2.5.8 (23-January-2025)
Improved MDLP server certificate validation check
Fixed issues with MDLP method execution delays, introduced new parameters
| Code Block |
|---|
"delays": {
...
"lockTimeInMilliseconds": 10000, // default delay between simultaneous MDLP calls, in ms
"pollCryptoContainerLimit": 15000, // maximum wait time between concurrent MDLP calls, in ms
"pollCryptoContainerAttemptDelay": 20 // delay before attempting to check for timeout values, in ms
} |
Refactoring and code optimization to support Java 17+
Vulnerability issues fixes (CVE-2024-47554, CVE-2023-42809, CVE-2023-34462, CVE-2024-47535, CVE-2024-8184, CVE-2023-26048, CVE-2024-6763, CVE-2023-26049)
2.5.2 (08-November-2024)
Java 17 compatible
small refactoring
2.4.18 (08-August-2024)
whitelist disabled by default
| Code Block |
|---|
"server": {
"inboundConfiguration": {
"whitelisting": ["IP1", "FQDN1", "IP2"]
},
"outboundConfiguration": {
"headers": [
{ "name": "XXX", "value": "ZZZZ" },
{ "name": "YYY", "value": "AAAA" }
]
}
} |
2.4.13 (22-March-2024)
CryptoPro CRL validation settings from .userPrefs
Analytic Data methods MDLP API 11.x implemented
minor fixed
2.2.14 (01-December-2023) (service 2.2.13)
Minor fix for processing responses with unknown Content-Type header, for ex. MDLP API 11.5
| Code Block |
|---|
"mdlp": {
"api_requests_with_binary_response": [".*/data/export/results/[a-zA-Z0-9-]+/file.*"], |
2.2.7 (9-July-2023) (service 2.2.10)
Ticket request method set to MDLP API 5.19
2.2.4 (31-May-2023) (service 2.2.7)
Communication with MDLP regulator system for manual signature support implemented,
useManualSignparameter to use in configuration for enabling the manual sign logicOn-premises scripts refactored and optimized for Linux/Windows platforms
Minor refactoring and logging optimization done
2.2.3 (17-Apr-2023)
Prometheus metrics port bug fixed
2.2.1 (23-Mar-2023)
Parameters where added to fix undocumented behavior of the MDLP API when 5.18 responds with
{total:0}: the maximum number of repeated requests and the time in seconds before sending NO_DOCUMENT_IN_MDLP status to ATTP
| Code Block |
|---|
"scheduler": {
"update_document_status": {
"dead_lock_retry": "20",
"dead_lock_delay": "10800" |
2.0.0 (20-Feb-2023)
Windows on-premisses run scripts modified, YAJSW dependencies removed
Unix on-premisses run scripts modified
GostTLS context initialization bug fixed
SAP ATTP HTTP client extended with custom headers (provided via configuration):
| Code Block |
|---|
{
"http": {
"enabled": true,
"client": {
"headers": {
"test": "123",
"test2": "abc", |
SAP ATTP calls with errors handling improved
log4j2 version updated to the latest stable one
1.6.1670855481 (12-Dec-2022)
Applied dynamic Crypto Provider so no need to edit java.security
Application compatibility from Java 8 to Java 17
Windows version: YAJSW changed to schtasks
Scripts refactoring
Multiple 3Keys Connector instances installation on the same server supported
GOST TLS function minor change
Connector service update requires fresh installation
1.6.1668767675 (18-Nov-2022)
Added global parameters to the "mdlp" section::
mdlpAcceptLanguagefor supporting MDLP "error_description" (Accept-Language header with values ru|en)mdlpTokenLifeTimeallowed range from 120000ms to 36000000ms, default 1740000ms (=29 minutes of inactivity)
| Code Block |
|---|
"mdlp": {
"mdlpAcceptLanguage": "en",
"mdlpTokenLifeTime": 1740000, |
Added support for the participant certificate stored on Rutoken Lite
| Code Block |
|---|
{
"crypto": {
"<ALIAS>": {
"alias": "<ALIAS>",
"keystore_type": "RutokenStore",
"rutoken_id": "<RUTOKEN_SN>",
"password": "<PASSWORD>",
"keystore_path": "",
"trustore_path": "<PATH_TO_ROOT_CERTS_STORE>",
"truststore_comment": "JCP 2.0 R4 trust store is incompatible with older versions",
"trustore_password": "1"
}
} |
Utility API endpoints introduced (available from SAP ATTP via /k3t/ru_mdlp_api report call):
3k/utils/version- actual CRPT Connector (Java part) version,3k/utils/testMdlp- actual MDLP token for the given participant,3k/utils/testCrypto- participant certificate info for the given participant
MDLP 1.38 documents responses changes introduced (e.g., D335_FTS_DATA with extensions)
Response from MDLP about non-resident password failure returns to SAP ATTP intact
Unique e2e execution identification (
executionId) for logging addedlog4j version updated to 2.19 (no known vulnerabilities)
yajsw updated to 13.05
SAP JCo updated to 3.1
1.6.1659959296 (08-Aug-2022)
MDLP 1.37 & 1.38 schemes added with new documents 62x\63x
log4j version updated to 2.17.2 (no known vulnerabilities)
Messages sending to MDLP retry logic bug with 429 HTTP status fixed, mdlpRetryDelaySendMsg config parameter added (1sec default)
utility endpoints added (SaaS v.2)
1.6.1644253888 (07-Feb-2022)
no code changes. Build for Java 11 (SaaS v.2)
1.6.1640126325 (21-Dec-2021)
The Log4j library version updated to 2.17.0 to fix security vulnerabilities
https://logging.apache.org/log4j/2.x/changes-report.html#a2.17.0Retry strategy added for communication with MDLP API
Parameter in “mdlp” section "mdlpRetryCntSendMsg": 5 (default)Logging minor improvements
1.6.1635250199 (26-Oct-2021)
Enhancements for MDLP analytics API added
Changes in config files:
Edit system java.security: comment 4 lines with "GostX509" and "ru.CryptoPro.ssl.SSLSocketFactoryImpl"
or copy and edit local java.security: comment all "GostX509" and "ru.CryptoPro.ssl.SSLSocketFactoryImpl"
edit conf/wrapper.conf: add wrapper.java.additional.1=-Djava.security.properties=="C:\3keys\mdlp-connector\java.security" edit testMDLP.bat: add -Djava.security.properties=="C:\3keys\mdlp-connector\java.security"for non-residents nrz.api.sb.mdlp.crpt.ru \ nrz.api.mdlp.crpt.ru add:
"nrz.api.sb.mdlp.crpt.ru" OR "nrz.api.mdlp.crpt.ru", "useRsaTls": true, "webdav": { "protocol": "https" }
1.6.1626159071 (13-Jul-2021)
CryptoProCli for installed certificates testing added
Minor fix for updating MDLP message processing status
Due to an issue in API 5.17 for the old (> 30 days) doctype 200 (ticket), API 5.19 additionally applies.
1.6.1622484348 (31-May-2021)
...