Skip to content

Version 2.1.0
Compare
Choose a tag to compare
@emlun emlun released this 12 Oct 10:06
· 382 commits to main since this release
2.1.0
This tag was signed with the committer’s verified signature.
emlun Emil Lundberg
GPG key ID: DE6C235E14566398
Learn about vigilant mode.
3468431
This commit was signed with the committer’s verified signature.
emlun Emil Lundberg
GPG key ID: DE6C235E14566398
Learn about vigilant mode.

webauthn-server-core:

Changes:

  • Log messages on attestation certificate path validation failure now include the attestation object.

Deprecations:

  • Deprecated method AssertionResult.getCredentialId(): ByteArray. Use .getCredential().getCredentialId() instead.
  • Deprecated method AssertionResult.getUserHandle(): ByteArray. Use .getCredential().getUserHandle() instead.

New features:

Fixes:

  • Fixed various typos and mistakes in JavaDocs.
  • Moved version constraints for test dependencies from meta-module webauthn-server-parent to unpublished test meta-module.
  • yubico-util dependency removed from downstream compile scope.
  • Fixed missing JavaDoc on TrustRootsResult getters and builder setters.

webauthn-server-attestation:

Changes:

  • The AuthenticatorToBeFiltered argument of the FidoMetadataService runtime filter now omits zero AAGUIDs.
  • Promoted log messages in FidoMetadataDownloader about BLOB signature failure and cache corruption from DEBUG level to WARN level.

New features:

Fixes:

  • Fixed various typos and mistakes in JavaDocs.
  • FidoMetadataDownloader now verifies the SHA-256 hash of the cached trust root certificate, as promised in the JavaDoc of useTrustRootCacheFile and useTrustRootCache.
  • BouncyCastle dependency dropped.
  • Guava dependency dropped (but still remains in core module).
  • If BLOB download fails, FidoMetadataDownloader now correctly falls back to cache if available.

Artifacts built with openjdk 17.0.4.1 2022-08-12.

Assets 4
Loading
0 Join discussion