Skip to content

Releases: Yubico/java-webauthn-server

Pre-release 1.9.0-RC2

20 Apr 23:40
@emlun emlun
1.9.0-RC2
This tag was signed with the committer’s verified signature. The key has expired.
emlun Emil Lundberg
GPG key ID: B9C3C1205DB091E2
Expired
Verified
Learn about vigilant mode.
d329b8e
This commit was signed with the committer’s verified signature. The key has expired.
emlun Emil Lundberg
GPG key ID: B9C3C1205DB091E2
Expired
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
Pre-release 1.9.0-RC2 Pre-release
Pre-release
  • Dependency versions moved to new meta-module webauthn-server-parent. Users should never need to depend on webauthn-server-parent directly.

Artifacts built with openjdk 11.0.10 2021-01-19.

Assets 5
Loading

Pre-release 1.9.0-RC1

19 Apr 17:09
@emlun emlun
1.9.0-RC1
This tag was signed with the committer’s verified signature. The key has expired.
emlun Emil Lundberg
GPG key ID: B9C3C1205DB091E2
Expired
Verified
Learn about vigilant mode.
a13daee
This commit was signed with the committer’s verified signature. The key has expired.
emlun Emil Lundberg
GPG key ID: B9C3C1205DB091E2
Expired
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
Pre-release 1.9.0-RC1 Pre-release
Pre-release

webauthn-server-attestation:

  • Fixed that SimpleAttestationResolver would return empty transports when transports are unknown.

webauthn-server-core:

  • Added support for the "apple" attestation statement format.

Artifacts built with openjdk 11.0.10 2021-01-19.

Assets 5
Loading

Version 1.8.0

15 Mar 17:46
@emlun emlun
1.8.0
This tag was signed with the committer’s verified signature. The key has expired.
emlun Emil Lundberg
GPG key ID: B9C3C1205DB091E2
Expired
Verified
Learn about vigilant mode.
9023482
This commit was signed with the committer’s verified signature. The key has expired.
emlun Emil Lundberg
GPG key ID: B9C3C1205DB091E2
Expired
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
Version 1.8.0

Changes:

  • BouncyCastle dependency is now optional.

    In order to opt out, depend on webauthn-server-core-minimal instead of webauthn-server-core. This is not recommended unless you know your JVM includes JCA providers for all signature algorithms.

    Note that webauthn-server-attestation still depends on BouncyCastle.

  • Jackson deserializer for PublicKeyCredential now allows a rawId property to be present if id is not present, or if rawId equals id.

Artifacts built with openjdk 11.0.10 2021-01-19.

Assets 5
Loading

Version 1.7.0

19 Oct 16:26
@emlun emlun
1.7.0
This tag was signed with the committer’s verified signature. The key has expired.
emlun Emil Lundberg
GPG key ID: B9C3C1205DB091E2
Expired
Verified
Learn about vigilant mode.
8293a6a
This commit was signed with the committer’s verified signature. The key has expired.
emlun Emil Lundberg
GPG key ID: B9C3C1205DB091E2
Expired
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
Version 1.7.0

webauthn-server-attestation:

  • Updated name of AAGUID 2fc0579f811347eab116bb5a8db9202a to "YubiKey 5/5C NFC"
  • Changed name of "YubiKey 5 Series security key" to "YubiKey 5 Series"

webauthn-server-core:

Changes:

  • Fixed crash on unknown attestation statement formats
    • Unless RelyingParty.allowUntrustedAttestation is set to false, unknown attestation statements will now pass as untrusted attestations, instead of throwing an IllegalArgumentException.
  • Disambiguated Jackson deserialization of class AuthenticatorTransport

New features:

  • Class RegisteredCredential can now be serialized to and deserialized from JSON.

Artifacts built with openjdk 11.0.8 2020-07-14.

Assets 4
Loading

Pre-release 1.7.0-RC1

05 Oct 14:58
@emlun emlun
1.7.0-RC1
This tag was signed with the committer’s verified signature. The key has expired.
emlun Emil Lundberg
GPG key ID: B9C3C1205DB091E2
Expired
Verified
Learn about vigilant mode.
cf0dc37
This commit was signed with the committer’s verified signature. The key has expired.
emlun Emil Lundberg
GPG key ID: B9C3C1205DB091E2
Expired
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
Pre-release 1.7.0-RC1 Pre-release
Pre-release

Changes:

  • Fixed crash on unknown attestation statement formats
    • Unless RelyingParty.allowUntrustedAttestation is set to false, unknown attestation statements will now pass as untrusted attestations, instead of throwing an IllegalArgumentException.

New features:

  • Class RegisteredCredential can now be serialized to and deserialized from JSON.

Artifacts built with openjdk 11.0.8 2020-07-14.

Assets 4
Loading

Version 1.6.4

26 Jun 11:38
@emlun emlun
1.6.4
This tag was signed with the committer’s verified signature. The key has expired.
emlun Emil Lundberg
GPG key ID: B9C3C1205DB091E2
Expired
Verified
Learn about vigilant mode.
a32f39b
This commit was signed with the committer’s verified signature. The key has expired.
emlun Emil Lundberg
GPG key ID: B9C3C1205DB091E2
Expired
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
Version 1.6.4
  • Changed dependency declarations to version ranges
  • Bumped Guava dependency to version [24.1.1,30) in response to CVE-2018-10237

Artifacts built with openjdk 11.0.7 2020-04-14.

Assets 4
Loading

Version 1.6.3

25 May 16:29
@emlun emlun
1.6.3
This tag was signed with the committer’s verified signature. The key has expired.
emlun Emil Lundberg
GPG key ID: B9C3C1205DB091E2
Expired
Verified
Learn about vigilant mode.
74ff8c6
This commit was signed with the committer’s verified signature. The key has expired.
emlun Emil Lundberg
GPG key ID: B9C3C1205DB091E2
Expired
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
Version 1.6.3

webauthn-server-attestation:

  • Added new YubiKey AAGUIDs to metadata.json

webauthn-server-core:

Artifacts built with openjdk 11.0.6 2020-01-14.

Assets 4
Loading

Pre-release 1.6.3-RC1

07 May 16:09
@emlun emlun
1.6.3-RC1
This tag was signed with the committer’s verified signature. The key has expired.
emlun Emil Lundberg
GPG key ID: B9C3C1205DB091E2
Expired
Verified
Learn about vigilant mode.
94708c0
This commit was signed with the committer’s verified signature. The key has expired.
emlun Emil Lundberg
GPG key ID: B9C3C1205DB091E2
Expired
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
Pre-release 1.6.3-RC1 Pre-release
Pre-release

webauthn-server-attestation:

  • Added new YubiKey AAGUIDs to metadata.json

webauthn-server-core:

Artifacts built with openjdk 11.0.6 2020-01-14.

Assets 4
Loading

Version 1.6.2

30 Mar 10:29
@emlun emlun
1.6.2
This tag was signed with the committer’s verified signature. The key has expired.
emlun Emil Lundberg
GPG key ID: B9C3C1205DB091E2
Expired
Verified
Learn about vigilant mode.
bc94105
This commit was signed with the committer’s verified signature. The key has expired.
emlun Emil Lundberg
GPG key ID: B9C3C1205DB091E2
Expired
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
Version 1.6.2
  • Fixed dependencies missing from release POM metadata

Artifacts built with openjdk 11.0.6 2020-01-14.

Assets 4
Loading

Version 1.6.1

05 Mar 16:16
@emlun emlun
1.6.1
This tag was signed with the committer’s verified signature. The key has expired.
emlun Emil Lundberg
GPG key ID: D8588A5844E2A774
Expired
Verified
Learn about vigilant mode.
1bdb93d
This commit was signed with the committer’s verified signature. The key has expired.
emlun Emil Lundberg
GPG key ID: D8588A5844E2A774
Expired
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
Version 1.6.1

Security fixes:

Artifacts built with openjdk 11.0.6 2020-01-14.

Assets 4
Loading