kinegram.digital

Appearance

Changelog

1.16.3

  • Do not log WebSocket close race condition as error
  • Update CSCA master list

1.16.2

  • Do not log client disconnect as errors
  • Update CSCA master list

1.16.1

  • Update Docker base image and some dependencies

1.16.0

  • Add optional support for signing webhook messages

1.15.5

  • Internal changes for our SaaS deployment (no changes for on-premise users)

1.15.4

  • Fix issue with empty RESULT_SERVER_URLS

1.15.3

  • Internal changes for our SaaS deployment (no changes for on-premise users)

1.15.2

  • Fix DG2 face image extraction of malformed Qatar passports

1.15.1

  • Fix monitoring logs not having validation_id MDC field

1.15.0

  • Add MDC (Mapped Diagnostic Context) fields to log messages
    • trace_id: OpenTelemetry trace ID
    • validation_id: The validation ID from the client's start message
  • Update default Logback configuration to display MDC fields conditionally
  • Remove hardcoded Session <id>: from logs in favor of MDC fields

1.14.3

  • Fix handling access control failures on v1

1.14.2

  • Improve access key validation

1.14.1

  • Improve access key validation

1.14.0

  • Add support for Prometheus metrics (see Telemetry documentation for more information)

1.13.3

  • Fix a bug introduced in 1.13.2 that the server always responds with a POST_TO_RESULT_SERVER_FAILED when no result server is configured.

1.13.2

  • Include missing CLOSE message in OTEL traces
  • Update CSCA master list

1.13.1

  • Update version of internal dependencies
  • Switch Docker base image from eclipse-temurin:17-jre-alpine to amazoncorretto:17-alpine

1.13.0

  • Add support for new new ISO/IEC 39794-5 DG2 format

1.12.0

1.11.3

  • Fix PA on passports with malformed certificate (e.g., lebanese passports)
  • Update CSCA master list

1.11.2

  • Fallback to non-SFI mode on errors when reading DG1 in SFI mode
  • Extend data captured during diagnostic sessions

1.11.1

  • Increase idle timeout for websocket

1.11.0

  • Introduce retry and timeout mechanic for result messages
    • Posting to the result server now has a timeout of 3s instead of waiting indefinitely
    • Failed requests are retried on connection errors as well as 408, 429, and 5xx response codes
  • Extend data captured during diagnostic sessions

1.10.5

  • Use SFI mode to read DG1

1.10.4

  • Fix failing Chip Authentication on certain passports
  • Update CSCA master list

1.10.3

  • Add Vietnam ID master file selection fallback
  • Update CSCA master list

1.10.2

  • Update CSCA master list

1.10.1

  • Fix OTEL logs being logged twice
  • Fix support for multiple master lists
  • Update CSCA master list

1.10.0

  • Extend information in GET /certificate-list endpoint

1.9.3

  • Update CSCA master list

1.9.2

  • Fix active_authentication_result in result message not being sent when unavailable

1.9.1

  • Update CSCA master list

1.9.0

  • Add new monitoring messages to WebSocket v2 protocol for diagnostic sessions

1.8.0

  • Add new WebSocket v2 API
    • Significantly improves reading speed on high-latency internet connections
    • Requires version 2.x of mobile SDKs
  • Deprecate WebSocket v1 API
    • Still available for backwards compatibility with 1.x mobile SDKs

1.7.2

  • Fix duplicate calls to websocket handshake authorization validation endpoint

1.7.1

  • Fix WS_HANDSHAKE_AUTHORIZATION_VALIDATION_ENABLED environment variable not working due to wrong name
  • Update 3rd-party dependencies to their latest version
  • Switch Docker base image from Ubuntu Focal (20) to Alpine Linux
  • Update CSCA master list

1.7.0

  • Add new enable_diagnostics option to websocket start message (supported by the latest versions of the eMRTD Connectors). When enabled, attaches additional diagnostic data to OpenTelemetry traces.

1.6.3

  • Fix InvalidKeyException when reading certain passports

1.6.2

  • Update dependency versions (BouncyCastle)

1.6.1

  • Fix reading of Moroccan, Latvian and probably other national ID cards

1.6.0

  • Add new optional feature to handle Authorization header during websocket handshake (see installation guide for more information).
  • Update CSCA master list

1.5.0

  • Add support and documentation for OpenTelemetry
  • Improve and extend logging, tracing and metrics
  • Remove undocumented logging into validation_web_socket.log file if a log directory is mounted. If you relied on this feature, please refer to the new logging documentation for alternatives.

1.4.9

  • Fix optional_data_1 field in MRZ info containing duplicate content

1.4.8

  • Fix issue with Australian ePassports series R from 2023 and newer

1.4.7

  • Add new optional SERVER_NAME environment variable to configure a server name
  • Add new GET /server-info endpoint to get server information (name and version)
  • Deprecate GET /version endpoint

1.4.6

  • Simplify CA certificate configuration with new TRUST_STORE_PATH and TRUST_STORE_PASSWORD environment variables

1.4.5

  • Fix a bug introduced in 1.4.4 where BAC fails on some passports

1.4.4

  • Optimize communication with chip (improves speed)

1.4.3

  • Update CSCA master list
  • Add support for OpenAPI and Swagger (see Install Guide on how to enable them)
  • Add HTTP API endpoint '/actuator/health' for health-checks

1.4.2

  • Add logging for demo clients in on-premise installation

1.4.1

  • Fix NullPointerException when DG14 is not present

1.4.0

  • Update CSCA master list
  • Update JMRTD dependency to the latest version
  • Major internal refactorings

1.3.5

  • Allow overwriting of default trusted certificates for on-premise

1.3.4

  • Set the response headers of the HTTP API endpoint '/version' to allow cross-origin access

1.3.3

  • Verify Not Before date of CSCA certificates
  • Add HTTP API endpoint '/certificate-list' to show supported countries and organizations in documentation

1.3.2

  • Also try SHA1 for Active Authentication ECDSA Signature verification if DG14 includes no ActiveAuthenticationInfo and SHA256 failed (Ukraine passports)
  • Fix invalid ECDSA signature algorithms for Active Authentication
  • Update CSCA master list

1.3.1

  • Default to SHA256 for Active Authentication ECDSA signature verification if DG14 includes no ActiveAuthenticationInfo
  • Update CSCA master list

1.3.0

  • MRZ-Info (TD3 documents): optional_data1 will no longer contain the trailing check digit!
  • Verify SODs with ECDSA-signatures where ASN1-DER-encoded Integers (R / S) have 9+ (instead of 1-8) leading 0 bits.
  • Update CSCA master list
  • Update Dependencies (JMRTD, Bouncy-Castle, Spring-Boot) to their latest version

1.2.39

  • Update CSCA master list

1.2.38

  • Actually include missing JP2-Decoder

1.2.37

  • Parse all kinds of JPEG2000 (JP2) images (face photo)
  • Do not re-encode images that are already in JPEG format
  • Update to Spring-Boot framework to version 3.2.2

1.2.36

  • Update CSCA master list

1.2.35

  • Fix /version endpoint

1.2.34

  • Update CSCA master list
  • Support eMRTDs without Access Control
  • Update to Spring-Boot framework to version 3.2.1

1.2.33

  • Update CSCA master list

1.2.32

  • Update CSCA master list

1.2.31

  • Update CSCA master list
  • Fix Active Authentication (with RSA) bug

1.2.30

  • Update CSCA master list
  • Avoid internal server error if Active Authentication (RSA) fails

1.2.29

  • Update CSCA master list

1.2.28

  • Update CSCA master list

1.2.27

  • Include validationID in server log messages

1.2.26

  • Extend and save logging for WebSocket service
  • Update CSCA master list
  • Update documentation

1.2.25

  • Update CSCA master list
  • Update to Spring-Boot framework to version 3.0.5

1.2.24

  • Update CSCA master list
  • Update to Spring-Boot framework to version 3.0.3

1.2.23

  • Update CSCA master list
  • Use eclipse-temurin:17-jre-focal as base image
  • Update to Spring-Boot framework to version 3.0.2

1.2.21

  • Increase StartMessage-Timeout to 5 seconds

1.2.20

  • Update CSCA master list

1.2.19

  • Update CSCA master list

1.2.18

  • Fix bug in Active Authentication Protocol (WebSocket API)

1.2.17

  • Set Parameter Reference during PACE if Domain Parameters are ambiguous (ICAO 9303 Part 11 Chapter 4.4.4)

1.2.16

  • Update CSCA master list

1.2.15

  • Include binary files (SOD and DataGroups) base64 encoded in the Result JSON Only when WebSocket API is used. Configurable via environment variable.

1.2.14

  • Docker Image has no changes compared to 1.2.13
  • Internal CI and Deployment configuration for the KURZ datacenter "LKIS" was updated

1.2.13

  • Update CSCA master list

1.2.12

  • Update CSCA master list

1.2.11

  • AccessLog: Do not log requests with path "/"

1.2.10

  • Use openjdk:11-jre as base image for Docker container
  • Fix typos in documentation
  • Increase max-idle-time for WebSocket connection

1.2.9

  • Minor improvements to container entrypoint script (start.sh)

1.2.8

  • Configure proxy with environment variables

1.2.7

  • Update CSCA master list

1.2.6

  • Minor additions to the documentation

1.2.5

  • Close WebSocket Connection with proper Close Code if provided Access Key is empty

1.2.4

  • Update and extend documentation
  • Improve WebSocket Interface "ws1/validate"

1.2.3

  • Fix bug that could have resulted in expired document certificates being considered as valid
  • Update CSCA master list
  • Improve Description of CA / AA in Documentation
  • Explicitly mention the Date of Expiry from the MRZ/DG1 in the documentation
  • Add section "Additional JSON Fields may be added in the future" to emrtd_result.md
  • Improve formatting in Documentation
  • Improvements to WebSocket Interface that connects to eMRTD NFC Chips

1.2.2

  • Enable TomCat Access Log
  • Improve Exception handling during "ws1/validate"

1.2.1

  • Add "SIGNATURE_VERIFY_EXCEPTION" as a possible error to passive_authentication_details

1.2.0

  • Add WebSocket Interface for Full Server Verification of eMRTDs
  • Re-encode JPEG2000 Images as normal JPEGs
  • Update CSCA master list

1.1.8

  • Initial version