Versions Compared

Version Old Version 8 New Version Current
Changes made by

Pavel Kanskov

Pavel Kanskov

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

2.5.8 (23-January-2025)

  • Improved MDLP server certificate validation check

  • Fixed issues with MDLP method execution delays, introduced new parameters

Code Block
"delays": {
    ...    
    "lockTimeInMilliseconds": 10000, // default delay between simultaneous MDLP calls, in ms
    "pollCryptoContainerLimit": 15000, // maximum wait time between concurrent MDLP calls, in ms
    "pollCryptoContainerAttemptDelay": 20 // delay before attempting to check for timeout values, in ms
}

  • Refactoring and code optimization to support Java 17+

  • Vulnerability issues fixes (CVE-2024-47554, CVE-2023-42809, CVE-2023-34462, CVE-2024-47535, CVE-2024-8184, CVE-2023-26048, CVE-2024-6763, CVE-2023-26049)

2.5.2 (08-November-2024)

  • Java 17 compatible

  • small refactoring

2.4.18 (08-August-2024)

  • whitelist disabled by default

Code Block
"server": {
    "inboundConfiguration": {
        "whitelisting": ["IP1", "FQDN1", "IP2"]
      },
    "outboundConfiguration": {
       "headers": [
         { "name": "XXX", "value": "ZZZZ" },
         { "name": "YYY", "value": "AAAA" }
       ]
    }
}

2.4.13 (22-March-2024)

  • CryptoPro CRL validation settings from .userPrefs

  • Analytic Data methods MDLP API 11.x implemented

  • minor fixed

2.2.14 (01-December-2023) (service 2.2.13)

  • Minor fix for processing responses with unknown Content-Type header, for ex. MDLP API 11.5

Code Block
"mdlp": {
        "api_requests_with_binary_response": [".*/data/export/results/[a-zA-Z0-9-]+/file.*"],

2.2.7 (9-July-2023) (service 2.2.10)

  • Ticket request method set to MDLP API 5.19

2.2.4 (31-May-2023) (service 2.2.7)

  • Communication with MDLP regulator system for manual signature support implemented, useManualSign parameter to use in configuration for enabling the manual sign logic

  • On-premises scripts refactored and optimized for Linux/Windows platforms

  • Minor refactoring and logging optimization done

2.2.3 (17-Apr-2023)

  • Prometheus metrics port bug fixed

2.2.1 (23-Mar-2023)

  • Parameters where added to fix undocumented behavior of the MDLP API when 5.18 responds with {total:0}: the maximum number of repeated requests and the time in seconds before sending NO_DOCUMENT_IN_MDLP status to ATTP

Code Block
"scheduler": {
  "update_document_status": {
     "dead_lock_retry": "20",
     "dead_lock_delay": "10800"

2.0.0 (20-Feb-2023)

  • Windows on-premisses run scripts modified, YAJSW dependencies removed

  • Unix on-premisses run scripts modified

  • GostTLS context initialization bug fixed

  • SAP ATTP HTTP client extended with custom headers (provided via configuration):

Code Block
{
  "http": {
    "enabled": true,
    "client": {
      "headers": {
        "test": "123",
        "test2": "abc",

  • SAP ATTP calls with errors handling improved

  • log4j2 version updated to the latest stable one

1.6.1670855481 (12-Dec-2022)

  • Applied dynamic Crypto Provider so no need to edit java.security

  • Application compatibility from Java 8 to Java 17

  • Windows version: YAJSW changed to schtasks

  • Scripts refactoring

  • Multiple 3Keys Connector instances installation on the same server supported

  • GOST TLS function minor change

Connector service update requires fresh installation

1.6.1668767675 (18-Nov-2022)

  • Added global parameters to the "mdlp" section::

    • mdlpAcceptLanguage for supporting MDLP "error_description" (Accept-Language header with values ru|en)

    • mdlpTokenLifeTime allowed range from 120000ms to 36000000ms, default 1740000ms (=29 minutes of inactivity)

Code Block
  "mdlp": {
    "mdlpAcceptLanguage": "en",
    "mdlpTokenLifeTime": 1740000,

  • Added support for the participant certificate stored on Rutoken Lite

Code Block
{
  "crypto": {
    "<ALIAS>": {
      "alias": "<ALIAS>",
      "keystore_type": "RutokenStore",
      "rutoken_id": "<RUTOKEN_SN>",
      "password": "<PASSWORD>",
      "keystore_path": "",
      "trustore_path": "<PATH_TO_ROOT_CERTS_STORE>",
      "truststore_comment": "JCP 2.0 R4 trust store is incompatible with older versions",
      "trustore_password": "1"
    }
  }

  • Utility API endpoints introduced (available from SAP ATTP via /k3t/ru_mdlp_api report call):

    • 3k/utils/version - actual CRPT Connector (Java part) version,

    • 3k/utils/testMdlp - actual MDLP token for the given participant,

    • 3k/utils/testCrypto - participant certificate info for the given participant

  • MDLP 1.38 documents responses changes introduced (e.g., D335_FTS_DATA with extensions)

  • Response from MDLP about non-resident password failure returns to SAP ATTP intact

  • Unique e2e execution identification (executionId) for logging added

  • log4j version updated to 2.19 (no known vulnerabilities)

  • yajsw updated to 13.05

  • SAP JCo updated to 3.1

1.6.1659959296 (08-Aug-2022)

...