Releases: signalapp/libsignal
Releases · signalapp/libsignal
v0.46.2
- net: Fix regression in TLS verification introduced in v0.46.1 (every non-Signal certificate would fail *except* on Linux) - Rust: net's DnsResolver has a useful Default implementation again
v0.46.1
- net: Expose authenticated sends on ChatService. (Note that there is yet no way to get messages *from* the server.) - net: Setting an invalid proxy from Java/Swift/TypeScript will now result in all connections failing until it's cleared or replaced. - net: Many internal improvements, including - DNS lookups will fall back to DNS-over-HTTPS to Cloudflare - Connection requests are debounced - TLS verification will now succeed on Linux for non-Signal servers
v0.46.0
- Net now requires a user agent string on initialization. - Restores ProfileKeyCredentialPresentationV1, removed in v0.43.0. While this is no longer presented by clients, it can still appear in old gv2 change actions. - ServiceId is now Comparable in Java and Swift, Ord in Rust. In JavaScript, ServiceId.comparator provides the same ordering. The order is consistent across all platforms. - Swift: The message backup stream factory function can now throw. - Rust: libsignal-protocol timestamps now use a strong type. - The LibSignalClient podspec is now compatible with GNU ln as well as macOS's standard BSD ln.
v0.45.1
Network: - Improved logging - Replaced rustls-native-certs with rustls-platform-verifier Swift: - Use thin LTO even in debug builds - C functions with no arguments are declared '(void)', not '()'
v0.45.0
- BackupAuthCredential now uses an enum for its level; credentials containing unknown levels will fail to deserialize. Receiving a BackupAuthCredentialResponse no longer requires an expected level, but now requires a timestamp; this timestamp should be the one provided by the server as the key in the JSON object containing the response. - The backup validator has been updated; in particular, it now expects the IV to be in the file, and allows padding after the compressed backup frames. - Support for issuing AuthCredentials with the PNI reinterpreted as an ACI has been removed. - The connectionReused field from ChatService's DebugInfo has been removed. - SVR3 now supports TPM2SNP on GCP, and no longer supports it on Azure. - Node: Exposed Net.setIpv6Enabled(). IPv6 remains on by default. - Java: libsignal's CompletableFuture now supports whenComplete. - Java: A number of ClassNotFound issues have been quashed. - Swift: PreKeyBundle.preKeyId no longer returns the *signed* pre-key ID, and the Kyber key info, if any, is available as well. - Swift: Add missing invalidAttestationData and connectionFailed error cases. - Rust: More zkcredential and zkgroup types implement Debug and PartialEq. More types in several crates implement Error. - Changes for upstream boring v4.6.0 have been merged.
v0.44.0
- All platforms: TLS proxy support added - Node: ChatService extracted in a separate class - GroupSendEndorsement: refine issuance proof - Internal changes to the reconnect logic in libsignal-net
v0.43.0
- Exposed API for unauthenticated chat service communication in Swift and Java. This closely follows the existing TypeScript API. - Disabled chat connection auto-reconnect on disconnect(). - Added cleanup code to close chat server connections more promptly. - Removed timeout parameters for SVR3 and CDSI operations. - Improved CDSI error handling. More granular error types are returned and additional server errors are now handled correctly. - Updated message backup protobuf definition. - Removed ProfileKeyCredentialPresentationV1 which is no longer used.
v0.42.0
- GroupSendEndorsement has been added, and GroupSendCredential has been removed. Endorsements are similar to credentials but have some different characteristics; see endorsements.rs in the zkcredential crate for more information. THIS REQUIRES UPDATED SERVER ZKPARAMS. - AuthCredentialZkc has been added as a variant of AuthCredentialWithPni that's built on top of zkcredential rather than bespoke poksho proofs. The PNI-less AuthCredential has been removed in favor of AuthCredentialWithPni and AuthCredentialZkc. - SVR3 now supports enclaves based on AMD SEV SNP with TPM2 attestation. The default configuration in libsignal-net is now 3-of-3 secret sharing. (Note that this is still only supported in staging at this time.) - cpufeatures is no longer an unconditional requirement for libsignal-ffi. (Thanks, @Kladki!) - The Java code now uses Java 17; the Android build additionally requires SDK 34 to desugar `record` classes. - Rust dependencies have been updated.
v0.41.2
- Reverted a breaking change (zkgroup: Implement GroupSendEndorsements)
v0.41.1
- protocol: Flip SSv2 encryption to the "new" key derivation (no client-visible impact) - Update message backup proto definition - Fix a configuration issue for libsignal-net