LibreSCRS 4.0.0 — first stable of the 4.0 cycle

LibreSCRS 4.0.0 lands today. After two release candidates and extensive community testing across Linux, macOS, and Windows, both LibreMiddleware 4.0.0 and LibreCelik 4.0.0 carry GPG-signed git tags and cosign-signed release artifacts.

What’s in 4.0 #

• C++23 core with std::expected-based fallible-factory API surface, LocalizedText i18n metadata, and CancelToken for cooperative cancellation.
• Native PAdES / XAdES / JAdES / CAdES / ASiC-E signing via LibreSCRS::Signing::SigningService — no external signing daemon.
• Auto-fit visual signature layout (layoutVisualSignature) — preview in the wizard renders pixel-exact against the embedded PAdES output.
• RFC 5280 trust chain validation with eIDAS qcStatements conformance.
• eMRTD PACE for contactless passport reading; CardEdge, PKCS#15, PIV providers; OpenSC fallback in the card-plugin path.
• Bundled CardEdge OpenSC external driver built against OpenSC 0.26.1 and 0.27.1, available as a sidecar tarball until upstream OpenSC ships our srbeid driver in a numbered release.

Known issue — multi-card PIN routing #

When more than one Serbian smart card is inserted simultaneously and the user initiates a signing flow, the PIN entry prompt may be associated with a different slot than the certificate selected. Single-card setups are unaffected. The fix is architectural — a Card+Slot model — and is the headline feature of 4.1.0, already implemented on the development branch.

Downloads #

• LibreMiddleware 4.0.0 release
• LibreCelik 4.0.0 release

All artifacts ship with .sigstore.json cosign signatures; verify with cosign verify-blob --bundle <name>.sigstore.json <name>.