From 6f0b8a2958f9494d9e641ad921848493d7d5ce3e Mon Sep 17 00:00:00 2001 From: Sietse Ringers Date: Wed, 13 May 2020 14:46:06 +0200 Subject: [PATCH] chore: bump version and update CHANGELOG.md --- CHANGELOG.md | 42 ++++++++++++++++++++++++++++++++++++++++++ version.go | 2 +- 2 files changed, 43 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 9d8ad065c..8476394af 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,45 @@ All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). + +## [0.5.0-rc.3] - 2020-05-14 +### Added +* Various additions to `irmaclient` for the [new IRMA app](https://github.com/privacybydesign/irmamobile), among others: + * Several new fields in `irma.CredentialType` for specifying e.g. help messages and card colors + * Added developer mode enabling non-HTTPS connections to IRMA servers for local testing (see below) + +### Fixed +* Problems with `--privkeys` option to IRMA server + +### Security +* `irma` command, IRMA server and `irmaclient` will now enforce HTTPS for outgoing connections whenever possible +* Update supported TLS ciphers and curves for IRMA server +* Fixed potential bug allowing MitM attacker to arbitrarily change installed schemes +* Fixed potential DoS attack in IRMA server endpoints (sending it large amounts of data or keeping connections open indefinitely) + + +## [0.5.0-rc.2] - 2020-04-21 + +### Added +* Revocation of previously issued credentials (see [documentation](https://irma.app/docs/revocation/)) +* Support HTTP/2 in IRMA server and app +* Option `--skip-permission-keys-check` to IRMA server disabling checking that all required private keys are present in the server configuration + +### Changed +* Use go modules instead of `dep` for tracking and locking dependencies + +### Fixed +* `irmaserver` HTTP handler returns 404 an 405 as JSON error messages as expected +* Consistently use a docopt/git/aptitude like format for usage sections in help of `irma` subcommands +* Incorrect default value of `--url` flag to `irma session` subcommand +* IRMA server no longer allows nonsensical wildcard usage in [requestor permissions](https://irma.app/docs/irma-server/#permissions) + +### Security +* `irma issuer keygen` now has default keylength 2048 +* Added various sanity checks to files and file paths +* Fixed potential scheme downgrade attack when installing/updating schemes in MitM scenarios + + ## [0.5.0-rc.1] - 2020-03-03 ### Added - Include `clientReturnURL` in session request @@ -21,6 +60,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 - `irma server` no longer crashes at startup if no network interfaces are available - Various bugs in `irma server` configuration + ## [0.4.1] - 2019-10-15 ### Changed - Renamed `irma session` flag `--authmethod` to `--auth-method` for consistency with server `Configuration` struct @@ -41,6 +81,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 - Combined issuance-disclosure requests with two schemes one of which has a keyshare server now work as expected - Various other bugfixes +[0.5.0-rc.3]: https://github.com/privacybydesign/irmago/compare/v0.5.0-rc.2...v0.5.0-rc.3 +[0.5.0-rc.2]: https://github.com/privacybydesign/irmago/compare/v0.5.0-rc.1...v0.5.0-rc.2 [0.5.0-rc.1]: https://github.com/privacybydesign/irmago/compare/v0.4.1...v0.5.0-rc.1 [0.4.1]: https://github.com/privacybydesign/irmago/compare/v0.4.0...v0.4.1 [0.4.0]: https://github.com/privacybydesign/irmago/tree/v0.4.0 diff --git a/version.go b/version.go index face60894..984a97085 100644 --- a/version.go +++ b/version.go @@ -5,4 +5,4 @@ package irma // Version of the IRMA command line and libraries -const Version = "0.5.0-rc.2" +const Version = "0.5.0-rc.3"