Releases: fedi-e2ee/pkd-server-php
Releases · fedi-e2ee/pkd-server-php
Release list
v0.8.0
Warning
Breaking changes: we are switching to ML-DSA-44.
Ed25519 is still supported for HTTP Message Signatures, but nowhere else.
What's Changed
- Viewhash moreinfo by @soatok in #74
- Migrate to post-quantum signatures by @soatok in #76
- Install ext-pqcrypto to make fuzzing faster by @soatok in #77
- Test that ed25519 keys are only accepted for RFC 9421 by @soatok in #78
- Fix CI annoyances by @soatok in #79
- Pre-release boyscouting for v0.8.0 by @soatok in #80
Full Changelog: v0.7.0...v0.8.0
v0.7.0
What's Changed
- Updated dependencies, rerun code-style fixes by @soatok in #72
- Pre-0.7.0 fixes by @soatok in #73
- BurnDown is now disabled if no OTP is configured by the group admins (rather than failing open)
- Tighten permissions on HPKE keys
- Added configuration option for disabling BurnDown messages
- Fixed concurrency issues with SQLite
- Avoid more string concatenation in SQL
- No security issues here, just a matter of taste (it was OFFSET {$integer} and LIMIT {$integer})
Full Changelog: v0.6.3...v0.7.0
v0.6.3
v0.6.2
What's Changed
- Fix style by @soatok in #70
- Dead code in Update ReqTrait.php? by @shleeable in #69
New Contributors
- @shleeable made their first contribution in #69
Full Changelog: v0.6.1...v0.6.2
v0.6.1
v0.6.0
v0.5.1
Fixed a unit test failure from https://github.com/fedi-e2ee/pkd-server-php/releases/tag/v0.5.0
Full Changelog: v0.5.0...v0.5.1
v0.5.0
Security: The previous versions did not enforce some constraints around RevokeKey. It was possible to revoke your only key. Now, the constraint has been fixed and test coverage has been added to prevent regressions.
EDIT: https://github.com/fedi-e2ee/pkd-server-php/releases/tag/v0.5.1 fixes a unit test.
What's Changed
- Add differential fuzzing between Protocol and Witness by @soatok in #65
- Enforce Revoke constraints demanded by the Specification by @soatok in #66
Full Changelog: v0.4.2...v0.5.0