v0.23.1

protocol: Distinguish pre-key ID 0 from "no one-time pre-key"

v0.23.0

- New PIN hashing utilities, used with Signal's "Secure Value
  Recovery" feature
- Early version of an "SVR2" SGX client (not for production yet)
- zkgroup: ProfileKey.deriveAccessKey(), for getting the sealed sender
  access key for a user
- zkgroup: CreateCallLinkCredential and CallLinkAuthCredential, for
  future "call links" feature
- zkgroup: Removed support for older ProfileKeyCredential (in favor of
  ExpiringProfileKeyCredential) and never-used PniCredential (in favor
  of AuthCredentialWithPni)
- usernames: Validate discriminators more strictly, and ensure they
  are distinct when generating them

- Introduced zkcredential crate, for building zkgroup-style
  credentials without a new poksho proof every time
- Fix compatibility with Rust 1.69

- Declare checked exceptions thrown by EC*Key methods

v0.22.2

- Allow specifying the device transfer private key serialization format for iOS

v0.22.1

- Refined the Java API for usernames (keeping compatibility with
  v0.22.0)
- Implemented IAS signature verification for iOS

v0.22.0

- usernames: A new library to support Signal’s opaque “username hashes”
- attest: Add a new enclave, with support for v4 of the DCAP PCS API

Android + Server

- Support for Android KitKat has been dropped
- Testing on Windows should now work

iOS

Use as a CocoaPod now depends on prebuilt Rust binaries that can be fetched from build-artifacts.signal.org. This requires adding

    ENV['LIBSIGNAL_FFI_PREBUILD_CHECKSUM'] = '...'

to the consuming Podfile. The referenced archives are downloaded to ~/Library/Caches/org.signal.libsignal, and are unarchived as part of the build.

- ScannableFingerprint.compare now correctly takes an opaque collection of bytes to compare against rather than another fingerprint object (which could only be created on the current device)
- APIs for AES-256-CTR and AES-256-GCM have been added
- The API for AES-256-GCM-SIV is now more idiomatic

Desktop

- Building for 32-bit ARM Linux should work again

v0.21.1

- attest: add INTEL-SA-00657 to acceptable advisories
- Java: Change SenderCertificate#getSender to always return UUID

v0.21.0

- attest: Reject reports, even if valid, that contain all zeros in
  report data
- zkgroup: Removed v1 presentations
- iOS: Bump minimum supported iOS version to 12.2

v0.20.0

- Fix Android 4.4 compatibility
- attest: require dcap enclaves to not be in debug mode
- zkgroup: Move AuthCredential redemption time checking down to Rust.
  Only affects the server APIs
  - Java: removes zkgroup's InvalidRedemptionTimeException
  - Swift/Node: AuthCredential redemption times were not checked before
    by the Swift/Node zkgroup server APIs; now they are.

v0.19.3

- attest: CDS2 verification now checks that the quote collateral is
  valid at some point in the future (currently 24h) rather than now,
  mainly to address clock skew on the local device.

- attest: An API has been added for libsignal-server to extract
  attestation metrics from serialized evidence and endorsements.

v0.19.2

- device-transfer: Encoded private keys once again use PKCS#8 DER.
- Node: Restored compatibility with Apple Silicon Macs on NPM.
- Node: Restored compatibility with Ubuntu 16 on NPM.