/
Harmony eDelivery Access - Access Point v2.6.0 Release Notes

Harmony eDelivery Access - Access Point v2.6.0 Release Notes

Release Info

Version number

2.6.0

Release date

14.08.2025

Supported versions

Access Point

  • 2.6.0

  • 2.5.0

  • 2.4.0

Supported platforms

Access Point

  • Ubuntu 24.04 LTS

  • Ubuntu 22.04 LTS

  • Ubuntu 20.04 LTS

  • Docker

Official documentation

https://github.com/nordic-institute/harmony-common

Source code

https://github.com/nordic-institute/harmony-access-point

Software license

EUPL 1.2

On this page:

Changes in This Release

Summary

  • Replace the Access Point Docker image startup system to improve process supervision, flexibility, and maintainability.

  • Merge changes from European Commission's Domibus 5.1.7, 5.1.8, and 5.1.9 into Harmony Access Point.

  • Fix database index creation issues in migration scripts to ensure correct behaviour across different database systems.

  • Correct an error in the monitoring alert template caused by missing fields.

  • Enhance date parsing to support additional valid xsd:dateTime formats with non-standard fractional seconds.

  • Introduce a Logstash Logback appender for direct network log sending from Access Point.

  • Update 3rd party dependencies.

 

Environment Variables Changes in the Docker image

Some environment variables have been renamed or changed in this version. When upgrading from a previous release, it is recommended to review the complete environment variables reference in the documentation.

Infinispan Library Vulnerability Advisory

Please note that this release of Harmony AP uses the org.infinispan library, which contains a vulnerability (CVE-2025-0736) in the following configuration that should be avoided:

The vulnerability occurs when cluster nodes discover each other via a shared database (JGroups with JDBC_PING), instead of using multicast (UDP) or static configurations.

The default configuration of the org.infinispan library in Harmony AP is not exposed to this vulnerability.

 

Completed Issues

Issue ID

Type

Summary

Issue ID

Type

Summary

NEDS-205

Improvement

Replace the existing Access Point Docker image startup system with s6-overlay, introducing a more modular and maintainable structure. The image now supports a wider range of configuration parameters, allows custom certificates and configurations, and works in clustered environments with or without a shared file system. The build process now produces images for both ARM and AMD architectures. Documentation has been fully updated to reflect the new configuration options and deployment scenarios.

NEDS-209

Improvement

Merge changes from European Commission's Domibus 5.1.7 into Harmony Access Point.

  • Upgrade CXF to the latest compatible version

  • Fix issue with missing receipt notification

Copied from the Domibus 5.1.7 release notes published by the European Commission.

NEDS-209

Improvement

Merge changes from European Commission's Domibus 5.1.8 into Harmony Access Point.

  • Add new optional attribute asyncNotification to the leg configuration in the Pmode. If this boolean attribute is set then, if true, it enables asynchronous processing of notifications, or, if false, it makes processing notifications synchronously. When the attribute is set, it overrides the plugin's behavior. If the attribute is not present on the leg, then the plugin's behavior is used as before.

  • Fix issue with PULL error received when sending pull request for an already-known party after sending the test message.

  • Fix issue with pull locking mechanism on Oracle causing delays under high concurrency.

  • Fix error receiving the pull receipt in a non-separator configuration.

  • Enable throttling when no message to be pulled.

  • Enhance business logs.

  • Fix issue with JMSCorrelationId not set in replyMessages.

  • Fix issue with message status changed notification when delete_message_metadata="true".

  • Fix issue with Oasis SMP 1.0/2.0 documents not parsed with root element with prefix.

  • Ensure that thread Authentication context is cleaned after finishing thread tasks.

  • Conduct OWASP vulnerabilities scan and update libraries.

  • Message payloads on the filesystem are not deleted when partitions are dropped.

  • Improve DSS settings related to HTTP downloads.

  • Add quartz properties to help the job management in a clustered environment: domibus.quartz.jobStore.misfireThreshold & domibus.quartz.jobStore.acquireTriggersWithinLock

  • Add new property in Domibus to enable/disable the trust verification, set to true by default: domibus.extension.iam.trust.enabled

Copied from the Domibus 5.1.8 release notes published by the European Commission.

NEDS-209

Improvement

Merge changes from European Commission's Domibus 5.1.9 into Harmony Access Point.

  • Added new properties domibus.msh.retry.maxMessageCount and domibus.messages.stuck.maxMessageCount to limit the number of messages that can be retried in a single run. They are useful to prevent excessive load on the system when there are many messages in the WAITING_FOR_RETRY or SEND_ENQUEUED status.

  • Merged the deprecated ongoing messages sanitizer with the newer unsent messages sanitizer job

  • Improved logic of the retry worker to ignore the retry policies of PULL messages and to avoid conflicts with the sanitizer job

  • Added new properties in Domibus to limit the maximum number of days taken into account for the earchiving jobs

  • Added possibility to opt-out from eArchiving-related alerts

  • Added new properties domibus.diagnostics.cron and domibus.diagnostics.list for configuring regular diagnostics data in the logs (by default diagnostics are disabled)

  • Fixed error preventing the user from clicking 'Resend all' in the Messages page of the Admin Console

Copied from the Domibus 5.1.9 release notes published by the European Commission.

NEDS-210

Fix

Address issue in database migration scripts where certain indexes were not created correctly due to invalid syntax. The updated scripts now ensure indexes are generated as intended across supported database systems, preventing potential data integrity and performance issues during operation.

NEDS-213

Fix

Fix a runtime error in the monitoring alert template that occurred when a required status field was missing. The event generation logic now ensures all necessary fields are included, allowing alerts to be sent reliably in all scenarios.

NEDS-214

Fix

Enhance the handling of xsd:dateTime values by adding support for valid timestamps that contain fractional seconds with non-standard precision, such as .7Z or .75Z. A new property, domibus.datetime.pattern.onreceiving.useStandardFormat (disabled by default), has been introduced. When enabled, dates in incoming AS4 messages are validated against the official xsd:dateTime specification, ignoring the pattern defined in the domibus.datetime.pattern.onreceiving property.

NEDS-199

New

Introduce a Logstash Logback appender to Access Point, providing a direct and efficient method of sending logs over the network without relying on filesystem-based log collection or external logging drivers. This feature is available for both Docker and Linux package deployments. As part of this update, the example environment demonstrating centralized logging with an ELK stack has been updated to use the new Logstash appender.

Issue types: fix (bug fix or technical debt), improvement (improvement to an existing feature), new (a new feature).

New/Updated Dependencies

Dependency

Old Version

New Version

Notes

Dependency

Old Version

New Version

Notes

ch.qos.logback:logback-classic

1.3.14

1.3.15

 

ch.qos.logback:logback-core

1.3.14

1.3.15

 

com.fasterxml.jackson.core:jackson-annotations

2.14.3

2.15.4

 

com.fasterxml.jackson.core:jackson-core

2.14.3

2.15.4

 

com.fasterxml.jackson.core:jackson-databind

2.14.3

2.15.4

 

com.fasterxml.jackson.datatype:jackson-datatype-jdk8

2.14.3

2.15.4

 

com.fasterxml.jackson.datatype:jackson-datatype-jsr310

2.14.3

2.15.4

 

com.hazelcast:hazelcast

5.3.6

5.3.8

 

com.hazelcast:hazelcast-spring

5.3.6

5.3.8

 

commons-beanutils:commons-beanutils

1.9.4

1.11.0

 

commons-fileupload:commons-fileupload

1.5

1.6.0

 

commons-io:commons-io

2.14.0

2.17.0

 

net.logstash.logback:logstash-logback-encoder

-

7.4

 

org.apache.activemq:activemq-broker

5.16.7

5.16.8

 

org.apache.activemq:activemq-client

5.16.7

5.16.8

 

org.apache.activemq:activemq-jaas

5.16.7

5.16.8

 

org.apache.activemq:activemq-kahadb-store

5.16.7

5.16.8

 

org.apache.activemq:activemq-spring

5.16.7

5.16.8

 

org.apache.commons:commons-lang3

3.14.0

3.18.0

 

org.apache.commons:commons-vfs2

2.9.0

2.10.0

 

org.apache.cxf:cxf-core

3.5.9

3.5.11

 

org.apache.cxf:cxf-rt-bindings-soap

3.5.9

3.5.11

 

org.apache.cxf:cxf-rt-features-logging

3.5.9

3.5.11

 

org.apache.cxf:cxf-rt-frontend-jaxws

3.5.9

3.5.11

 

org.apache.cxf:cxf-rt-security

3.5.9

3.5.11

 

org.apache.cxf:cxf-rt-transports-http

3.5.9

3.5.11

 

org.apache.cxf:cxf-rt-transports-local

3.5.9

3.5.11

 

org.apache.cxf:cxf-rt-ws-policy

3.5.9

3.5.11

 

org.apache.cxf:cxf-rt-ws-security

3.5.9

3.5.11

 

org.apache.cxf:cxf-rt-wsdl

3.5.9

3.5.11

 

org.apache.maven.plugins:maven-dependency-plugin

3.6.0

3.8.0

plugin

org.apache.maven.plugins:maven-javadoc-plugin

3.6.0

3.10.1

plugin

org.bouncycastle:bcpkix-jdk18on

1.78

1.80

 

org.bouncycastle:bcprov-jdk18on

1.78

1.80

 

org.codehaus.mojo:license-maven-plugin

2.0.0

2.4.0

plugin

org.infinispan:infinispan-hibernate-cache-v53

13.0.18.Final

13.0.22.Final

 

org.niis.dynamic-discovery:dynamic-discovery-client

2.3

2.4

 

org.owasp:dependency-check-maven

10.0.4

12.1.3

plugin

Contributors

The following developers have contributed to the development of this release version. A contribution means at least one Git commit that is included in the release.

GitHub Username

GitHub Username

petkivim

raits

diemartin

Other Notes

Package Repositories

Repository

URL

Repository

URL

Focal

deb https://artifactory.niis.org/artifactory/harmony-release-deb focal-current main

Jammy

deb https://artifactory.niis.org/artifactory/harmony-release-deb jammy-current main

Noble

deb https://artifactory.niis.org/artifactory/harmony-release-deb noble-current main

Docker

https://hub.docker.com/r/niis/harmony-ap

Debian Repository Sign Key Details

Download URL

https://artifactory.niis.org/api/gpg/key/public

Hash

935CC5E7FA5397B171749F80D6E3973B

Fingerprint

A01B FE41 B9D8 EAF4 872F A3F1 FB0D 532C 10F6 EC5B

3rd party key server

Ubuntu key server

Packages

Package

SHA256 checksum

Package

SHA256 checksum

Docker image niis/harmony-ap:2.6.0

Multi-arch manifest: 67712bb6a6678f34e786b404fc43614747b3400c748373815b11f6586ea9cad0

  • linux/amd64: b9ca54ced857fa38de560407dfdb60a831dfd64a7b79a6254fb653f25170ac5c

  • linux/arm64: cfd83d18e56adbf921f90494713c783aa7a38b83d1dfcf1fd75a089ba903b4b0

harmony-ap_2.6.0-0.ubuntu24.04_all.deb

fc4d1783c989322aa6dada8efa1203bfa8d02d652339129e80cc4f213ce575d0

harmony-ap_2.6.0-0.ubuntu22.04_all.deb

1a0d90320dd294606fbe310a9035e64408f3a541210adf84c12076e5c2bde9bb

harmony-ap_2.5.0-0.ubuntu20.04_all.deb

aa7221e27bf300925c5d50049fbf6aae0852b90ddfa9343e1ac07fe9538846c7