Releases: signalapp/libsignal
Releases · signalapp/libsignal
v0.23.1
protocol: Distinguish pre-key ID 0 from "no one-time pre-key"
v0.23.0
- New PIN hashing utilities, used with Signal's "Secure Value Recovery" feature - Early version of an "SVR2" SGX client (not for production yet) - zkgroup: ProfileKey.deriveAccessKey(), for getting the sealed sender access key for a user - zkgroup: CreateCallLinkCredential and CallLinkAuthCredential, for future "call links" feature - zkgroup: Removed support for older ProfileKeyCredential (in favor of ExpiringProfileKeyCredential) and never-used PniCredential (in favor of AuthCredentialWithPni) - usernames: Validate discriminators more strictly, and ensure they are distinct when generating them - Introduced zkcredential crate, for building zkgroup-style credentials without a new poksho proof every time - Fix compatibility with Rust 1.69 - Declare checked exceptions thrown by EC*Key methods
v0.22.2
- Allow specifying the device transfer private key serialization format for iOS
v0.22.1
- Refined the Java API for usernames (keeping compatibility with v0.22.0) - Implemented IAS signature verification for iOS
v0.22.0
- usernames: A new library to support Signal’s opaque “username hashes” - attest: Add a new enclave, with support for v4 of the DCAP PCS API Android + Server - Support for Android KitKat has been dropped - Testing on Windows should now work iOS Use as a CocoaPod now depends on prebuilt Rust binaries that can be fetched from build-artifacts.signal.org. This requires adding ENV['LIBSIGNAL_FFI_PREBUILD_CHECKSUM'] = '...' to the consuming Podfile. The referenced archives are downloaded to ~/Library/Caches/org.signal.libsignal, and are unarchived as part of the build. - ScannableFingerprint.compare now correctly takes an opaque collection of bytes to compare against rather than another fingerprint object (which could only be created on the current device) - APIs for AES-256-CTR and AES-256-GCM have been added - The API for AES-256-GCM-SIV is now more idiomatic Desktop - Building for 32-bit ARM Linux should work again
v0.21.1
- attest: add INTEL-SA-00657 to acceptable advisories - Java: Change SenderCertificate#getSender to always return UUID
v0.21.0
- attest: Reject reports, even if valid, that contain all zeros in report data - zkgroup: Removed v1 presentations - iOS: Bump minimum supported iOS version to 12.2
v0.20.0
- Fix Android 4.4 compatibility - attest: require dcap enclaves to not be in debug mode - zkgroup: Move AuthCredential redemption time checking down to Rust. Only affects the server APIs - Java: removes zkgroup's InvalidRedemptionTimeException - Swift/Node: AuthCredential redemption times were not checked before by the Swift/Node zkgroup server APIs; now they are.
v0.19.3
- attest: CDS2 verification now checks that the quote collateral is valid at some point in the future (currently 24h) rather than now, mainly to address clock skew on the local device. - attest: An API has been added for libsignal-server to extract attestation metrics from serialized evidence and endorsements.
v0.19.2
- device-transfer: Encoded private keys once again use PKCS#8 DER. - Node: Restored compatibility with Apple Silicon Macs on NPM. - Node: Restored compatibility with Ubuntu 16 on NPM.