Release 2.8.1

Fixes:

- Relaxed Guava dependency version constraint to include major version 33.

Author: emlun

.github/workflows/release-verify-signatures.yml

@@ -15,7 +15,7 @@ jobs:
 
     steps:
     - name: Fetch keys
-      run: gpg --no-default-keyring --keyring ./yubico.keyring --keyserver hkps://keys.openpgp.org --recv-keys 57A9DEED4C6D962A923BB691816F3ED99921835E
+      run: gpg --no-default-keyring --keyring ./yubico.keyring --keyserver hkps://keys.openpgp.org --recv-keys 57A9DEED4C6D962A923BB691816F3ED99921835E 9E885C0302F9BB9167529C2D5CBA11E6ADC7BCD1
 
     - name: Download signatures from Maven Central
       timeout-minutes: 60

NEWS

@@ -1,3 +1,10 @@
+== Version 2.8.1 ==
+
+Fixes:
+
+* Relaxed Guava dependency version constraint to include major version 33.
+
+
 == Version 2.8.0 ==
 
 `webauthn-server-core`:

README

@@ -58,7 +58,7 @@ Example:
 JRELEASER_MAVENCENTRAL_USERNAME=PYgw7b
 JRELEASER_MAVENCENTRAL_PASSWORD=QxExuJ0wwfBzbXVOsaSTUTBkXH8Fa2dFo
 JRELEASER_GPG_KEYNAME=2D6753CFF0B0FB32F9EEBA485B9688125FF0B636
-JRELEASER_MAVENCENTRAL_STAGE=UPLOAD
+JRELEASER_MAVENCENTRAL_STAGE=FULL
 JRELEASER_GITHUB_TOKEN=nope
 ```
 
@@ -69,3 +69,8 @@ Publishing a release
 ---
 
 See the [release checklist](./releasing.md).
+
+The first time you publish a release, request to have your PGP key added to the trusted keyring in the [`release-verify-signatures` workflow][workflow-release-src].
+
+
+[workflow-release-src]: https://github.com/Yubico/java-webauthn-server/blob/main/.github/workflows/release-verify-signatures.yml

doc/development.md

@@ -22,7 +22,7 @@ dependencyResolutionManagement {
     versionCatalogs {
         create("constraintLibs") {
             library("cbor", "com.upokecenter:cbor:[4.5.1,5)")
-            library("guava", "com.google.guava:guava:[24.1.1,33)")
+            library("guava", "com.google.guava:guava:[24.1.1,34)")
             library("httpclient5", "org.apache.httpcomponents.client5", "httpclient5").version {
               strictly("[5.0.0,6)")
               reject("[5.4-alpha1,5.4.3)")

settings.gradle.kts

@@ -46,7 +46,7 @@ layer.
 This layer manages the general architecture of the system, and is where most
 business logic and integration code would go. The demo server implements the
 "persistent" storage of users and credential registrations - the
-link:https://developers.yubico.com/java-webauthn-server/JavaDoc/webauthn-server-core/2.8.0/com/yubico/webauthn/CredentialRepository.html[`CredentialRepository`]
+link:https://developers.yubico.com/java-webauthn-server/JavaDoc/webauthn-server-core/2.8.1/com/yubico/webauthn/CredentialRepository.html[`CredentialRepository`]
 integration point - as the
 link:https://github.com/Yubico/java-webauthn-server/blob/main/webauthn-server-demo/src/main/java/demo/webauthn/InMemoryRegistrationStorage.java[`InMemoryRegistrationStorage`]
 class, which simply keeps them stored in memory for a limited time. The
@@ -60,7 +60,7 @@ would be specific to a particular Relying Party (RP) would go in this layer.
 - The server layer in turn calls the *library layer*, which is where the
   link:../webauthn-server-core/[`webauthn-server-core`]
   library gets involved. The entry point into the library is the
-  link:https://developers.yubico.com/java-webauthn-server/JavaDoc/webauthn-server-core/2.8.0/com/yubico/webauthn/RelyingParty.html[`RelyingParty`]
+  link:https://developers.yubico.com/java-webauthn-server/JavaDoc/webauthn-server-core/2.8.1/com/yubico/webauthn/RelyingParty.html[`RelyingParty`]
   class.
 +
 This layer implements the Web Authentication
@@ -71,14 +71,14 @@ and exposes integration points for storage of challenges and credentials. Some
 notable integration points are:
 +
 ** The library user must provide an implementation of the
-link:https://developers.yubico.com/java-webauthn-server/JavaDoc/webauthn-server-core/2.8.0/com/yubico/webauthn/CredentialRepository.html[`CredentialRepository`]
+link:https://developers.yubico.com/java-webauthn-server/JavaDoc/webauthn-server-core/2.8.1/com/yubico/webauthn/CredentialRepository.html[`CredentialRepository`]
 interface to use for looking up stored public keys, user handles and signature
 counters.
 The example app does this via the
 link:https://github.com/Yubico/java-webauthn-server/blob/main/webauthn-server-demo/src/main/java/demo/webauthn/InMemoryRegistrationStorage.java[`InMemoryRegistrationStorage`]
 class.
 ** The library user can optionally provide an instance of the
-link:https://developers.yubico.com/java-webauthn-server/JavaDoc/webauthn-server-core/2.8.0/com/yubico/webauthn/attestation/AttestationTrustSource.html[`AttestationTrustSource`]
+link:https://developers.yubico.com/java-webauthn-server/JavaDoc/webauthn-server-core/2.8.1/com/yubico/webauthn/attestation/AttestationTrustSource.html[`AttestationTrustSource`]
 interface to enable identification and validation of authenticator models. This
 instance is then used to look up trusted attestation root certificates. The
 link:../webauthn-server-attestation/[`webauthn-server-attestation`]
@@ -170,7 +170,7 @@ controlled by the parent web server.
     the server will report. Example: `YUBICO_WEBAUTHN_RP_NAME='Yubico Web Authentication demo'`
 
   - `YUBICO_WEBAUTHN_USE_FIDO_MDS`: If set to `true` (case-insensitive), use
-    https://developers.yubico.com/java-webauthn-server/JavaDoc/webauthn-server-attestation/2.8.0/com/yubico/fido/metadata/FidoMetadataService.html[`FidoMetadataService`]
+    https://developers.yubico.com/java-webauthn-server/JavaDoc/webauthn-server-attestation/2.8.1/com/yubico/fido/metadata/FidoMetadataService.html[`FidoMetadataService`]
     from the link:../webauthn-server-attestation[`webauthn-server-attestation`]
     module as a source of attestation data in addition to the static JSON file
     bundled with the demo. This will write cache files to the