

AS2ReceiverHandler not appending new line character.

Organized some import statements.

2008-05-13 - Updates and Corrections

Added missing toXML method from CommandResult class.

Replaced use of StringTokenizer with CommandTokenizer.


2008-03-18 - Updates and Corrections

Added a logging statement so that incoming message ids can be 
associated with the stored file name.

Corrected stored file naming issue.  

    Allows the use of the content-disposition filename to be used in
    the stored filename specification in config.xml MessageFileModule
      example...
        filename="%home%\inbox\$msg.content-disposition.filename$"
      note new system variable $msg.content-disposition.filename$
      
	In 2007-03-31 release if content-disposition contained the filename
	this filename was used to create the stored filename ignoring the 
	filename specification in the config.xml file.   


2008-01-08 - OpenAS2 With A Web Front-End 

This release contain the final changes to set up a web-based front end 
to OpenAS2.  The underlying AS2 engine has not changed, only the 
commands and setup files.

A SocketLoggerClass has been added and an entry must be present
in the config.xml. The logger entry is a subnode of the loggers node.
The ipaddr/portid is the address where the OpenAS2Server sends logging 
information.  Note: If using the web front end the servlet listens 
here.  For more information see the OpenAS2 Remote package.
		<logger classname="org.openas2.logging.SocketLogger"
		    ipaddr="127.0.0.1"
			portid="999"/>	

As noted below, the SocketCommandProcessor entry in the config.xml file 
has changed.  Two new nodes are added (userid and password).  See 
example below:
	<commandProcessors>
	  <commandProcessor classname="org.openas2.cmd.processor.StreamCommandProcessor"/>
	  <commandProcessor classname="org.openas2.cmd.processor.SocketCommandProcessor"  portId="4321"
	    userid="userID" password="pWd"/>
	</commandProcessors>
These values are used to logon to the socket command processor from a
remote terminal or webpage.


2007-08-28 - Preparing OpenAS2 For Web Front-End 

This release contain changes to set up a web-based front end to OpenAS2.
The underlying AS2 engine has not changed, only the commands and setup 
files.

A new CommandProcessor has been added.  This command process, which 
accepts a command as a single line string like the StreamCommandProcessor,
gets its commands from a TCP/IP socket hence its name 
SocketCommandProcessor.

Also new commands have been created to allow command line edits to the 
partnership.xml file.  It is recommended that you continue to maintain 
the partnership.xml file with a standard editor.

The "part" command has been replaced by "partnership".

1.  Changes to config.xml.  The commandProcessor is now a subnode of a
new node named commandProcessors. OpenAS2 now supports multiple command 
processors.  Only one command processor is required, though the package 
does not check to see if no processors are defined.  You may comment 
out one of the commandProcessor nodes - most likely the 
SocketCommandProcessor.

	<commandProcessors>
	  <commandProcessor classname="org.openas2.cmd.processor.StreamCommandProcessor"/>
	  <commandProcessor classname="org.openas2.cmd.processor.SocketCommandProcessor"  portId="4321"
	    userid="useridhere" password="anotsocrypticpassword"/>
	</commandProcessors>

Also, commandProcessors have been changed to be running as a thread 
within the OpenAS2Server.


2.  Changes to commands.xml.  The commands affecting the partnership.xml 
file have been expanded to allow full editing - basically commands to  
list, view, add and delete.  Also there is a command to save the 
changes to the partnership.xml file.

	<multicommand name="partner"
		description="Partner commands">
		<command classname="org.openas2.app.partner.ListPartnersCommand"/>
		<command classname="org.openas2.app.partner.AddPartnerCommand"/>
		<command classname="org.openas2.app.partner.DeletePartnerCommand"/>
		<command classname="org.openas2.app.partner.ViewPartnerCommand"/>
	</multicommand>
	<multicommand name="partnership"
		description="Partnership commands">
		<command classname="org.openas2.app.partner.RefreshPartnershipsCommand"/>
		<command classname="org.openas2.app.partner.ListPartnershipsCommand"/>
		<command classname="org.openas2.app.partner.AddPartnershipCommand"/>
		<command classname="org.openas2.app.partner.DeletePartnershipCommand"/>
		<command classname="org.openas2.app.partner.StorePartnershipsCommand"/>
		<command classname="org.openas2.app.partner.ViewPartnershipCommand"/>
	</multicommand>
	
3.  A new "external" package org.openas2.remote has been added. 
Eventually the package will be the front-end to the web-based 
application.  Presently it contains a simple interface to pass commands 
to the SocketCommandProcessor. 	
 
    Refer to the source program CommandLine for more information.
    
4.  About the SocketCommandProcessor messages are sent as single lines 
via a predefined port.  The format of the messages are: 
	<command id="useridhere" password="anotsocrypticpassword">cert list</command>
	

5.  Several modules in the org.openas2.app package have been moved to a 
new package named org.openas2.cmd.

---

2007-06-01 - Added ability to include the filename in http headers

1.  Changes to config.xml, node: processor, subnode: module.
    
    1.a New attribute for AS2DirectoryPollingModules to specify if 
    the filename is to be included in the headers. Any value other than
    "true" will be considered false.
      	<module classname="org.openas2.processor.receiver.AS2DirectoryPollingModule"
			outboxdir="%home%\toAny"
			errordir="%home%\toAny\error"			
			interval="5"			
			delimiters="-."
			format="sender.as2_id, receiver.as2_id, attributes.fileid"			
			mimetype="application/EDI-X12"
			sendFileName="true"/>

    1.b Affected modules:
      org.openas2.processor.receiver.DirectoryPollingModule
      org.openas2.processor.storage.BaseStorageModule
      org.openas2.processor.storage.MessageFileModule
      
2.  Used the Eclipse UI to eliminate unused Java imports. Too many 
	affected modules to list.

3.  Structure of download package changed.  Removed samples-setup. 

---

2007-04-03 - Bug fix for Asynch MDN

1.  Put the OpenAS2 classes into jar file. OpenAS2-20070402.jar

2.  Placed jar file in sample-startup bin directory.

3.  Updated windows start-openas2.bat commands file

---

2007-04-02 - Bug fix for Asynch MDN 

1.  AS2MDNReceiverHandler - pendinginfo file not deleted. Bad path 
    string.

---

2007-03-31 - Updated for Asynch MDN

Note: The Asynchronous MDN sender and receiver do not work with SMTP 
protocol.

Several changes:

  1.  Changes to partnerships.xml file.
  
    1.a  New attribute in partnership node, to specify url to your 
    server receives asynchronous MDN responses.
    
      ex:     <attribute name="as2_receipt_option" value="http://xxxxxxx:10081"/>
      
  2.  Changes to config.xml file.
  
    2.a  New attributes to processor node, specifies file system 
    directories where your server stores pending asynchronous MDN 
    responses.  When your trading partner returns the asynch mdn the 
    server uses file stored in these directories to verify MDN 
    response.
    
    ex:	    pendingMDN="%home%/pendingMDN3"
    	    pendingMDNinfo="%home%/pendinginfoMDN3">
    	    
    2.b  New module node which hangs off of the processor node.  
    Specifies the class and port number that handles incoming 
    Asynchronous MDN responses.
    
    ex:	<module classname="org.openas2.processor.receiver.AS2MDNReceiverModule"			
          port="10081"/>
          
  3.  Source code changes.
  
     Too many to list.  But primarily new classes added to handle 
     outgoing and incoming Asynchronous MDNs.