Changelog

All notable changes to this project will be documented in this file.

This project adheres to Semantic Versioning, except that – as is typical in the Rust community – the minimum supported Rust version may be increased without a major version increase.

Since version 0.36.1, the format of this changelog is based on Keep a Changelog.

0.36.0

23 September 2024

(MINOR) ensures release bumps minor version (#592)
fix: requires "StatusTracker" to implement "Send" (#589)

0.35.1

17 September 2024

Fix error when trying to sign BMFF content with Builder. (#582)

0.35.0

12 September 2024

upgrades to riff@2.0.0, preventing panic on invalid riff files (#579)
EC signature DER support (#581)
Update base64 requirement from 0.21.2 to 0.22.1 in /sdk (#519)
(MINOR) Rust API enhancements and fixes. (#575)
Fix GIF off by one with XMP (#562)

0.34.0

30 August 2024

(MINOR) Fragmented BMFF media (#572)

0.33.4

29 August 2024

Depend on url crate version 2.5.2 or newer (#573)

0.33.3

17 August 2024

Inline certs for wasm test signer (#564)

0.33.2

15 August 2024

Bmff write fix (#552)
Fix remote embedding RIFF when specifying mime type (#551)
Fix data hash out of bounds when using placeholder beyond stream length (#546)
Adds embeddable apis and remote_url/no_embed options (#537)
export_schema: add unstable_api feature (#542)
Ingredient checks (#529)
Add base_path field to Builder (#539)
Export AssertionDefinition and ActionTemplate in public API (#522)

0.33.1

30 July 2024

Use timestamp with OpenSSL validation to prevent check chain check er… (#531)
Fix GIF remove_cai_store_from_stream behavior (#524)

0.33.0

26 July 2024

Update crate to fix bad certificate dump content (#525)
Introduce a mutex around the FFI calls to OpenSSL (#516)
Bump bcder minimum version to 0.7.3 (#526)
(MINOR) Updates needed for v2 JavaScript SDK (#521)
Add region of interest assertion definition (#506)
Fix CI tests (#520)
Builder Archive update (#507)
Update range-set requirement from 0.0.9 to 0.0.11 in /sdk (#442)
Make sure reading past end of JUMBF box is an error (#518)
added final details (#517)

0.32.7

18 July 2024

Ensure Ingredient data_types make it to the store and back. (#514)
draft security md (#508)
Make data_types field optional when serializing data-box-map (#512)
Fix box hash placeholder len (set to 1) (#511)
Set data box placeholder len to at least 1 for GIF (#510)
Rewind mp3 streams when reading/writing (#509)
Update README.md (#351)
Add GIF support (#489)
Update image requirement from 0.24.7 to 0.25.1 in /make_test_images (#445)
Upgrade uuid to 1.7.0 & fix removed wasm-bindgen feature (#450)
Expose SignatureInfo publicly (#501)
Cleanup empty/unused files + lints (#500)

0.32.6

15 July 2024

Fetching of databoxes must always use HashedURI to enforce hash checks. (#505)
Temporarily allow unused JsonAssertionData to fix unused error in CI (#498)
Add remote manifest support to MP3 (#496)

0.32.5

28 June 2024

(PATCH) ensures temp files are removed (#494)
Update async_generic to 1.1 (#493)

0.32.4

25 June 2024

Add data_type (future) to Ingredient_V2 (#490)
Let's not assume that third-party assertions are using serde_cbor (#491)

0.32.3

24 June 2024

External placed manifest (#472)
Support metadata field in claims. (#488)

0.32.2

19 June 2024

Add iterators over manifests and resources in unstable API (#482)
OCSP certificate should be valid at signing time (#481)
url crate version 2.5.1 introduces new license "Unicode-3.0" (#483)
Implement Debug w/ detailed manifest for Reader (#473)
Bump MSRV to 1.74 (#478)
Allow empty Merkle proof for last leaf node. (#470)

0.32.1

10 May 2024

Steps toward removing RemoteSigner APIs. (#466)

0.32.0

07 May 2024

(Minor) Additional unit tests and fixes for injection (or previously untested) issues. (#464)
Expose authoring support in WASM (#369)
Move signer to first parameter on Builder.sign (#457)
Gpeacock/embed_remote_settings (#460)
(MINOR) Removes xmp_write feature and xmp_toolkit (#461)
Async Signer: add support for async OCSP call (#458)
Use cargo test in CI (#459)
(MINOR) Initial V2 API work (#437)

0.31.3

05 April 2024

Add video/quicktime to the list of BMFF MIME types (#441)
Streaming XMP write support for PNG (#439)

0.31.2

03 April 2024

Fixed temp file auto delete (#438)
Add Sync trait to TrustHandlerConfig (#440)
remove file_io dependency on fetch_remote_manifests (#434)
Remove verify after signing when compiling without openssl (#404)
Streaming write support for BMFF (#435)
Added support for XMP streaming writes for TIFF/DNG (#433)
Implements embed_reference_to_stream for jpeg (#430)

0.31.1

25 March 2024

Adds Action changes field as option vec of serde_json value (#431)

0.31.0

13 March 2024

(MINOR) Adds Send trait to TrustHandlerConfig (#426)

0.30.3

12 March 2024

Roll back rasn-* version requirements since 0.12.6 was yanked (#425)

0.30.2

12 March 2024

Adds a Manifest::composed manifest method (#424)
Allow cert dump to work in WASM (#420)
Update minimum dependency of rasn-* crates (#423)

0.30.1

08 March 2024

Fix include_byte references that were not available in external crate builds

0.30.0

08 March 2024

(MINOR) Remove testing function that was inadvertently public (#421)

0.29.3

08 March 2024

Trust support (#415)

0.29.2

08 March 2024

add a thumb resource when referencing an embedded uri (#419)

0.29.1

07 March 2024

Adds Manifest.remote_manifest_url() (CAI-5437) (#418)
Fix use of deprecated method chrono::NaiveDateTime::timestamp (#417)
Fix up some random typos. (#353)

0.29.0

26 February 2024

SDK configuration settings support (infrastructure) (#408)
Support streaming writes for TIFF (#410)
Fixed typo in comment (#409)
(MINOR) Update xmp_toolkit to v1.7.1, remove Ring dependency, fix build errors (#407)
Crate udate to fix jpeg parsing error (#402)
allows builds to pass (#403)
Ocsp support (#371)

0.28.5

06 February 2024

Finish async signing implementation for cose_sign (#370)
adds read_cai test for PDF with content credentials (#366)
[IGNORE] README edits (#356)
Update ci.yml
Remove deprecated twoway crate (#361)
Fix response strings for BMFF and Box hash statuses (#360)
Restore correct 1.3 CoseSign1 headers (#359)
Openssl update to version 3.x (#357)
Add support for ARW and NEF (#355)

0.28.4

04 December 2023

CAI-5041 Clear Windows temp attribute (#352)

0.28.3

22 November 2023

Remove Blake3 dependency from c2pa-rs (#348)

0.28.2

21 November 2023

Fix PDF reading of manifest from wrong key (#346)

0.28.1

17 November 2023

readme update (#345)
Add support for embeddable manifests with RemoteSigner (#344)
Blake build fix (#343)
Update image crate dependency and limit features (#341)
Bump xmp_toolkit requirement to 1.6 (#339)
Disable Windows builds with latest Rust version (#342)

0.28.0

01 November 2023

(PATCH) switches af relationship for a reference to the c2pa data to an array of references, one of which is the c2pa spec (#333)
Restore async versions of embed functions (#327)
(MINOR) Support databox thumbnails CAI-4142 (#325)
(MINOR) Reuse claim thumbnail as ingredient thumbnail if the store is valid (#322)
(MINOR) Use JUMBF URIs for ManifestStore identifiers (#323)
Add ManifestStore::from_stream (#319)
Adds embed_to_stream (#313)

0.27.1

04 October 2023

Support for validating JPEGs that contain MPF (multi-picture format). (#317)
Add ability to customize HTTP headers on timestamp request to Signer and AsyncSigner traits (#315)
Add all of the MIME types that are associated with WAV files (#316)
Allow MS_C2PA_SIGNING OID to pass (#314)

0.27.0

29 September 2023

supports removal of manifests from pdf (#312)
Support for MP3 (#295)
(MINOR) Signer can call timestamp authority directly (#311)
implements pdf read support (#309)

0.26.0

13 September 2023

Add support for default SVG MIME type (#305)
Support for writing and reading manifest data from simple PDFs (without incremental updates or signatures) (#249)
Increase actix requirement to 0.13.1 (#304)
(MINOR) Expose HashRange (#300)
Lock openssl-sys version to 0.9.92 (#302)
Update links to C2PA spec to 1.3 (#292)
Error saving stream writes (#290)
Fix for overly harsh checks when checking Merkle trees. (#289)

0.25.2

02 August 2023

Adds a way to force no claim thumbnail generation (#288)
adds ManifestStoreReport::cert_chain_from_bytes (#286)

0.25.1

14 July 2023

Expose DataHash and BoxHash to public SDK (#284)
Remove debug statement (#283)

0.25.0

14 July 2023

(MINOR) User, UserCbor and Uuid assertions removed from SDK (#141)
Fix for #195 make_test_images missing ingredient references (#254)
Return ResourceNotFound instead of NotFound for resource get (#279)
(MINOR) Minor improvements for Wasm and Node.js interoperability (#276)
Fix iloc extent_offsets when offset_size is 0 (#277)
(MINOR) Converts DataHash and BoxHash methods to use RemoteSigner instead of AsyncSigner (#280)
(MINOR) Embeddable manifest support (#266)
Repair CI tests (#278)

0.24.0

21 June 2023

(MINOR) force minor version change (#273)

0.23.3

21 June 2023

Bump minor version and update README.md (#272)
Updates (#270)
Add Send to CAIRead trait so that it can be used across threads (#271)
Generate old COSE headers for temporary backwards support (#269)

0.23.2

19 June 2023

Fix for returning input stream data when using embed_from_memory (#268)

0.23.1

13 June 2023

Remove no-default ci test (#259)
includes the cert serial number in the ValidationInfo output (#263)
adds ManifestStoreReport::cert_chain (#265)
Update Timestamp message imprint to include entire protected header (#264)

0.23.0

09 June 2023

Box hash support (#261)
Fix timestamp Accuracy decoding (#262)
Make remote manifest handling consistent across input types (#260)
(MINOR) Support for Ingredients V2 and Actions V2 (#258)
Generate and validate 1.3 Cose signatures (#256)
Add type exports via JSON Schema (#255)
Bmff v2 (#251)

0.22.0

18 May 2023

(MINOR) Improved Remote Manifest handling (#250)
Riff streaming support (#248)

0.21.0

04 May 2023

(MINOR) Added ResourceNotFound error (#244)

0.20.3

03 May 2023

backed out calls to set_memory_thumbnail (#243)
Revert "backed out calls to set_memory_thumbnail"
backed out calls to set_memory_thumbnail This was causing thumbnail files to not be generated.

0.20.2

24 April 2023

Fixes bug in Ingredient_from_stream_info (#241)

0.20.1

20 April 2023

Ingredient async and thumbnail support (#240)
Update actix requirement from 0.11.0 to 0.13.0 in /sdk (#209)
Update uuid requirement from 0.8.1 to 1.3.1 in /sdk (#237)
Upgrade x509-parser to 0.15.0 (#229)
Add support for ARM on Linux (#233)

0.20.0

05 April 2023

(MINOR) SVG support (#226)
(MINOR) Update several X509-related crate dependencies (#225)
Update thiserror to 1.0.40 in /sdk (#223)
Avoid chrono's transitive dependency on time crate (#222)
Require openssl >0.10.48 to address multiple RUSTSEC warnings (#221)
Apply code format to doc comments (#220)

0.19.1

28 March 2023

Update README (#215)

0.19.0

23 March 2023

Makefile update (#213)
Streaming enhancement (#212)
Adds base_path_take to ResourceStore (#205)
Add write support for HEIC, HEIF, AVIF (#210)
(MINOR) Riff support with refactored AssetIO (#203)
(MINOR) Resource format and is_parent / relationship changes (#202)
Fix hash algo warning in Wasm and hashing for RSA-PSS SHA-384/512 (#206)
Derive impl of Default for Relationship enum (#204)

0.18.1

07 March 2023

Update Validation Status codes (#200)
Fix async path to support ingredient box hashing (#201)

0.18.0

02 March 2023

Fix issue where value was inadvertently included in Exclusion structure (#197)
(MINOR) Bump MSRV to 1.63.0 (#198)
Fixed unit test failure (invalid unique name generation). (#190)

0.17.0

22 February 2023

Disable mdat exclusion (#187)
Bmff v2 (#186)
Fix for using non-c2pa segment when add required segments (#185)
Update Ingredient and VC hashes to 1.2 spec (#184)
(MINOR) Create a ResourceStore for binary assets (#180)
Fix Clippy warnings from new Rust 1.67 (#182)
Visualizations (#163)

0.16.1

19 December 2022

Update xmp-toolkit from 0.6.0 to 1.0.0 (#165)
Prepare 0.16.1 release
Address new Clippy warnings for Rust 1.66 (#164)
Create external manifests for unknown types (#162)

0.16.1

19 December 2022

Address new Clippy warnings for Rust 1.66 (#164)
Create external manifests for unknown types (#162)

0.16.0

03 December 2022

Updates some cargo dependencies (#159)
makes manifest#add_redaction public; adds test (#156)
Fixes support for instanceId on action and generate parameters.ingredient field when possible (#158)
Support digitalSourceType field in Action (#154)
(MINOR) Add sign feature for signing manifests without file I/O (#125)
TIFF/DNG support (#152)

0.15.0

09 November 2022

Fix bad error response when manifest is stripped (#153)
(MINOR) Bump MSRV to 1.61 (#142)
Fix new Clippy warnings generated by Rust 1.65 (#151)
Build infrastructure improvements (#150)
Fix manifest.set_thumbnail when add_thumbnails is enabled (#148)
Fix for XMP links being mistaken for remote URLs (#147)
Upgrade xmp_toolkit to 0.6.0 (#146)
create jpeg thumbnails for pngs without alpha (#145)
Add test_embed_with_ingredient_err (#134)

0.14.1

04 October 2022

Add homepage and repository links to crates.io (#132)
Add Exif Assertion support (#140)

0.14.0

23 September 2022

(MINOR) Remove previously embedded manifests for remote manifests (#136)
(MINOR) Add support for manifest removal (#123)

0.13.2

21 September 2022

manifest_data was missing for remote manifests (#135)

0.13.1

13 September 2022

Add ManifestStore::from_manifest_and_asset_bytes_async (#130)

0.13.0

26 August 2022

Add RemoteManifestUrl Error, returning url (#120)
Convert status_log error val to a string so that we can return full errors (#121)
Report failures from remote manifest fetch (#116)
Fast XMP extraction from PNG (#117)
Bump MSRV to 1.59.0 (#118)
Make sure there is a single manifest store in the asset (#114)
(MINOR) Switch to "lib" for crate-type (#113)

0.12.0

16 August 2022

Update C2PA manifest store mime type (#112)
Updates Manifest API to support remote and external manifests (#107)
Support validating remote and external manifest stores (#108)
Fix build error when xmp_write is not defined (#105)
Fix box order for BMFF (#104)
Added support for external manifests (#101)

0.11.3

03 August 2022

Remove inadvertent 1.0.0 release from changelog (#97)
Treat 'meta' box as standard container (#95)
Fix for sign_claim masking error (#96)

0.11.1

01 August 2022

Bug fix: Ingredients with valid claims not reporting correct thumbnails (#94)
Update make_test_images to use timestamp authority (#90)
Fix bad response for case when there is no timestamp (#89)

0.11.0

21 July 2022

(MINOR) Add support for remotely generated CoseSign1 signatures (#87)
Optimize performance of large assets (#84)

0.10.0

20 July 2022

Add Unicode license to allow-list (#85)
(MINOR) IngredientOptions allow override of hash and thumbnail generation; image library is now a default feature (#79)

0.9.1

19 July 2022

Fix publish workflow (#82)

0.9.0

19 July 2022

(MINOR) Introduce a new SigningAlg enum (#76)
Support for asynchronous signing of claims (#57)
Adds an add_validation_status method to Ingredient (#68)

0.8.1

15 July 2022

Use rsa crate for RSA-PSS verification in Wasm (#77)

0.8.0

15 July 2022

Add a new API to provide access to COSE signing logic for external signers (#75)
(MINOR) Move crate-level functions for creating signers to new public create_signer mod (#72)

0.7.2

14 July 2022

Fix broken documentation build (#74)

0.7.1

14 July 2022

Configure docs.rs to include feature-gated items (#73)
Update XMP Toolkit to 0.5.0 (#71)
Refactor code to limit memory usage and remove data copies during hash generation (#67)

0.7.0

29 June 2022

(MINOR) Return specific errors for FileNotFound and UnsupportedType (#62)

0.6.1

28 June 2022

Fix up changelog noise
Fix bug with multiple ingredients in Manifest::from_store (#61)

0.6.0

28 June 2022

(MINOR) Initial BMFF support (#39)

0.5.2

23 June 2022

Return assertion instance values starting at 1 instead of 2 (#60)

0.5.1

22 June 2022

Update thumbnail to be Vec<u8>, add serialization feature (#59)
Adds xmp_write feature to make xmp-toolkit inclusion optional (#53)

0.5.0

20 June 2022

(MINOR) Add asset attribute getters for manifest (#56)
(MINOR) Remove temp_signer from sdk; update docs and examples to use get_signer_from_files (#52)
(MINOR) Clean up client example; update actions and schema (#51)

0.4.2

16 June 2022

Fix bug in updating crate reference in README (#50)

0.4.1

16 June 2022

Fix bug in Cargo.toml updates (#49)

0.4.0

16 June 2022

Add status badges for CI validation, crates.io, and code coverage (#46)
Remove self-signed end-entity cert support (#48)
Add rustfmt toml to get edition 2018 formatting (#36)
(MINOR) Update from_bytes(_async) to return a Result (#43)
Adjust temp signer reserved sizes to account for large timestamps (#45)
Fix bug in verify_from_buffer (#44)
Remove cargo edit from publish workflow (#42)
Apply fix from c2patool publish workflow (#40)
Remove need for using OpenSSL to generate certs by using pre-generated certs (#41)
Update README and pull request template with formatting changes (#38)

0.3.0

08 June 2022

Make most jumbf_io functions crate private and move Store dependencies to Store (#37)
Remove c2patool source now that it's in its own repo (#35)
(MINOR) Update ManifestAssertion supporting instances (#34)
Export top level signing functions, hide other signature details (#32)
Add documentation for the Actions and Metadata assertions (#30)
Rework how c2patool is configured (#28)
Convert make_tests into a scriptable engine; rename to make_test_images (#29)
Update thiserror requirement from >= 1.0.20, < 1.0.26 to >= 1.0.20, < 1.0.32 in /sdk (#9)
Update base64 requirement from 0.12.2 to 0.13.0 in /sdk (#10)
Update range-set requirement from 0.0.7 to 0.0.9 in /sdk (#13)
Make Assertions opaque in the public SDK (#22)
Update c2pa requirement from 0.1 to 0.2 in /c2patool (#23)

0.2.0

26 May 2022

Fix dependency reference from c2patool crate to c2pa crate (#21)
(MINOR) Detailed API review for Ingredient struct (#17)

0.1.3

26 May 2022

Publish c2patool crate (#20)
Improve documentation (#14)

0.1.2

26 May 2022

No-op change to verify correct handling of PR numbers (#19)
Fix error in formatting changelog
Fix missing links in changelog

0.1.1

26 May 2022

Add Makefile for local testing (#18)
Add workflow for automatically releasing c2pa crate (#16)
Reduce fixtures size (#15)
Add codecov.io integration (#4)
Configure dependabot (#8)
Configure dependabot (#7)
Remove unnecessary steps from cargo-deny job (#6)
Update to latest GH Actions checkout action (#5)
Change ring license hash to decimal (#3)

0.1.0

23 May 2022

Initial public release

Files

CHANGELOG.md

Latest commit

History

CHANGELOG.md

File metadata and controls

Changelog

0.36.0

0.35.1

0.35.0

0.34.0

0.33.4

0.33.3

0.33.2

0.33.1

0.33.0

0.32.7

0.32.6

0.32.5

0.32.4

0.32.3

0.32.2

0.32.1

0.32.0

0.31.3

0.31.2

0.31.1

0.31.0

0.30.3

0.30.2

0.30.1

0.30.0

0.29.3

0.29.2

0.29.1

0.29.0

0.28.5

0.28.4

0.28.3

0.28.2

0.28.1

0.28.0

0.27.1

0.27.0

0.26.0

0.25.2

0.25.1

0.25.0

0.24.0

0.23.3

0.23.2

0.23.1

0.23.0

0.22.0

0.21.0

0.20.3

0.20.2

0.20.1

0.20.0

0.19.1

0.19.0

0.18.1

0.18.0

0.17.0

0.16.1

0.16.1

0.16.0

0.15.0

0.14.1

0.14.0

0.13.2

0.13.1

0.13.0

0.12.0

0.11.3

0.11.1

0.11.0

0.10.0

0.9.1

0.9.0