Harmony eDelivery Access - Access Point v2.2.1 Release Notes

Release Info

Version number	2.2.1
Release date	16.11.2023
Supported versions	Access Point 2.2.1 2.1.0 2.0.0
Supported platforms	Access Point Ubuntu 20.04 LTS Ubuntu 22.04 LTS Docker
Official documentation	https://github.com/nordic-institute/harmony-common
Source code	https://github.com/nordic-institute/harmony-access-point
Software license	EUPL 1.2

On this page:

Changes in This Release

Summary

Update a vulnerability (cve-2023-46604) in a 3rd party dependency.
Minor bug fixes.
Update 3rd party dependencies.

Completed Issues

Issue ID	Type	Summary

Issue ID	Type	Summary
NEDS-155	Fix	Fix an issue that prevented updating Harmony plugin configuration properties using the Access Point UI. The reason for the issue was that the Harmony plugin configuration directory was not writable by the harmony-ap user.
NEDS-155	Fix	Disable payload compression validation by default. When the payload compression validation is enabled, a pmode leg has `compressPayloads` enabled and receiving Access Point has `domibus.payload.decompression.validation.active=true`, message delivery fails with "Decompression exception". The problem occurs when the message payload is sufficiently large.
NEDS-157	Fix	Update ActiveMQ libraries to a version that contains a fix for CVE-2023-46604.

Issue types: fix (bug fix or technical debt), improvement (improvement to an existing feature), new (a new feature).

New/Updated Dependencies

Dependency	Old Version	New Version	Notes

Dependency	Old Version	New Version
com.sun.xml.bind:jaxb-impl	2.3.8	2.3.9
org.apache.activemq:activemq-broker	5.16.6	5.16.7
org.apache.activemq:activemq-client	5.16.6	5.16.7
org.apache.activemq:activemq-jaas	5.16.6	5.16.7
org.apache.activemq:activemq-kahadb-store	5.16.6	5.16.7
org.apache.activemq:activemq-spring	5.16.6	5.16.7
org.apache.santuario:xmlsec	2.3.3	2.3.4
org.apache.wss4j:wss4j-ws-security-common	2.4.2	2.4.3
org.springframework.security:spring-security-config	5.8.7	5.8.8
org.springframework.security:spring-security-core	5.8.7	5.8.8
org.springframework.security:spring-security-test	5.8.7	5.8.8
org.springframework.security:spring-security-web	5.8.7	5.8.8
org.springframework.session:spring-session-core	2.7.3	2.7.4
org.springframework.session:spring-session-jdbc	2.7.3	2.7.4

Contributors

The following developers have contributed to the development of this release version. A contribution means at least one Git commit that is included in the release.

GitHub Username

GitHub Username
jhyoty

Other Notes

-

Package Repositories

Repository	URL

Repository	URL
Focal	^{deb https://artifactory.niis.org/artifactory/harmony-release-deb focal-current main}
Jammy	^{deb https://artifactory.niis.org/artifactory/harmony-release-deb jammy-current main}
Docker	https://hub.docker.com/r/niis/harmony-ap

Debian Repository Sign Key Details

Download URL	https://artifactory.niis.org/api/gpg/key/public
Hash	935CC5E7FA5397B171749F80D6E3973B
Fingerprint	A01B FE41 B9D8 EAF4 872F A3F1 FB0D 532C 10F6 EC5B
3rd party key server	Ubuntu key server

Packages

Package	SHA256 checksum

Package	SHA256 checksum
harmony-ap_2.2.1-0.ubuntu20.04_all.deb	da00fff48dce9473d2c908ba0ceb99aeb9e96936454f2eac993dd3ad9bae41c6
harmony-ap_2.2.1-0.ubuntu22.04_all.deb	e490958e0a130ade5f587a977194bf72bab4552a691990cc37b0dcfad5ba241e