Release 4.1.1

Signer certificate for the EU List of eIDAS Trusted Lists (LOTL) was changed on 25.03.2021. This resulted in failure to sign or validate signatures with DD4J version 4.1.0.

Current version of DD4J (4.1.1) must be used to ensure that signing and signature validation works.

It is also possible to create a new custom keystore according to https://github.com/open-eid/digidoc4j/wiki/Questions-&-Answers#how-to-add-trust-for-new-eu-tsl-signing-certificates.

Summary of the major changes since 4.1.0

• Updated LOTL signer certificates in truststore

Known issues

• We have noticed a decrease in performance with the introduction of properly accessing AIA certificate resources
• Opening a container that contains signatures, triggers TSL loading (TSL lazy loading does not work as expected)
• While upgrading from versions older than 2.1.1 be sure that your integration :
  • doesn't use Xalan or XercesImpl dependencies
  • uses a patched Java version (JDK8 or higher)
    Xalan and XercesImpl were used to patch XML vulnerabilities in older java versions. They should be discarded with higher versions because they override default Java XML security.
    If it is not possible to remove Xalan, then you can set your system property to override TransformerFactory : System.setProperty("javax.xml.transform.TransformerFactory","com.sun.org.apache.xalan.internal.xsltc.trax.TransformerFactoryImpl");