Releases: Yubico/java-webauthn-server
Releases · Yubico/java-webauthn-server
Pre-release 1.4.1-RC1
1.4.1-RC1
This tag was signed with the committer’s verified signature.
The key has expired.
emlun
Emil Lundberg
8a4cdf8
This commit was signed with the committer’s verified signature.
The key has expired.
emlun
Emil Lundberg
Packaging fixes:
- Fixed dependency declarations so API dependencies are correctly propagated as compile-time dependencies of dependent projects.
- Fixed Specification-Version release date in webauthn-server-core jar manifest.
Artifacts built with JDK 11.
Version 1.4.0
1.4.0
This tag was signed with the committer’s verified signature.
The key has expired.
emlun
Emil Lundberg
248d0b1
This commit was signed with the committer’s verified signature.
The key has expired.
emlun
Emil Lundberg
Changes:
- Class
com.yubico.internal.util.WebAuthnCodecsis no longer public. The packagecom.yubico.internal.utilwas already declared non-public in JavaDoc, but this is now also enforced via Java visibility rules. - Class
com.yubico.webauthn.meta.Specification.SpecificationBuilderis no longer public. It was never intended to be, although this was not documented explicitly. - Default value for
RelyingParty.preferredPubKeyParamschanged from[ES256, RS256]to[ES256, EdDSA, RS256] - Data classes no longer use
Optionalinternally in field types. This should not meaningfully affect the public API, but might improve compatibility with frameworks that use reflection.
New features:
- Added support for Ed25519 signatures.
- New constants
COSEAlgorithmIdentifier.EdDSAandPublicKeyCredentialParameters.EdDSA - Artifacts are now built reproducibly; fresh builds from source should now be verifiable by signature files from Maven Central.
Security fixes:
- Bumped Jackson dependency to version 2.9.9.3 which has patched CVE-2019-12814, CVE-2019-14439, CVE-2019-14379
Artifacts built with JDK 11.
Pre-release 1.4.0-RC2
1.4.0-RC2
This tag was signed with the committer’s verified signature.
The key has expired.
emlun
Emil Lundberg
6490bb5
This commit was signed with the committer’s verified signature.
The key has expired.
emlun
Emil Lundberg
Published artifacts built with JDK 11.
The build of 1.4.0-RC1 published to Maven Central was built with lombok.config files in the working directory that are not tracked by Git, which breaks signature verification for the reproducible build. The 1.4.0-RC2 build is built from the same commit but without those untracked lombok.config files, so a fresh build from source produces the same artifacts.
Pre-release 1.4.0-RC1
1.4.0-RC1
This tag was signed with the committer’s verified signature.
The key has expired.
emlun
Emil Lundberg
6490bb5
This commit was signed with the committer’s verified signature.
The key has expired.
emlun
Emil Lundberg
Changes:
- Class
com.yubico.internal.util.WebAuthnCodecsis no longer public. The packagecom.yubico.internal.utilwas already declared non-public in JavaDoc, but this is now also enforced via Java visibility rules. - Class
com.yubico.webauthn.meta.Specification.SpecificationBuilderis no longer public. It was never intended to be, although this was not documented explicitly. - Default value for
RelyingParty.preferredPubKeyParamschanged from[ES256, RS256]to[ES256, EdDSA, RS256]
New features:
- Added support for Ed25519 signatures.
- New constants
COSEAlgorithmIdentifier.EdDSAandPublicKeyCredentialParameters.EdDSA - Artifacts are now built reproducibly; fresh builds from source should now be verifiable by signature files from Maven Central.
Security fixes:
- Bumped Jackson dependency to version 2.9.9.3 which has patched CVE-2019-12814, CVE-2019-14439, CVE-2019-14379
Version 1.3.0
1.3.0
This tag was signed with the committer’s verified signature.
The key has expired.
emlun
Emil Lundberg
6ade42d
This commit was signed with the committer’s verified signature.
The key has expired.
emlun
Emil Lundberg
Security fixes:
- Bumped Jackson dependency to version 2.9.9 which has patched CVE-2019-12086
New features:
- New optional parameter
timeoutadded toStartRegistrationOptionsandStartAssertionOptions
Bug fixes:
- Fixed polarity error in javadoc for
RelyingParty.allowUntrustedAttestation
Pre-release 1.3.0-RC2
1.3.0-RC2
This tag was signed with the committer’s verified signature.
The key has expired.
emlun
Emil Lundberg
c70ba53
This commit was signed with the committer’s verified signature.
The key has expired.
emlun
Emil Lundberg
Security fixes:
- Bumped Jackson dependency to version 2.9.9 which has patched CVE-2019-12086
Pre-release 1.3.0-RC1
1.3.0-RC1
This tag was signed with the committer’s verified signature.
The key has expired.
emlun
Emil Lundberg
8979e0d
This commit was signed with the committer’s verified signature.
The key has expired.
emlun
Emil Lundberg
New features:
- New optional parameter
timeoutadded toStartRegistrationOptionsandStartAssertionOptions
Version 1.2.0
1.2.0
This tag was signed with the committer’s verified signature.
The key has expired.
emlun
Emil Lundberg
050de23
This commit was signed with the committer’s verified signature.
The key has expired.
emlun
Emil Lundberg
New features:
- RSA keys are now supported.
- New constructor functions
PublicKeyCredential.parseRegistrationResponseJsonand.parseAssertionResponseJson- So users don't have to deal with the
TypeReferences imposed by the generics, unless they want to.
- So users don't have to deal with the
Bug fixes:
android-keyattestation statements now don't throw an exception ifallowUntrustedAttestationis set totrue.tpmattestation statements now don't throw an exception ifallowUntrustedAttestationis set totrue.
Pre-release 1.2.0-RC1
Pre-release 1.1.1-RC1
1.1.1-RC1
This tag was signed with the committer’s verified signature.
The key has expired.
emlun
Emil Lundberg
c9689c6
This commit was signed with the committer’s verified signature.
The key has expired.
emlun
Emil Lundberg
Bug fixes:
android-keyattestation statements now don't throw an exception ifallowUntrustedAttestationis set totrue.tpmattestation statements now don't throw an exception ifallowUntrustedAttestationis set totrue.