TSS Update Postponed
The previously announced update of the SIGN DE API on Sunday, June 5, 2022 is postponed. Therefore, the scheduled maintenance is no longer necessary and is canceled.
The reason is an bug discovered during testing that can cause updated TSS instances to transition to a permanent secure state. In consequence, the announced actions for 5.6.2022 and 6.6.2022 will not take place. We are analyzing the reason for the problem, and will proceed with fixing it. This will require a recertification of the SMAERS. A new update date will be announced in advance once the process is complete.
FAQ of Postponed Update
Below you can find answers to some questions you may have on the postponed TSS update.
Does the postponed update affect my operation of SIGN DE?
Customers will feel no impact from the postponement of the update. The presently running certified TSS version (
1.0.5-1.2.0) is stable and works reliably.
The changes in the updated versions concern further improvements in stability, but are not critical for the normal operation of the SIGN DE API.
Why was the update postponed?
During the extensive testing in our
TEST environment, a bug was detected. Under certain circumstances, this bug results in some of the SMAERS instances that were updated from version
1.0.5 to version
1.0.6 entering an unrecoverable secure state.
‘New’ SMAERS instances, that were created in version
1.0.6, are not affected by this bug. No problems have been detected with the new CSPL version
Fixing this problem is only possible by changing the implementation of our SMAERS, which means that it has to undergo a recertification process before it can be deployed to production. As a result, the planned update has to be postponed until that process is completed.
What is the impact of the postponed update?
The postponement affects the update of the TSS in the
LIVE environment. In
TEST, which has already been updated, the TSS version
1.0.6-1.3.0 will continue to run for testing purposes. This means that:
LIVEenvironment, the TSS version will remain at
1.0.5-1.2.0(the ‘old’ version). This means that for the customers, nothing will change compared to now.
TESTenvironment, the TSS version will remain at
1.0.6-1.3.0(the ‘updated’ version). As the environment is set up to create new TSS instances only in this version, the bug will not affect customers' TSS instances in the
TESTenvironment. The behaviour of this version from a customer perspective is indistinguishable from the previous version, meaning that the ‘updated’ TSS instances will behave the same as the ‘old’ ones. No tests or other customer-side integration will be affected, apart from the presence of the updated TSS version in the
info.csvfile of TSS exports.
Why was the problem not detected earlier?
Despite extensive automated and manual testing, the bug was not detected during development or certification because the specific circumstances that triggered it were difficult to anticipate and test for in advance. The complexity of the TSS is such that some behaviors are rare and will only be detectable in large-scale and highly dynamic environments.
However, this was precisely why an extended period of testing in
TEST environment, which more closely approximates the conditions and behavior of our
LIVE environment, was planned for before the update in
LIVE environment took place.
Will the update still take place in the future?
The changes incorporated in TSS version
1.0.6-1.3.0 will be part of the next update, which will take place once the SMAERS recertification is complete, leading to a new SMAERS version (
1.0.x). The update will then upgrade the TSS version in
TEST environment and
LIVE environment to version
It is difficult to estimate how much time the development and recertification effort will require, but the anticipated delay is in the order of at least a few months. Should an update date be decided upon, we will notify customers in advance in the same manner as we did for this update.
Why not update the CSPL, if it has no problems?
The TSS certification process requires the separate certification of both the individual component versions (SMAERS and CSPL) as well as their combination (i.e., the TSS as a whole). Hence we are not allowed to update only the CSPL, as this would lead to the TSS instances in
LIVE environment being in an uncertified version (
Best, the fiskaly SIGN DE Team