Skip to content

Releases: Yubico/java-webauthn-server

Version 2.5.0

05 Jul 11:38
@emlun emlun
2.5.0
This tag was signed with the committer’s verified signature.
emlun Emil Lundberg
GPG key ID: DE6C235E14566398
Learn about vigilant mode.
345762b
This commit was signed with the committer’s verified signature.
emlun Emil Lundberg
GPG key ID: DE6C235E14566398
Learn about vigilant mode.
Compare
Choose a tag to compare
Version 2.5.0

webauthn-server-core:

Breaking changes to experimental features:

  • Added Jackson annotation @JsonProperty to method RegisteredCredential.isBackedUp(), changing the property name from backedUp to backupState. backedUp is still accepted during deserialization but will no longer be emitted during serialization.

New features:

  • Added method .isUserVerified() to RegistrationResult and AssertionResult as a shortcut for accessing the UV flag in authenticator data.
  • Updated README and JavaDoc to use the "passkey" term and provide more guidance around passkey use cases.
  • Added Automatic-Module-Name to jar manifest.

Fixes:

  • AuthenticatorAttestationResponse now tolerates and ignores properties "publicKey" and "publicKeyAlgorithm" during JSON deserialization. These properties are emitted by the PublicKeyCredential.toJSON() method added in WebAuthn Level 3.
  • Relaxed Guava dependency version constraint to include major version 32.
  • RelyingParty.finishAssertion now behaves the same if StartAssertionOptions.allowCredentials is explicitly set to a present, empty list as when absent.

webauthn-server-attestation:

New features:

  • Added option verifyDownloadsOnly(boolean) to FidoMetadataDownloader. When set to true, the BLOB signature will not be verified when loading a BLOB from cache or when explicitly given. Default setting is false, which preserves the previous behaviour.
  • Added Automatic-Module-Name to jar manifest.

Fixes:

  • Made Jackson setting PROPAGATE_TRANSIENT_MARKER unnecessary for JSON serialization with Jackson version 2.15.0-rc1 and later.

Artifacts built with openjdk version "17.0.7" 2023-04-18.

Assets 4
Loading
0 Join discussion

Pre-release 2.5.0-RC3

04 Jul 15:22
@emlun emlun
2.5.0-RC3
This tag was signed with the committer’s verified signature.
emlun Emil Lundberg
GPG key ID: DE6C235E14566398
Learn about vigilant mode.
e1ed27c
This commit was signed with the committer’s verified signature.
emlun Emil Lundberg
GPG key ID: DE6C235E14566398
Learn about vigilant mode.
Compare
Choose a tag to compare
Pre-release 2.5.0-RC3 Pre-release
Pre-release

Fixes:

  • RelyingParty.finishAssertion now behaves the same if StartAssertionOptions.allowCredentials is explicitly set to a present, empty list as when absent.

Artifacts built with openjdk version "17.0.7" 2023-04-18.

Assets 4
Loading

Pre-release 2.5.0-RC2

27 Jun 12:00
@emlun emlun
2.5.0-RC2
This tag was signed with the committer’s verified signature.
emlun Emil Lundberg
GPG key ID: DE6C235E14566398
Learn about vigilant mode.
1c8a8ad
This commit was signed with the committer’s verified signature.
emlun Emil Lundberg
GPG key ID: DE6C235E14566398
Learn about vigilant mode.
Compare
Choose a tag to compare
Pre-release 2.5.0-RC2 Pre-release
Pre-release

Fixes:

  • Relaxed Guava dependency version constraint to include major version 32.

Artifacts built with openjdk version "17.0.7" 2023-04-18.

Assets 4
Loading

Pre-release 2.5.0-RC1

26 Jun 15:40
@emlun emlun
2.5.0-RC1
This tag was signed with the committer’s verified signature.
emlun Emil Lundberg
GPG key ID: 0F47E61493A9B8E5
Learn about vigilant mode.
864a1dc
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
Pre-release 2.5.0-RC1 Pre-release
Pre-release

webauthn-server-core:

Breaking changes to experimental features:

  • Added Jackson annotation @JsonProperty to method RegisteredCredential.isBackedUp(), changing the property name from backedUp to backupState. backedUp is still accepted during deserialization but will no longer be emitted during serialization.

New features:

  • Added method .isUserVerified() to RegistrationResult and AssertionResult as a shortcut for accessing the UV flag in authenticator data.
  • Updated README and JavaDoc to use the "passkey" term and provide more guidance around passkey use cases.
  • Added Automatic-Module-Name to jar manifest.

Fixes:

  • AuthenticatorAttestationResponse now tolerates and ignores properties "publicKey" and "publicKeyAlgorithm" during JSON deserialization. These properties are emitted by the PublicKeyCredential.toJSON() method added in WebAuthn Level 3.

webauthn-server-attestation:

New features:

  • Added option verifyDownloadsOnly(boolean) to FidoMetadataDownloader. When set to true, the BLOB signature will not be verified when loading a BLOB from cache or when explicitly given. Default setting is false, which preserves the previous behaviour.
  • Added Automatic-Module-Name to jar manifest.

Fixes:

  • Made Jackson setting PROPAGATE_TRANSIENT_MARKER unnecessary for JSON serialization with Jackson version 2.15.0-rc1 and later.

Artifacts built with openjdk version "17.0.7" 2023-04-18.

Assets 4
Loading

Version 2.4.1

04 May 13:32
@emlun emlun
2.4.1
This tag was signed with the committer’s verified signature.
emlun Emil Lundberg
GPG key ID: DE6C235E14566398
Learn about vigilant mode.
2bebcbb
This commit was signed with the committer’s verified signature.
emlun Emil Lundberg
GPG key ID: DE6C235E14566398
Learn about vigilant mode.
Compare
Choose a tag to compare
Version 2.4.1

Changes:

  • Added explicit version constraint on jackson-bom.

Fixes:

  • Fixed incompatibility with Jackson version 2.15.0-rc1 and later.
  • Fixed linking issue when running in Java 8.

Artifacts built with openjdk version "17.0.7" 2023-04-18.

Assets 4
Loading
0 Join discussion

Pre-release 2.4.1-RC4

03 May 13:27
@emlun emlun
2.4.1-RC4
This tag was signed with the committer’s verified signature.
emlun Emil Lundberg
GPG key ID: DE6C235E14566398
Learn about vigilant mode.
cdaa2ed
This commit was signed with the committer’s verified signature.
emlun Emil Lundberg
GPG key ID: DE6C235E14566398
Learn about vigilant mode.
Compare
Choose a tag to compare
Pre-release 2.4.1-RC4 Pre-release
Pre-release

Fixes:

  • Re-introduced version constraints on individual Jackson modules.

Artifacts built with openjdk version "17.0.7" 2023-04-18.

Assets 4
Loading

Pre-release 2.4.1-RC3

03 May 11:14
@emlun emlun
2.4.1-RC3
This tag was signed with the committer’s verified signature.
emlun Emil Lundberg
GPG key ID: DE6C235E14566398
Learn about vigilant mode.
74dd748
This commit was signed with the committer’s verified signature.
emlun Emil Lundberg
GPG key ID: DE6C235E14566398
Learn about vigilant mode.
Compare
Choose a tag to compare
Pre-release 2.4.1-RC3 Pre-release
Pre-release

Fixes:

  • Fixed missing version number for jackson-bom dependencyManagement dependency.

Artifacts built with openjdk version "17.0.7" 2023-04-18.

Assets 4
Loading

Pre-release 2.4.1-RC2

02 May 14:15
@emlun emlun
2.4.1-RC2
This tag was signed with the committer’s verified signature.
emlun Emil Lundberg
GPG key ID: 0F47E61493A9B8E5
Learn about vigilant mode.
5a19899
This commit was signed with the committer’s verified signature.
emlun Emil Lundberg
GPG key ID: 0F47E61493A9B8E5
Learn about vigilant mode.
Compare
Choose a tag to compare
Pre-release 2.4.1-RC2 Pre-release
Pre-release

Fixes:

  • Added explicit dependencyManagement dependencies on jackson-bom and version constraint on jackson-bom.

Artifacts built with openjdk version "17.0.6" 2023-01-17.

Assets 4
Loading

Pre-release 2.4.1-RC1

14 Apr 15:31
@emlun emlun
2.4.1-RC1
This tag was signed with the committer’s verified signature.
emlun Emil Lundberg
GPG key ID: 0F47E61493A9B8E5
Learn about vigilant mode.
ca01bca
This commit was signed with the committer’s verified signature.
emlun Emil Lundberg
GPG key ID: 0F47E61493A9B8E5
Learn about vigilant mode.
Compare
Choose a tag to compare
Pre-release 2.4.1-RC1 Pre-release
Pre-release

Fixes:

  • Removed version constraints on non-core Jackson modules; Jackson ships its own BOM constraints to align module versions.
  • Fixed incompatibility with Jackson version 2.15.0-rc1 and later.
  • Fixed linking issue when running in Java 8.

Artifacts built with openjdk version "17.0.6" 2023-01-17.

NOTE: The webauthn-server-attestation artifact of this version is not reliably reproducible; a single byte in MetadataStatement.class tends to differ between builds.

Assets 4
Loading

Version 2.4.0

15 Feb 13:28
@emlun emlun
2.4.0
This tag was signed with the committer’s verified signature.
emlun Emil Lundberg
GPG key ID: 0F47E61493A9B8E5
Learn about vigilant mode.
479492c
This commit was signed with the committer’s verified signature.
emlun Emil Lundberg
GPG key ID: 0F47E61493A9B8E5
Learn about vigilant mode.
Compare
Choose a tag to compare
Version 2.4.0

webauthn-server-core:

New features:

  • Added support for RS384 and RS512 signature algorithms.
    • Thanks to GitHub user JohnnyJayJay for the contribution, see #235
  • Added userHandle field to AssertionRequest as part of the second bug fix below. userHandle is mutually exclusive with username. This was originally released in pre-release 1.12.3-RC3, but was accidentally left out of the 1.12.3 release.

Fixes:

webauthn-server-attestation:

Fixes:

Artifacts built with openjdk 17.0.6 2023-01-17.

Assets 4
Loading
0 Join discussion