v0.16.0

Added

• Option to configure client mtls redis cert and key for irma server, irma keyshare server and irma keyshare myirmaserver

Security

• Update go toolchain to 1.22.5
• Update github.com/hashicorp/go-retryablehttp dependency from 0.7.1 to 0.7.7

Internal

• Phase out deprecated GitHub Actions packages

v0.15.2

Security

• Update go toolchain to 1.22.1
• Update github.com/jackc/pgx/v5 dependency from 5.4.3 to 5.5.4

Internal

• Fix sqlserver tests in GitHub Actions workflow

v0.15.1

Fixed

• RemoveScheme function in irmaclient already stripping storage before checking whether the scheme is in assets

Security

• Update go toolchain to 1.21.5

v0.15.0

Added

• Support for Redis in Sentinel mode
• Redis support for irma keyshare server and irma keyshare myirmaserver
• /health endpoint for irma server, irma keyshare server and irma keyshare myirmaserver
• RemoveRequestorScheme function in irmaclient to remove a requestor scheme from the irma_configuration directory

Changed

• Using optimistic locking in the irma server instead of pessimistic locking
• storage-fallback-key-file option of irma keyshare server being replaced by storage-fallback-keys-dir option

Fixed

• HTTP cookies not stored in irmaclient when received from a Set-Cookie header
• Invalid hostname specified in MX record bypasses e-mail address revalidation
• Background revocation tasks not stopped when closing an irmaclient
• RemoveScheme function in irmaclient not deleting issuer schemes without a keyshare server (#260)

Internal

• Fixed issue with expired irma-demo.MijnOverheid key in testdata
• Always use testdata of current branch for integration-test jobs in GitHub Actions workflow

v0.14.2

Fixed

• IRMA session gets stuck in communicating status when user is requested to confirm PIN in irmaclient

v0.14.1

Fixed

• Improve stability of database drivers by bumping their versions

Security

• Use Go toolchain version 1.21.3 for building irma CLI tool

Internal

• Fixed failing tests due to expired test.test2 idemix key

v0.14.0

Note for users of the irmaclient package (e.g. maintainers of the Yivi app): the KeyshareVerifyPin function requires the renewal endpoint for the keyshare attribute to be present. Therefore, this version should first be deployed on keyshare servers before the client side can be upgraded.

Added

• Option skipExpiryCheck in disclosure requests to allow disclosure of expired credentials (e.g. "skipExpiryCheck": ["irma-demo.sidn-pbdf.email"])
• Option host in session request to overrule host name in IRMA QR if permission has been granted (see below)

  {
    "@context": "https://irma.app/ld/request/disclosure/v2",
    "host": "irma.example.com",
    "disclose": ...
  }
  

  This leads to the following session package:

  {
    "token":"KzxuWKwL5KGLKr4uerws",
    "sessionPtr": {"u":"https://irma.example.com/irma/session/ysDohpoySavbHAUDjmpz","irmaqr":"disclosing"},
    "frontendRequest": {
      "authorization":"qGrMmL8UZwZ88Sq8gobV",
      "minProtocolVersion": "1.0",
      "maxProtocolVersion": "1.1"
    }
  }
  

• Permission option host_perms in the requestor configuration to specify which values a requestor may use for the host option in session requests

  {
    "requestors": {
        "myapp": {
            "disclose_perms": [ "irma-demo.MijnOverheid.ageLower.over18" ],
            "sign_perms": [ "irma-demo.MijnOverheid.ageLower.*" ],
            "issue_perms": [ "irma-demo.MijnOverheid.ageLower" ],
            "host_perms": ["*.example.com"]
            "auth_method": "token",
            "key": "eGE2PSomOT84amVVdTU"
        }
    }
  }
  

• Renewal endpoint for keyshare attribute in the keyshare server (/users/renewKeyshareAttribute)
• Keyshare server /api/v2/prove/... endpoints for the new keyshare protocol

Changed

• KeyshareVerifyPin function in irmaclient ensures the keyshare attribute is valid
• Sending the account expiry email is done when user has only valid e-mail addresses
• Strip unnecessary details from database errors

Fixed

• User account expiry continues when one or more e-mail addresses are marked for revalidation

v0.13.3

Fixed

• Auto-update mechanism of IRMA configuration not working in ghcr.io/privacybydesign/irma Docker container
• Panics occur when the timestamp file does not exist in a scheme directory

v0.13.2

What's Changed

• feat: remove mail header 'Content-Transfer-Encoding: binary' by @sanderhollaar in #331

Full Changelog: v0.13.1...v0.13.2

v0.13.1

Fixed

• Invalid amount of arguments in query scan when e-mail revalidation is disabled