Netcetera 3DS Server - Release Notes - Version 2.12.2.0

Overview

Published: 28.07.2025

PLEASE DO NOT INSTALL THIS VERSION, WAIT FOR THE NEXT PATCH RELEASE 2.12.2.1

Version 2.12.2.0 is a minor release of the Netcetera 3DS Server.

Important notification

New EMVCo Reference number

The Netcetera 3DS Server has successfully completed its re-certification for EMV 3DS 2.3.1.1 and obtained a new EMVCo Letter of Approval. Please find the new LoA here. This approval is valid until July 2027. The new reference number 3DS_LOA_SER_NEAG_020301_01082 has been introduced as a configurable option within the scheme configuration in the Admin UI. Kindly begin using the updated reference number.

Changes

Upgrade Notes

  • Previously, enabling IAM database authentication for MySQL and PostgreSQL databases on AWS required setting the acquiring.aws.iam-role-db-auth.enabled configuration property. Starting with this version, we’ve added the AWS Advanced JDBC Wrapper plugin. IAM authentication is now configured directly through the connection string. To enable it, use the following format: spring.datasource.url=jdbc:aws-wrapper:<db>://<database-url>:<port>/<db-name>?wrapperPlugins=iam

New Features

  • Netcetera 3DS Server now supports the Jaywan domestic card scheme.
  • The 3DS Web SDK has been enhanced with two functions: getBrowserData and getDeviceIdAndBrowserUserId designed to collect browser data required for the authentication request. For more information, check this page.

Improvements

  • Upgraded Spring Boot to version 3.5.3. Additionally, Elasticsearch Java Client is upgraded to version 8.18.1.
  • Extended and updated the validation of the bridging message extension in line with the latest BME specification.
  • Added validation rules for the acsInfoInd reserved fields.
  • Updated error handling for values in reserved ranges based on the protocol version: error code 203 is returned for versions up to 2.2.0, and 207 for version 2.3.1.
  • Added ErrorDetail information for DS ARes related exceptions and for cases where the 3DS Server fails to resolve the merchant configuration from the Authentication Request.
  • Enabled mutual TLS authentication when downloading card ranges from a file during preparation flow.
  • Added validation for the length of acsSignedContent in accordance with the 2.3.1.1 EMVCo specification.
  • Improved validation in the OReq (Operation Request) flow by validating the message before the header. Added handling for invalid or missing dsTransID in the header, returning error code 201 when the dsTransID is not provided.
  • Fixed the setting of the isRReqReceived flag when saving the results data entity in Redis.
  • Added timeout functionality to 3DS Method and Challenge Request calls. This allows specifying a timeout duration and callback function to handle cases where the ACS does not respond in time, such as failing to complete the 3DS Method via the notification URL in the iframe.

Bug Fixes

  • Fixed a NullPointerException in JCB validation rules that occurred when transStatus was null.