Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
17 changes: 17 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -1,6 +1,23 @@
# DocuSign Java Client Changelog
See [DocuSign Support Center](https://support.docusign.com/en/releasenotes/) for Product Release Notes.

## [v6.7.0] - eSignature API v2.1-25.4.01.00 - 2026-07-01
### Changed

- Added support for version v2.1-25.4.01.00 of the DocuSign ESignature API.
- Updated the SDK release version.

### Security

- Enforced TLS certificate validation and hostname verification by default using the system's default trust store. Previously, all certificates were trusted without validation.
- Enforced HTTPS-only base paths. `setBasePath()` and `setOAuthBasePath()` now reject `http://` URLs. Use `ApiClient.insecure()` for local testing with HTTP or self-signed certificates.
- Scoped proxy credentials to the configured proxy host and port. Added `setPerConnectionProxyAuth(true)` to opt in to per-connection proxy authentication, avoiding JVM-wide side effects.

### Breaking Changes

- `ApiClient(String basePath)` and `setBasePath(String)` throw `IllegalArgumentException` for `http://` URLs. Migrate to `ApiClient.insecure(basePath)`.
- Removed constructor overloads accepting `boolean perConnectionProxyAuth`. Use the standard constructor followed by `.setPerConnectionProxyAuth(true)`.

## [v6.6.0] - eSignature API v2.1-25.4.01.00 - 2026-01-27
### Changed
- Added support for version v2.1-25.4.01.00 of the DocuSign ESignature API.
Expand Down
50 changes: 49 additions & 1 deletion README.md
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,7 @@ The Docusign SDK makes integrating Docusign into your apps and websites a seamle
- [API Reference](#apiReference)
- [Code Examples](#codeExamples)
- [OAuth Implementations](#oauthImplementations)
- [Security](#security)
- [Changelog](#changeLog)
- [Support](#support)
- [License](#license)
Expand Down Expand Up @@ -57,7 +58,7 @@ This client SDK is provided as open source, which enables you to customize its f
<dependency>
<groupId>com.docusign</groupId>
<artifactId>docusign-esign-java</artifactId>
<version>6.6.0</version>
<version>6.7.0</version>
</dependency>
```
8. If your project is still open, restart Eclipse.
Expand Down Expand Up @@ -94,6 +95,53 @@ For details regarding which type of OAuth grant will work best for your Docusign

For security purposes, Docusign recommends using the [Authorization Code Grant](https://developers.docusign.com/platform/auth/authcode/) flow.

<a id="security"></a>
## Security

This SDK enforces secure-by-default transport behavior:

* **TLS certificate validation** is enforced by default using the system's trust store and default `HostnameVerifier`.
* **HTTPS-only base paths** — `setBasePath()` and the `ApiClient(String basePath)` constructor reject `http://` URLs by default.
* **OAuth base path validation** — `setOAuthBasePath()` also enforces HTTPS.
* **TLS 1.2 required** — The SDK fails fast if TLSv1.2 is not available on the JVM.

### Testing with self-signed certificates or HTTP endpoints

For local development or testing scenarios that require HTTP or self-signed certificates, use the explicit `ApiClient.insecure()` factory:

```java
// HTTP endpoint for local testing
ApiClient client = ApiClient.insecure("http://localhost:8080/restapi");

// Self-signed certificate
ApiClient client = ApiClient.insecure("https://dev-server.local/restapi");

// Insecure client with default base path
ApiClient client = ApiClient.insecure();
client.setBasePath("http://localhost:8080/restapi");
```

> **Warning:** `ApiClient.insecure()` disables TLS certificate validation and hostname verification. Never use in production.

### Proxy authentication

By default, when proxy credentials are set via system properties (`https.proxyUser` / `https.proxyPassword`), the SDK configures a JVM-wide `Authenticator` scoped to the proxy host and port. This preserves backward compatibility with existing enterprise configurations.

If you prefer per-connection proxy authentication (which avoids JVM-global side effects), enable it via the setter before the first request:

```java
ApiClient client = new ApiClient();
client.setPerConnectionProxyAuth(true);
```

Or use the convenience constructor:

```java
ApiClient client = new ApiClient(true);
```

> **Note:** Per-connection proxy auth will become the default in a future major version.

<a id="changeLog"></a>
## Changelog
You can refer to the complete changelog [here](https://github.com/docusign/docusign-esign-java-client/blob/master/CHANGELOG.md).
Expand Down
6 changes: 3 additions & 3 deletions pom.xml
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@
<artifactId>docusign-esign-java</artifactId>
<packaging>jar</packaging>
<name>docusign-esign-java</name>
<version>6.6.0</version>
<version>6.7.0</version>
<url>https://developers.docusign.com</url>
<description>The official Docusign eSignature JAVA client is based on version 2.1 of the Docusign REST API and provides libraries for JAVA application integration. It is recommended that you use this version of the library for new development.</description>

Expand Down Expand Up @@ -52,7 +52,7 @@
<plugin>
<groupId>com.diffplug.spotless</groupId>
<artifactId>spotless-maven-plugin</artifactId>
<version>2.12.1</version>
<version>2.43.0</version>
<configuration>
<java>
<!-- These are the defaults, you can override if you want -->
Expand All @@ -66,7 +66,7 @@
<removeUnusedImports /> <!-- self-explanatory -->

<googleJavaFormat>
<version>1.7</version> <!-- optional -->
<version>1.21.0</version> <!-- Java 21 compatible -->
<style>GOOGLE</style> <!-- or AOSP (optional) -->
</googleJavaFormat>
</java>
Expand Down
Loading
Loading