v1.6.0

What's Changed

• Bump commons-io:commons-io from 2.11.0 to 2.14.0 by @dependabot[bot] in #27
• Bump SonarSource/sonarqube-scan-action from 5.3.1 to 6.0.0 in /.github/workflows by @dependabot[bot] in #29
• Bump org.bouncycastle:bcpkix-jdk18on from 1.75 to 1.78.1 by @dependabot[bot] in #24
• Bump org.bouncycastle:bcpkix-jdk18on from 1.78.1 to 1.79 by @dependabot[bot] in #31
• October 2025 security updated and sonar cloud scanner version bump up by @thomas4v in #30
• fix(ci): replace broken SonarCloud CLI scanner with Maven-based analysis by @Copilot in #33
• Develop by @phaupt in #32
• Fix three CodeQL code scanning alerts: insecure hostname verification and XXE by @Copilot in #35
• Enable FEATURE_SECURE_PROCESSING on TransformerFactory in SoapTrafficHandler by @Copilot in #36
• Bump com.fasterxml.jackson.core:jackson-core from 2.15.0 to 2.18.6 by @dependabot[bot] in #37
• Bump org.bouncycastle:bcprov-jdk18on from 1.80 to 1.84 by @dependabot[bot] in #42
• Bump org.bouncycastle:bcpkix-jdk18on from 1.80 to 1.84 by @dependabot[bot] in #41
• App2App additional service implementation (#39) by @thomas4v in #40

New Contributors

• @Copilot made their first contribution in #33

Full Changelog: v1.5.7...v1.6.0

v1.5.7

Release 1.5.7 changes:

• New Req:

  • SignatureValidatorImpl changes for new dtbs format as json and mimeType "application/vnd.mobileid.txn-approval"

• Dependecies:

  • Bumps com.fasterxml.jackson.core:jackson-core from 2.14.0 to 2.15.0.
  • Bumps SonarSource/sonarqube-scan-action from 5.2.0 to 5.3.1.
  • Bumps ch.qos.logback:logback-classic from 1.4.12 to 1.5.18
  • Bumps org.bouncycastle:bcutil-jdk18on to 1.78.1

• Bug fixes:

  • Typo in countryBlackList (#19)

• Thanks for contribution:

  • @https://github.com/loicmonney

v1.5.6

Add support for geofencing custom policy
Bump org.bouncycastle:bcpkix-jdk18on from 1.75 to 1.78

v1.5.5

Add support for sslContext configuration for mid-java-client-rest via sslContext property in TlsConfiguration instance.
Introduced "geofencing" parameter to be used with SignatureRequest via cli. The change ensures geofencing data is returned
only when the geofencing parameter in the cli is explicitly set.
Introduced get-mid-sn query/param for cli interface to retrieve Mobile ID serial number, exposed getMIDSerialNumber method
via SignatureValidator interface for programmatically retrieving mentioned property.

v1.5.4

Update the httpclient5 to latest version 5.2.1

v1.5.3

Fixed hardcoded SSLContext for soap client, modify TLSConfiguration implementation to accept SSLContext parameter.
Changed the Bouncy Castle Provider from bcprov-jdk15on to bcprov-jdk18on and update it and woodstox-core libraries to newer versions.

v1.5.2

Update most of the libraries to their latest versions. Fix two vulnerabilities reported by Dependabot for the Jackson Databind libraries.

v1.5.1

Update the jackson-databind and woodstox-core libraries to newer versions to overcome the vulnerabilities reported by Sonatype Lift.

v1.5.0

Add support for signature validation, after a mobile signature is successfully created.
Add a new component that can be configured separately for validating the signing certificate, the certificate path, the actual signature and the DTBD/DTBS that was signed.
Add support for signature validation to the CLI mode.

v1.4.0

No changes since v1.4.0-beta2.
Since 1.3.0, proxy configuration capabilities were added to the REST and SOAP protocols. Now the Mobile ID client can be configured to connect to the Mobile ID backend via an HTTP proxy, with or without Basic authentication. This works both for command line and for programmatic mode.