Skip to content

v0.14.0

Latest
Latest

Choose a tag to compare

View all tags
@manpsarakis manpsarakis released this 10 Mar 08:34
· 1 commit to main since this release
v0.14.0
8999e3d
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

What's Changed

  • Check nonce in verification of key binding JWTs by @manpsarakis in #125
  • Enforced validation of critical security claims (nbf, exp, aud) in both issuance and presentation verification to prevent bypass vulnerabilities. by @manpsarakis in #131
  • Enhanced KB-JWT verification to properly validate audience (aud) and issued-at (iat) claims. by @manpsarakis in #133
  • Added DigestCollector utility to ensure all disclosure digests within an SD-JWT payload are unique, preventing digest collisions. by @manpsarakis in #136
  • Introduced DecoyConfiguration with per-object minimum decoy generation using cryptographically secure random number generation (SecureRandom). This replaces the previous global decoy limit for better privacy guarantees. by @manpsarakis in #136
  • Fixed sd_hash computation to correctly use the SD-JWT's specified hash algorithm by @manpsarakis in #139
  • KB-JWTs to use the same hash algorithm as the disclosures within by @manpsarakis in #140

Breaking Changes

  • Enveloped format support has been removed. The library now exclusively supports the compact presentation format as per the latest SD-JWT specifications by @manpsarakis in #138

Full Changelog: v0.13.1...v0.14.0

Contributors

manpsarakis
Assets 2
Loading