Skip to content

Pre-release 2.5.0-RC1

Pre-release
Pre-release
Compare
Choose a tag to compare
@emlun emlun released this 26 Jun 15:40
· 220 commits to main since this release
2.5.0-RC1
This tag was signed with the committer’s verified signature.
emlun Emil Lundberg
GPG key ID: 0F47E61493A9B8E5
Verified
Learn about vigilant mode.
864a1dc
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.

webauthn-server-core:

Breaking changes to experimental features:

  • Added Jackson annotation @JsonProperty to method RegisteredCredential.isBackedUp(), changing the property name from backedUp to backupState. backedUp is still accepted during deserialization but will no longer be emitted during serialization.

New features:

  • Added method .isUserVerified() to RegistrationResult and AssertionResult as a shortcut for accessing the UV flag in authenticator data.
  • Updated README and JavaDoc to use the "passkey" term and provide more guidance around passkey use cases.
  • Added Automatic-Module-Name to jar manifest.

Fixes:

  • AuthenticatorAttestationResponse now tolerates and ignores properties "publicKey" and "publicKeyAlgorithm" during JSON deserialization. These properties are emitted by the PublicKeyCredential.toJSON() method added in WebAuthn Level 3.

webauthn-server-attestation:

New features:

  • Added option verifyDownloadsOnly(boolean) to FidoMetadataDownloader. When set to true, the BLOB signature will not be verified when loading a BLOB from cache or when explicitly given. Default setting is false, which preserves the previous behaviour.
  • Added Automatic-Module-Name to jar manifest.

Fixes:

  • Made Jackson setting PROPAGATE_TRANSIENT_MARKER unnecessary for JSON serialization with Jackson version 2.15.0-rc1 and later.

Artifacts built with openjdk version "17.0.7" 2023-04-18.

Assets 4
Loading