Skip to content

Version 1.4.0
Compare
Choose a tag to compare
@emlun emlun released this 23 Sep 12:01
1.4.0
This tag was signed with the committer’s verified signature. The key has expired.
emlun Emil Lundberg
GPG key ID: D8588A5844E2A774
Expired
Learn about vigilant mode.
248d0b1
This commit was signed with the committer’s verified signature. The key has expired.
emlun Emil Lundberg
GPG key ID: D8588A5844E2A774
Expired
Learn about vigilant mode.

Changes:

  • Class com.yubico.internal.util.WebAuthnCodecs is no longer public. The package com.yubico.internal.util was already declared non-public in JavaDoc, but this is now also enforced via Java visibility rules.
  • Class com.yubico.webauthn.meta.Specification.SpecificationBuilder is no longer public. It was never intended to be, although this was not documented explicitly.
  • Default value for RelyingParty.preferredPubKeyParams changed from [ES256, RS256] to [ES256, EdDSA, RS256]
  • Data classes no longer use Optional internally in field types. This should not meaningfully affect the public API, but might improve compatibility with frameworks that use reflection.

New features:

  • Added support for Ed25519 signatures.
  • New constants COSEAlgorithmIdentifier.EdDSA and PublicKeyCredentialParameters.EdDSA
  • Artifacts are now built reproducibly; fresh builds from source should now be verifiable by signature files from Maven Central.

Security fixes:

Artifacts built with JDK 11.

Assets 4
Loading