Wallet 0.2.2

Release date: 25th of October, 2024

• All commits in this release: v0.2.1...v0.2.2
• Documentation for this release: https://github.com/MinBZK/nl-wallet/blob/v0.2.2/documentation/index.md

We have the following artifacts as a part of this release:

• wallet-sbom_v0.2.2_generic.zip: The software-bill-of-materials for this release
• wallet-verification-server_v0.2.2_x86_64-linux-glibc.zip: The wallet verification server for relying parties, for glibc-based Linux systems
• wallet-verification-server_v0.2.2_x86_64-linux-musl.zip: The wallet verification server for relying parties, for musl-libc based Linux systems
• wallet-web_v0.2.2_generic.zip: The javascript helper library for relying parties, to assist with integrating relying party applications with the wallet platform

Upgrade Instructions

• verification_server.toml: The verifier.trust_anchors setting is moved one level up and renamed to issuer_trust_anchors
• verification_server.toml: Sentry support is removed from the verification_server, so the [sentry] configuration setting is removed
• verification_server.toml: A new configuration setting reader_trust_anchors has been added, which should contain the trusted CAs that issue reader certificates

Changes

• Implement change_pin flow in wallet
• Implement e2e tests for (e2e) testable AC's
• Support simultaneous reading and writing of encrypted preloaded data
• Add test data for demo BSNs
• Add job for encrypting example GBA-V data
• Focus op onzichtbare elementen
• Markering kopteksten
• Add Elf-proef to Bsn
• Add option to delete single and all preloaded data
• [App] Kleurcontrast hyperlink
• Update CI to add RP url to profile Android build
• Implement web frontend for gba_fetch
• Once GBA-V fixes their TLS negotiation, remove max_tls_version constraint in gba-hc-converter
• alerts/vulnerabilities uit OWASP ZAP scans
• Root/Jailbreak screen is always scrollable
• Privacy Policy and Terms&Conditions
• Implement Proof of Association (PoA) during issuance in wallet and WP
• Add configurable Origin to verification_server
• Add performance_test to main pipeline
• Live preloading of BRP data
• Implement PIN change in wallet core and wallet provider
• Issue WTE using WP instruction and OpenID4VCI
• Validate RP and issuer keypairs on wallet server startup
• Mock relying party Docker image doesn't get release tag
• Warning in pipeline stage(s) if there are vulnerabilities
• unexpected errors capture error in panic message
• Improve Sentry sensitive data handling
• Improve Sentry sensitive data handling in Flutter
• Update Ruby to 3.x in CI images
• Document how we handle logging of possibly privacy-sensitive data to Sentry
• Minimum requirements in README.md
• [Improvement] Login - See details button
• Execute manual e2e tests for release v0.2.2
• Execute manual performance tests for release v0.2.2
• Fix e2e introduction privacy & conditions tests
• Figure out if our served CSP is really a wildcard directive and fix, if needed
• Fix wallet_web vulnerability in rollup:4.22.1
• Yanked package futures-util op wallet_core verhelpen
• Sync Lokalise & update English privacy texts
• Publication of release v0.2.2
• Documentatie mbt genereren certificaten niet correct waardoor RPs niet kunnen aansluiten
• Support Rustls 0.23.10 and up
• Update mapping documentation
• Fix UX 3.1 "Personalize" e2e tests after PID content update
• Update Figma links for v0.2.2
• Automate wallet web e2e/acceptance test

Wallet 0.2.1

Release date: 23rd of September, 2024

• All commits in this release: v0.2.0...v0.2.1
• Documentation for this release: https://github.com/MinBZK/nl-wallet/blob/v0.2.1/documentation/index.md

We have the following artifacts as a part of this release:

• wallet-sbom_v0.2.1_generic.zip: The software-bill-of-materials for this release
• wallet-verification-server_v0.2.1_x86_64-linux-glibc.zip: The wallet verification server for relying parties, for glibc-based Linux systems
• wallet-verification-server_v0.2.1_x86_64-linux-musl.zip: The wallet verification server for relying parties, for musl-libc based Linux systems
• wallet-web_v0.2.1_generic.zip: The javascript helper library for relying parties, to assist with integrating relying party applications with the wallet platform

Note: this release fixes a security issue we discovered in our wallet_web client helper library, which causes the build step to include a copy of the running environment into the target javascript files. You are advised to upgrade to at least v0.2.1 as soon as possible. The issue and the fix can be seen in this diff.

Changes

• Fix for process.env exposure issue in vite.config.ts
• Privacy policy messaging updates
• Corrected request_origin_base_url in RP docs
• Upgrade to Vite.js 4.22.1
• Fixes for CVE-2024-45811 and CVE-2024-45812
• Run e2e tests on JDK 17
• Split e2e test suites into separate jobs
• Update root illustration
• Update sentry_flutter to 8.9.0
• Fix iOS 16 build
• Update icon color
• Fix for scanner orientation bug
• Shared attributes outline fix
• Support for generic ECDSA keys in OpenID4VCI
• Initial implementation of Apple attestation
• Extract UI automation CI logic to file
• Documented wallet_web
• Update to Flutter 3.24.2
• Initial implementation of change pin
• Root/Jailbreak detection enabled
• Do not use JWT for requesting challenges from WP
• Use UTC instead of Local time internally
• Added back button
• Refreshed goldens
• Handle RUSTSEC-2024-0373
• Exclude generated code directories from Sonar analysis
• Update DigID loading states
• Updated progress-bar
• Animation play/pause fixes
• Various biometric improvements
• Fix duplicate card title announcement
• Support JWT attestation format
• Refactor OpenID4VCI to support other attestation formats
• Fix version setting by release tag for docker image builds

Wallet 0.2.0

Release date: 2nd of September, 2024

• All commits in this release: v0.1.32...v0.2.0
• Documentation for this release: https://github.com/MinBZK/nl-wallet/blob/v0.2.0/documentation/index.md

This is the first release that also contains release artifacts that are not just the automatically generated source code tarballs. Specifically, we have the following artifacts as a part of this release:

• wallet-sbom_v0.2.0_generic.zip: The software-bill-of-materials for this release
• wallet-verification-server_v0.2.0_x86_64-linux-glibc.zip: The wallet verification server for relying parties, for glibc-based Linux systems
• wallet-verification-server_v0.2.0_x86_64-linux-musl.zip: The wallet verification server for relying parties, for musl-libc based Linux systems
• wallet-web_v0.2.0_generic.zip: The javascript helper library for relying parties, to assist with integrating relying party applications with the wallet platform

Changes

• First release with binary artifacts (see below)
• Synchronized versioning for all components: wallet_core, wallet_app and wallet_web
• Cleaned up git tags, synchronized version tags in private and public repositories
• Archived ISO disclosure protocol
• Various work related to CI/CD and deployment
• Remove MdocsMap type from mdoc crate
• Place MdocKeyType::Software behind feature
• Move SingleKeyRing behind test feature
• Remove unused method from KeyRing trait
• Use public version of RDO max
• Handle DigiD app2app errors
• Hashes in MRP docker images
• Update to Flutter 3.24.0
• Announce when scanner is active
• Update android-flutter-rust app builder
• Strip CBOR specifics from JSON serialized attributes
• Use serde_with for serializing CBOR values into JSON
• Updated OpenAPI documentation
• Improve verifier API integration tests
• Removed unnecessary entries in Cargo.toml
• Use base64 with padding for encoding CBOR bytes
• Add issuer CA to disclosed attributes
• Downgrade activesupport gem to 7.1.4
• Various accessibility improvements
• Issuance logging improvements
• Fix CVE-2024-6783 by upgrading to axios 1.7.5
• Use local time for WalletEvents
• Various tiny CSS fixes
• Do not start challenge transaction before retrieving wallet_user
• Fix wallet provider transaction bug
• Performance test stability improvements
• Reintroduce crisp-edges as fallback for older Firefoxen
• Fix missing Rust dependencies in SBOM
• Add wallet_web dependencies to SBOM
• Binary creation in separate job(s) from Docker image creation
• Support biometric unlock
• Add help link to error and confirm stop sections
• Fix disclosure universal link path
• Updated Figma links in README.md
• Fix for Android camera resolution issue

Wallet 0.1.32

Release date: 13th of August 2024

All commits in this release: v0.1.31...v0.1.32

Features

• Flutter:​
  • UI implementation of 'change pin' flow​
  • Update golden test images​
  • Fix pre-audit accessibility feedback​
  • Update to Flutter 3.24.0 (WIP)​
• Documentation wallet_server for verification/receiving provisioning​
• First pre-release verification_server, documentation and wallet_web​
• English language included in demo RP​

UI tweaks

• Fix (camera) permission not being requested​
• Bump Flutter SDK version to 3.22.3​​
• Update golden tests​​
• Slow down dashboard transition​​

Other tweaks

• Update bytes to v1.6.1 and openssl to v0.10.66​
• Add Cache-Control: 'no-store' to all wallet server endpoints​
• Check if there already has been a pid issuance when starting a pid issuance​
• Added frontend requirements, also added extra + updated existing API call examples and responses​
• Configure sentry for backend services​
• handle return URL on failure​
• Remove allow(clippy::map_clone)​
• Revert use of memory-serve crate in MRP​
• Cargo clippy 1.80.0 fixes​
• Add status to verifier disclosed_attribute endpoint HTTP error bodies​
• Send cancelled session error from verifier to Flutter​
• Fix style mijn_amsterdam demo​
• Cleanup origins that have been removed in the meantime ​
• Replace once_cell and lazy_static dependency ​
• Add configurable structured logging to remaining web servers​​
• Do not use partner information in PID​​
• API documentation additions​​
• Tag docker images with git tag or latest; divide gitlab pipline definition into smaller files​​
• derive error category​​
• Step openssl and bytes versions​​
• Add new app identifiers​​
• Downgrade bundler ffi dependency​​
• Add additional logging on wallet config updates​​
• Re-enable rijksoverheid semantics​​
• Add missing rules to GitLab CI GBA preload job​​
• Generate wallet .env file for builds in CI​​
• Update bundler dependencies​

Wallet 0.1.31

Release date: 23rd of July, 2024

All commits in this release: v0.1.30...v0.1.31

Features

• Create and use ErrorCategory macro to categorize and send error reports​
• Add OpenID4VP unit and integation tests​
• Make session cancelable from web frontend​
• Add translations to web frontend​
• Add specialized error screens in app for session expiration​
• Open return URL in app in case of cancellation or error​
• Improve e2e tests stability​
• Improvements and fixes to deployment of PID issuer & GBA attributes converter​

Core​

• Make verifier status endpoint return UL optionally​
• IncorrectPin error does not need to be stored in history​
• Update bytes crate to 1.6.1​
• Send empty Vec on callbacks on Wallet reset​
• Parse error bodies from verifier more consistently​

App UI​

• Update copy & attributes section​
• Accessibility tweaks​
• Accessibility feedback​
• Fix duplicate PID issuance (wallet_app)​
• Render CancelledSession​
• Update WalletEventStatus mapper​
• Update UI of about org CTA​

Web frontend​

• Remove web-vue and web-svelte​
• Accessibility wallet web​
• Explain timed out requests​
• Fix build order frontend lib​
• Fix img and font src and CSP hashes​

Tests​

• Fix issuer name typo in e2e test​
• Fix test to match updated PID issuer 'displayName'​
• UC 9.4 e2e tests​
• UC 3.1 e2e tests​
• GBA-V to PID integration tests​
• Handle AddrInUse ErrorKind permissively.​
• Improve dart test code coverage​
• Increase dart unit test coverage​

PID issuance​

• Encode locator designator as resident_house_number​
• Fix name attributes in PID​

Wallet 0.1.30

Release date: 9th of July, 2024

All commits in this release: v0.1.29...v0.1.30

Features

• Implement OpenID4VP for wallet and verifier
  • Switch to OpenID4VP protocol in wallet and wallet server
• 25+ UI improvements and tweaks
• Implement demo relying party pages
• Add ErrorCategory trait to allow to discern between expected, critical and errors with
  personal data
• Implement error responses for requester endpoints
• Build 3 different flavors of wallet_server (issuer, verifier and combined)
  • Deploy separate PID issuer
• Add job for preloading GBA-V data and storing on an encrypted volume

UI changes

• Update metadata
• Show wallet logo in QR code
• Update History Details
• Introduce RequestDetails Screen
• Update app icon
• Update InfoRow icon
• Fix ParagraphedList scroll issue
• Update CheckAttributesScreen title
• Dart tear-off fix (CardDetail crash)
• Add paragraphs to InfoScreen
• Split PlaceholderScreen description
• Fix loading overflow
• Add missing help buttons to card (sub) screens
• Lock dashboard crossAxisCount
• Update AboutScreen with Paragraphs
• Add Paragraphs to NoDigidScreen
• Remove MergeSemantics from ConfirmSheet
• Update PlaceholderScreen copy
• Avoid 'heading' voiceover
• Add collapsing title to personalization
• HelpButton Semantics & IconSize
• ScreenReader tweaks
• Indent & mock fix
• Fix SetupSecurity Header
• App bar transition Tweaks
• Personalize scroll behaviour fix
• Add generalWCAGChangeLanguage
• Update ScrollBarTheme
• Update backspace icon size
• Report issue CTA on missing attributes

QA

• Update flutter lint rules
• Re-enable e2e tests
• Update vulnerable npm dependencies
• Update Rust CI images to 1.79
• Remove personal patch repositories relating to cryptoki
• Implement e2e test app restart workaround

Tweaks

• Add marital status to PID card
• Remove nationality from PID card
• Remove unused code
• Monkeybike should not request the nationality
  pid attribute
• Update http crate to 1.x and more!
• Add basic security headers
• Fix port name character limit in k8s config
• Fix k8s config again
• Fix resource path in Dockerfile
• Another gba-v-hc-converter resources fix and k8s targetport restrictions
• Service should select pods with zeer-vertrouwd label. Deploy networkpolicies for gba-hc

Wallet 0.1.29

Release date: 19th of June 2024

All commits in this release: v0.1.28...v0.1.29

Features

• Only accept QR codes from the integrated scanner
• Web frontend: start and retry session
• Mock relying party demo page for all usecases
• Add device unsupported and session expired error
  • Improve generic, no internet and server unreachable errors
• OpenID4VP part 1, protocol messages
• Upload Sentry symbols, Sentry backend reporting
• Allow configuring a return URL per use-case
• Update disclosure return_url protection mechanism
• Persist disclosure type in history

Wallet 0.1.28

Release date: 28th of May, 2024

All commits in this release: v0.1.27...v0.1.28

Features

• Support DigiD app2app flow
• Setup verifier web frontend library
  • For usage by relying parties
  • Available as Javascript library or script include
• Ephemeral session mechanism
  • Makes it a bit harder for an unsophisticated attacker to forward sessions
• Setup error reporting from wallet core to Sentry
• Enhanced cleanup logic for wallet server session store

UI changes

• Details Incorrect screen
• Update pin blocked/timeout UI
• Add issuer row to CardDetailScreen
• Update card attribute widget
• Custom PID issuance pin warning
• Design System Buttons
• Add DisclosureType to WalletEvent &
• Remove TimelineAttribute

QA

• Remove unused mock code from wallet_server
• Fix PostgreSQL integration test
• Create specific config file for integration tests
• Use NVD API key in dependency-check CI job
• Re-organize integration test dependencies
• Add feature ticket reference to e2e test
  methods

Tweaks

• Change log_requests feature in wallet_server to configurable flag
• Fix compiling UDL file for iOS
• Fix clippy 1.78
• Fix PID issuer PostgreSQL database URL in setup script
• Small OV documentation example fixes
• Split BRP proxy and GBA HC converter in startup script
• Do not strip android debug builds
• Build and run pid_issuer and wallet_server sequentially
• Update uniffi to 0.27.1
• Revert env variable export removal in GitLab CI
• Back behaviour during pin setup
• Align mock usecases
• Activity widget improvements

Wallet 0.1.27

Release date: 7th of May, 2024

All commits in this release: v0.1.26...v0.1.27

Features

• Initial implementation of GBA-V to Haal-Centraal conversion service
• 25+ UI and accessibility updates
• Initial version of documentation for OV usage
• Setup sentry for Flutter, and handle crashes and uncaught exceptions
• Implement OpenID4VCI credential issuer metadata discovery

QA

• Android Integration Tests
• E2E test updates after UI improvements / changes
• Use nonempty crate for Vecs that should not be empty
• Document attestation preview protocol extension
• Bugfix crash on disclosure pin error and add test

UI changes

• Update unlock screen; incorrect pin dialog
• Updated Headings & Semantics
• Update hyperlink behavior
• Read Conditions FocusArea fix
• Adjust PinKeyboard Scaling
• Menu Tweaks
• Update Stepper Semantics
• Announce Logouts
• Navigate to Dashboard onLogout
• Update Placeholder and CardDetails headers
• Announce Flashlight states
• Update bool value translations
• Translate mock pid data
• Update Select Language Semantics
• Remove issuer from CardDetailScreen
• Disable 'scrim' announcement
• Improve SliverWalletAppBar cache invalidation
• Fix Org. Detail Spacing
• Read out BSN digits individually
• Disable textScaling on card thumbs
• Add missing scrollbars
• Announce Dashboard
• Update illustrations
• Update introduction tests to succeed with animations
• Set untranslated-messages-file

Tweaks

• Android platform_support jacoco2cobertura changes
• Fix tests_integration/common dependency features
• iOS privacy manifest fixes
• Set token_type in Token Response to DPoP
• Fix iOS builds in Fastlane
• Changes to CocoaPods lockfile after adding Sentry
• Optional usage of release keys
• Use new Rust image that includes build targets
• Deploying gba hc converter
• Explicitly set Gradle file encoding for E2E tests
• Fix mdoc crate compilation with test feature
• Split wallet server deployment
• Fix running tests for just the mdoc crate
• Fix inconsistency in dp-cluster-mrp regarding shared_buffers size and
  available memory
• Clean up IssuerSigned::sign()

Wallet 0.1.26

Release date: 16th of April, 2024

All commits in this release: v0.1.25...v0.1.26

Features

• PID issuance using Haal Centraal BRP proxy
  • PoC of GBA-V Ad-hoc to Haal Centraal data format conversion
• Add support for login with BSN flow
• Add optional API key authentication to requester endpoint
• Improve detecting and reporting when an actual network error has occurred
• Lots of UI fixes
• Add validity information and issuer common_name to disclosed attributes
• Add integration test cases with multiple and duplicate cards
• Implement extra checks for network payloads

QA

• E2E test & framework maintenance
• Build iOS apps in CI
• Provide privacy manifest for iOS

UI changes

• Update to flutter 3.19.4
• Update Appbar Icons for Accessibility
• Animate ConfirmButtons
• Add support for 'close' icon in end states
• Migrate to ConfirmButtons and make sticky
• Feature Check Feedback Fixes
• Update FocusArea for LinkTileButton
• Update Pin Errors Accessibility
• Update Pin Backspace functionality

UI tweaks

• Fix dismiss dialog bug
• Fix missing (cancel) disclosure logs in mock app
• Refactor deprecated imperative apply of Flutter's Gradle plugins
• Align mock pin validation with core
• Split 'Agreement' section Semantics
• Update Dashboard QR Button FocusArea
• Read out 'close' button on DisclosureSuccess
• Update ActivitySummary Semantics

Other tweaks

• Use BaseUrl newtype in mock_relying_party
• Fix URL of cross device result in MRP
• Only insert 'Results' title in HTML once
• Prevent empty string to be passed to app as build-name
• Fix missing build name in CI
• Clippy 1.77 fixes
• More fixes for Clippy 1.77
• Add --rm flag to docker compose run so it doesn't leave containers dangling.
• Give more resources to database clusters (especially wp) to prevent OOM for many connections
• Solve join footgun
• Fix image location for Kaniko
• Fix incorrect create_table path in docker-compose file
• Update h2 and mio to non-vulnerable versions
• Add missing MRP config
• Make MRP port a string
• Mount test-data.json configmap in gbamock
• Add merge-request-manual to rules, allow ONT to deploy on MR manually
• Fix wallet server tracing
• Typo in last-minute change to Android build script
• Fix wallet server port