Author: admin

Mustangproject version 2.16.4, released April 22nd, 2025, features 16 small corrections, two of which may be potentially security sensitive and fixes a small resource leak.

There is a known issue (#764),
which may be addressed in 2.17.0, potentially in May, maybe along with an update to support ZF 2.3.3 (i.e. Codelist version 15): The question being if absolute, i.e. non-percentual, item based discounts/charges are not to be multiplied by the quantity, as they currently are in Mustang. If that is true I will need to correct not only the calculation, but also some tests, and you may see different invoice amounts in some cases.

New features in 2.16.4

• #818 need to be able to specify filenames as exceptions from files validated recursively with validateExpectValid
• #741 read position accountingReference
• #809 invoice reader to support multiple charges per item
• #812 fileattachment relation should have a default

Fixes

• #774 disable XML parsing entities (potentially security sensitive, potentially partially revoked after merge due to failing tests)
• #778 Added XEE Protection features (potentially security sensitive, potentially partially revoked after merge due to failing tests)
• #742/#753 “Adresszusatz 1” (LineTwo) showing up as “Postfach” in HTML visualization
• #614, #770 Exemption reason text should not be reused
• #728 Invoice setCorrection causes duplicate XML output
• #776 Fix potential resource leaks in core file processing classes
• #782/771 prevent NullPointerException on Product Description
• #772 TradeParty Name should be optional for ShipToTradeParty
• #775 not deleted tmp files
• #802 fix: capital letter for ID in listID

Refactorings

• #759 Use the dedicated class instead of var type
• #722 extend ValidationLogVisualizer to not use only file system

Today, March 7th, 2025 we published a a new version of our e-invoicing REST API, Mustangserver.
It brings the benefits of Mustangproject version 2.16.3, e.g. the possibility to specify item based charges and allowances also using JSON, and fixes a potential security as well as a maintenance issue.

Existing users already see the 1.6.3 option, new users can subscribe for a free 30 day evaluation period. Version 1.6.3 will become the new default version as of tomorrow.

Today, March 3rd, 2025, we released a new version of our open-source e-invoicing library and tool, Mustangproject. This version 2.16.3 mitigates a potential security issue (#685/#725), allows to write invoices using the invoice class without VAT ID (#745) and more.

Details:

• #558 ZUGFeRDInvoiceImporter does not read BankDetails.accountName
• #686 Item: add BillingSpecifiedPeriod
• #739 also parse invoiceperiod from ubl
• #745 be able to specify legalorganisation id without schema
• #747 correct profile detection
• #710 Validation Error due to empty elements
• #712 Correct bracket setting on condition for output of allowance reason.
• #725 Unable to perform XML-oriented attacks
• #685 Security Issue: XXE Vulnerability in ZUGFeRDInvoiceImporter (PR #725)
• #761 Allow to set item allowance/charges from JSON

Today, February 27th, 2025 we published a hotfix to our e-invoicing REST API, Mustangserver, fixing an issue in the “detach” endpoint which may cause some invoices not to display embedded factur-x.xml files.

Today, February 6th, 2025 we released a new Version of our Software-as-a-Service e-procurement REST API, Mustangserver, fixing minor details like the in rare cases potential incomplete list of invoice attachments.

Mustangproject 2.16.2 was released today, February 5th, 2025 and features only minor fixes regarding (among others) PDF and invoice attachments, in detail:

• #705 specifiedLogisticsCharge is not imported
• #707 invoiceimporter may fail if certain values are not set
• #708 embedded files cannot be determined
• #709 ZUGFeRDInvoiceImporter ignored “first” embedded file in list of pdf attachments
• #607 Enable flexible PaymentReference and a DocumentName.
• #649 Reuse toPDF method to work without any dependencies to the file system
• #650 Add net.sf.offo:fop-hyph
• #665 Fix #632: Return ubl_creditnote as Standard for CreditNotes
• #684 Optimize validation-report to pdf functionality
• #703 Fill TaxExemptionReason during InvoiceImport.
• #701 Ensure Base64 decoding can handle newlines when decoding a FileAttachment
• #691 Fix current check failures.

Mustang 2.16.1, released today, January 21st, 2025, features some small corrections like

• #678 some ubl creditnote attributes are not parsed
• #679 validation of a XR does not ignore whitespace
• #681 IBAN assigned to invoice sender not recipient on direct debit
• #689 incorrect element order when both charge reason and reasoncode are specified
• be able to set detailedDeliveryPeriodFrom, detailedDeliveryPeriodTo via JSON
• updated verapdf from 1.26.1 to 1.26.2
• cashDiscount JSON now corrently ignores values for cii and xr methods

Mustangproject, the open-source e-invoicing toolkit, released it’s version 2.16.0 today, January 10th, 2025.
This version adds support to parse charges/allowances (#651), allows allowance and charge reasoncodes also on document level (#657), allows multiple invoice referenced documents (#631) and supports a PDF validation report output (#356, using --log-as-pdf, it’s currently not yet documented anywhere).

Further fixes include

• allow to add includedNotes with type
• #645 Fix visualization of validation logs
• #639 Fix invoice calculation if rounding amount is present
• #633 Bump ch.qos.logback:logback-core from 1.2.13 to 1.5.16
• #626 Fix minor java issues
• #622 Fix FOP config
• #629 Visualizing xml
• #630 Fix issue #296 (Validation-Error: Ungültiger Content wurde beginnend mit Element ‘ram:DueDateDateTime’ ) (duplicate of #565)
• #658 prevent nullpointerexception
• #648 Fix log visualization
• #652 Discount VAT is not subtracted from duepayable
• #620 Fix logback config
• #653 ZF2EdgeTest: methods ‘getPaymentMeansCode()’ & ‘getPaymentMeansInformation()’ does not override super methods
• #654 remove wrong test methods

Today, Monday, December 30th we released a new version of our E-Invoice-Rest-API Mustangserver which supports conversion to and from CII, UBL and FatturaPA based on a open source project called EeISI. Additionally, it now also supports writing embedded files. As usual, Mustangserver 1.6.0 is not yet the default version for all requests but can be specifically selected.

Mustangproject version 2.15.2 was published today, December 19th, 2024, and brought minor improvements in the fields of

Parsing

• #618 import BT-20
• correctly import additional referenced documents into invoice/corrected setting of attachments from jackson
• corrected parseException structure

Validation

• allow 1p0 as potential xmp version number

and

Writing

• correcly write charge reason codes also for non-Xrechnung #617
• #599 add tax category code for free export
• #600 Fixes a problem where a stream was not safely closed

As usual it can e.g. be downloaded on the commandline page.