diff --git a/CHANGELOG.md b/CHANGELOG.md
index e47e53abd..e59149b1c 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -8,6 +8,19 @@ Platform support legends:
* ❌ = tier 3 support. It doesn't work just yet, but we plan to make it work.
+## [1.0.0-rc.44] - 2024-02-27
+
+
+ git-conventional changelog
+
+### Bug Fixes
+
+- Only restore PKI env if client is e2ei capable. This helps client developers when e2ei is turned off
+
+
+
+* Fix issues when e2ei is turned off on a environment and the PKI env is restored which to validation failures when verifying a GroupInfo.
+
## [1.0.0-rc.43] - 2024-02-22
@@ -62,6 +75,14 @@ Platform support legends:
- TS mapping of identities was using experimental methods
+
+
+* Fixed an issue with incorrect code in TypeScript bindings
+
+## [1.0.0-rc.39] - 2024-02-20
+
+
+ git-conventional changelog
### Bug Fixes
@@ -84,6 +105,16 @@ Platform support legends:
- Verify that registering a TA twice fails
+
+
+* Integrated the display name in the JWT DPoP token
+* Reworked and hardened all x.509 verifications (including revocation)
+* Added `serialNumber`, `notBefore` and `notAfter` fields to the `WireIdentity` struct. These fields are pulled directly from the relevant fields in End-identity X.509 certificates
+
+## [1.0.0-rc.38] - 2024-02-16
+
+
+ git-conventional changelog
### Bug Fixes
@@ -97,6 +128,15 @@ Platform support legends:
- Clippy warnings
+
+
+* Add `getExternalSender()` to init a subconversation with the parent external sender
+* Fix e2ei issue when intermediates were not registered during the enrollment.
+
+## [1.0.0-rc.37] - 2024-02-15
+
+
+ git-conventional changelog
### Bug Fixes
@@ -125,1255 +165,295 @@ Platform support legends:
- Get rid of rcgen-based x509 cert generation
+
-### Bug Fixes
-
-- Register intermediate certificates at issuance since they're not fetchable afterwards
-
-### Features
-
-- [**breaking**] Return CRL Distribution Points when registering intermediate certificates
-
-
-### Features
-
-- [**breaking**] Change certificate expiry from days to seconds in the public API
-
-
-### Bug Fixes
-
-- Restore pki_env from disk whenever necessary
-- Relax uniqueness constraint on intermediate certificates and CRLs on sqlite
-
-### Features
-
-- Filter out root CA when registering intermediates in case the provider repeats it
-- [**breaking**] Remove refreshToken handling from WASM altogether as it is not used
-
-
-### Bug Fixes
-
-- Remove unused test
-- Use forked x509-cert to fix WASM compilation
-- Fix tests
-- Duration overflow in x509 expiration setting
-- Typo in E2eiAcmeCA registration SQL query
-- Add missing CRLDP field to FFI + fill it up
+* Fixed an issue with the WASM FFI where many fields were incorrectly exposed and were leading to constant `undefined` values (i.e. `epochHasChanged` issue)
+* Avoided a clone of the signature public key when performing E2EI enrollment
+* **API BREAKING CHANGES**:
+ * `clientPublicKey` now works with X.509 credentials. This implies that the CredentialType now has to be provided to fetch the correct credential.
+ * We now return dedicated errors for commits and proposals from older epochs instead of a generic `WrongEpoch` error. Respectively, we now return `StaleCommit` and `StaleProposal`.
+* **BEHAVIORAL BREAKING CHANGES**:
+ * We now verify (as per the MLS spec / RFC9420) GroupInfo prior to joining via external commit
+ * We also verify Welcomes prior to joining a group
+ * We now properly validate X.509 credentials against the set up PKI Environment
+ * Note: Expired or Revoked credentials do not constitute hard errors in MLS operations but alter the E2EI status of a conversation
-### Features
+## [1.0.0-rc.36] - 2024-01-30
-- Add full PKI test harness
+
+ git-conventional changelog
+
-### Bug Fixes
+* E2EI:
+ * Fix: intermediates certificates registration was not working because extracting the key was not working
-- Use 2 acme authorizations instead of 1
+## [1.0.0-rc.35] - 2024-01-29
+
+ git-conventional changelog
### Bug Fixes
-- Wrong rusty-jwt-tools pinned in rc30
+- Register intermediate certificates at issuance since they're not fetchable afterwards
### Features
-- [**breaking**] Expose keyauth in ACME authz
-
-
-### Bug Fixes
-
-- Pin rusty-jwt-tools v0.8.4 fixing an issue with the wrong signature key being used for the client DPoP token
-
-
-### Bug Fixes
-
-- Actually fix keyauth issue
-
-
-### Bug Fixes
-
-- Use rusty-jwt-tools v0.8.1 which fixes the keyauth issue
-
-
-### Bug Fixes
-
-- Previous fix was not compiling
-
-
-### Bug Fixes
+- [**breaking**] Return CRL Distribution Points when registering intermediate certificates
-- E2ei keystore method 'find_all' was unimplemented on WASM for intermediate CAs & CRLs
+
+* E2EI:
+ * **BREAKING CHANGE** `e2eiMlsInitOnly()` also returns CRL Distribution Point
+ * Fix: register intermediates at issuance since they're not provided by the /federation endpoint
+ * Fix: register CRL Distribution Points on intermediates
-### Bug Fixes
+## [1.0.0-rc.34] - 2024-01-25
-- Pin e2ei package tag
-- Add PKI API to bindings
+
+ git-conventional changelog
### Features
-- Added support for PKI environment
-- Change ClientId & Handle format to URIs
-
-
-### Bug Fixes
+- [**breaking**] Change certificate expiry from days to seconds in the public API
-- Null pointer in Javascript when calling 'new_oidc_challenge_response'
-- Swift wrapper for E2eiEnrollment was not used in other methods
-- Use 'implementation' Gradle configuration not to enforce dependencies version into consumers. Fixes #451
+
-### Features
+* E2EI:
+ * **BREAKING CHANGE** change certificate expiry from days to seconds in the public API
+ * **BREAKING CHANGE** add the potential new CRL Distribution points to:
+ * `decryptMessage`
+ * `processWelcomeMessage`
+ * `joinByExternalCommit`
+ * `addClientsToConversation`
+ * `newAddProposal`
+ * `e2eiRotateAll`
-- [**breaking**] Remove PerDomainTrustAnchor extension altogether. Backward incompatible changes !
+## [1.0.0-rc.33] - 2024-01-24
+
+ git-conventional changelog
### Bug Fixes
-- README mentions a task which doesn't exist ([#445](https://github.com/wireapp/core-crypto/issues/445))
-- Remove unnecessary boxing of values before persisting them in IndexedDb
-
-### Features
-
-- [**breaking**] Remove 'clientId' from activation & rotate enrollment now that we expect a specific ClientId format
-- [**breaking**] Add `get_credential_in_use()` to check the e2ei state from a GroupInfo
-- [**breaking**] Rename `E2eiConversationState::Degraded` in to `E2eiConversationState::NotVerified`
-- [**breaking**] Managed OIDC refreshToken (wpb-5012)
-
-### Miscellaneous Tasks
-
-- Remove unused 'MlsSignatureKeyPairExt' trait and 'get_indexed' method
-- Streamline "collection" in wasm storage
-- WasmEncryptedStorage::get_many was not used
-
-### Testing
-
-- Verify that clients can create conversation with x509 credentials
-
-
-### Features
-
-- [**breaking**] Canonicalize ClientId keeping only the regular version where the UserId portion is the hyphenated string representation of the UUID. Also apply this to 'getUserIdentities()'
-
+- Restore pki_env from disk whenever necessary
+- Relax uniqueness constraint on intermediate certificates and CRLs on sqlite
### Features
-- Better errors: 'ImplementationError' was way too often used as a fallback when the developer was too lazy to create a new error. This tries to cure that, especially with e2ei errors. It also tries to distinguish client errors from internal errors
-- [**breaking**] Simplify API of 'add_clients_to_conversation' by not requiring to repeat the ClientId of the new members alongside their KeyPackage when the former can now be extracted from the latter
-- [**breaking**] Introduce handle & team in the client dpop token
-
-### Testing
-
-- Test DB migration from 0.9.2
-
-
-### Testing
-
-- Add new keystore regression test to CI
-- Test keystore migration regressions
-
-
-### Bug Fixes
-
-- Preserve schema upgrade path between schemafix'd versions and upcoming
-
-### Miscellaneous Tasks
-
-- Release v1.0.0-rc.18
-
-
-### Bug Fixes
+- Filter out root CA when registering intermediates in case the provider repeats it
+- [**breaking**] Remove refreshToken handling from WASM altogether as it is not used
-- Don't depend on OpenSSL on WASM
-- Dynamic linking issue on Android with the atomic lib
+
-### Miscellaneous Tasks
+* E2EI:
+ * Fixed a bug on mobile where intermediate certificates & CRLs had a uniqueness constraint
+ * Fixed a bug where the PkiEnv was not restored from disk after restarts
+ * Ignore TrustAnchor when registering intermediate certificates
+ * Remove RefreshToken handling on Web
-- Release v1.0.0-rc.17 ([#425](https://github.com/wireapp/core-crypto/issues/425))
-- Use actual CI cache
+## [1.0.0-rc.32] - 2024-01-23
+
+ git-conventional changelog
### Bug Fixes
-- Prevent CI from overriding RUSTFLAGS
-- Added missing d.ts declarations
-- KP test was taking too much time
-
-### Documentation
-
-- Updated README.md noting Bun usage
+- Remove unused test
+- Use forked x509-cert to fix WASM compilation
+- Fix tests
+- Duration overflow in x509 expiration setting
+- Typo in E2eiAcmeCA registration SQL query
+- Add missing CRLDP field to FFI + fill it up
### Features
-- Switch from node to bun
-
-### Miscellaneous Tasks
-
-- Release v1.0.0-rc.16
-
-
-### Bug Fixes
+- Add full PKI test harness
-- Add '-latomic' flag when building for Android to dynamically link atomic lib which is supposedly causing issues with openssl
+
-### Features
+* E2EI:
+ * Fixed a bug with Root CA Trust Anchor registration that wasn't working on native platforms (non-WASM)
+ * Fixed a bug with the initialization of our Intermediate CA store causing CRL & End-Identity certificate validation to fail
+ * Fixed a missing field in the FFI (CRL distribution-points) and added the logic to fill up the field
+ * Fixed an integer overflow in the X.509 expiration setting
+* MLS:
+ * Fixed errors when a single certificate is contained in a Credential (obsolete check)
+* Misc:
+ * Updated dependencies in many libraries
-- Re-export e2ei types
-
-### Miscellaneous Tasks
-
-- Fix some clippy lints
-
-
-### Bug Fixes
-
-- Backward incompatible database schemas. It only preserves Proteus compatibility when migrating from CC 0.11.0 -> 1.0.0. For anything MLS-related it is recommended to wipe all the groups
-
-### Miscellaneous Tasks
-
-- Release 1.0.0-rc.14
-
-
-### Bug Fixes
-
-- Do not reapply buffered messages when rejoining with external commit
-- Coarsetime issue causing compilation error on WASM
-
-### Features
-
-- [**breaking**] Make initial number of generated KeyPackage configurable
-- Add e2ei ffi in Swift wrapper
-- [**breaking**] Add LeafNode validation
-
-### Miscellaneous Tasks
-
-- Release 1.0.0-rc.13
-- Use wasm_bindgen macros to generate Typescript classes used in e2ei enrollment process
-
-### Testing
-
-- Try fixing flaky time-based LeafNode validation tests
-
-
-### Bug Fixes
-
-- Use sed in a cross-platform way for kt edits
-
-### Miscellaneous Tasks
-
-- Release v1.0.0-rc.12
-
-
-### Bug Fixes
-
-- [**breaking**] UniFFI Errors
-
-### Miscellaneous Tasks
-
-- Release v1.0.0-rc.11
-
-
-### Bug Fixes
-
-- UniFFI symbol matching
-
-### Miscellaneous Tasks
-
-- Release v1.0.0-rc.10
-
-
-### Bug Fixes
-
-- Make UniFFI produce the correct symbol in bindings
-- Change e2ei enrollment identifier causing collision now that keypairs are reused
-
-### Documentation
-
-- Regenerate changelog
-
-### Features
-
-- [**breaking**] Return raw PEM certificate in `getUserIdentities` for display purpose
-- [**breaking**] Bump rusty-jwt-tools to v0.5.0. Add 'revokeCert' to AcmeDirectory
-
-### Miscellaneous Tasks
-
-- Release v1.0.0-rc.9
-
-
-### Bug Fixes
-
-- TLS serialization of x509 credential
-- [**breaking**] UniFFI Async cancellable routines + bytes
-- Make interop runner pick up CHROME_PATH from env
-
-### Features
-
-- Expose `getUserIdentities` through the FFI
-- [**breaking**] Also restore buffered messages on the receiver side
-- Increase max past epoch to 3 since backend inordering of messages requires client's config to backend's one + 1
-
-### Miscellaneous Tasks
-
-- Release 1.0.0-rc.8
-- Fix clippy lint on wasm tests
-- Quiet clippy new lint about non send in Arc because it comes from wasm-bindgen wrapped Javascript object which cannot be shared between threads anyway
-- Remove useless application message epoch check
-
-### Refactor
-
-- Borrow conversation_id in `new_conversation`
-
-### Testing
-
-- Fix wasm test hitting a limit. Just split them for now, waiting for a proper solution
-- Fix spinoff 0.8 compilation
-
-
-### Bug Fixes
-
-- Kotlin tests not compiling after methods became async
-
-### Features
-
-- Correlate RotateBundle with a GroupId
-
-### Miscellaneous Tasks
-
-- Release 1.0.0-rc.7
-
-
-### Bug Fixes
-
-- `e2eiRotateAll` return type was not wrapped
-- Signature KeyPair was rotated when credentials were which was zealous. Also fixes an important bug caused by inverted private & public keypair part when rotating credentials
-
-### Features
-
-- [**breaking**] Handle the case when a client tries to decrypt a Welcome referring to a KeyPackage he already has deleted locally
-- Add keystore dump exporter CLI tool
-
-### Miscellaneous Tasks
-
-- Release 1.0.0-rc.6
-
-### Testing
-
-- Add a roundtrip test for e2ei credential rotation to tackle a false positive regression
-
-
-### Bug Fixes
-
-- E2ei enum for conversation state was unused and failing the Typescript publication. Now CI will have the same compiler flags when checking bindings in order to prevent this again
-
-### Miscellaneous Tasks
-
-- Release 1.0.0-rc.5
-
-
-
-* Fixed an issue with incorrect code in TypeScript bindings
-
-## [1.0.0-rc.39] - 2024-02-20
-
-
- git-conventional changelog
-
-### Bug Fixes
-
-- Harden x509 validation & revocation checks
-
-### Documentation
-
-- Update all doc warnings including a lot of broken links
-
-### Features
-
-- Add serialNumber, notBefore & notAfter in `WireIdentity` object
-- Add display name in dpop token
-
-### Miscellaneous Tasks
-
-- Fix some clippy lints
-
-### Testing
-
-- Verify that registering a TA twice fails
-
-
-
-* Integrated the display name in the JWT DPoP token
-* Reworked and hardened all x.509 verifications (including revocation)
-* Added `serialNumber`, `notBefore` and `notAfter` fields to the `WireIdentity` struct. These fields are pulled directly from the relevant fields in End-identity X.509 certificates
-
-## [1.0.0-rc.38] - 2024-02-16
-
-
- git-conventional changelog
-
-### Bug Fixes
-
-- Intermediates were not registered during enrollment
-
-### Features
-
-- Add getter for external sender to seed subconversations
-
-### Miscellaneous Tasks
-
-- Clippy warnings
-
-
-
-* Add `getExternalSender()` to init a subconversation with the parent external sender
-* Fix e2ei issue when intermediates were not registered during the enrollment.
-
-## [1.0.0-rc.37] - 2024-02-15
-
-
- git-conventional changelog
-
-### Bug Fixes
-
-- [**breaking**] Add dedicated error for stale commits and proposals
-- Verify GroupInfo
-- Allow revoked Credentials in MLS operations
-- Reenable E2EI tests
-- Update tests
-- Post-rebase fixes
-- Consider x509 credentials as always valid if no PKI environment is available
-- Adapt calls to OpenMLS new async methods
-- Disable non working (MissingSki) E2EI tests
-- Undo WASM binding API mistake
-
-### Features
-
-- [**breaking**] `clientPublicKey` now also works for x509 credentials
-- Validate x509 credentials when introduced
-
-### Miscellaneous Tasks
-
-- Update deps
-- Do not clone MLS signature keypair while creating the enrollment
-
-### Testing
-
-- Get rid of rcgen-based x509 cert generation
-
-
-
-* Fixed an issue with the WASM FFI where many fields were incorrectly exposed and were leading to constant `undefined` values (i.e. `epochHasChanged` issue)
-* Avoided a clone of the signature public key when performing E2EI enrollment
-* **API BREAKING CHANGES**:
- * `clientPublicKey` now works with X.509 credentials. This implies that the CredentialType now has to be provided to fetch the correct credential.
- * We now return dedicated errors for commits and proposals from older epochs instead of a generic `WrongEpoch` error. Respectively, we now return `StaleCommit` and `StaleProposal`.
-* **BEHAVIORAL BREAKING CHANGES**:
- * We now verify (as per the MLS spec / RFC9420) GroupInfo prior to joining via external commit
- * We also verify Welcomes prior to joining a group
- * We now properly validate X.509 credentials against the set up PKI Environment
- * Note: Expired or Revoked credentials do not constitute hard errors in MLS operations but alter the E2EI status of a conversation
-
-## [1.0.0-rc.36] - 2024-01-30
-
-
- git-conventional changelog
-
-
-
-* E2EI:
- * Fix: intermediates certificates registration was not working because extracting the key was not working
-
-## [1.0.0-rc.35] - 2024-01-29
-
-
- git-conventional changelog
-
-### Bug Fixes
-
-- Register intermediate certificates at issuance since they're not fetchable afterwards
-
-### Features
-
-- [**breaking**] Return CRL Distribution Points when registering intermediate certificates
-
-
-
-* E2EI:
- * **BREAKING CHANGE** `e2eiMlsInitOnly()` also returns CRL Distribution Point
- * Fix: register intermediates at issuance since they're not provided by the /federation endpoint
- * Fix: register CRL Distribution Points on intermediates
-
-## [1.0.0-rc.34] - 2024-01-25
-
-
- git-conventional changelog
-
-### Features
-
-- [**breaking**] Change certificate expiry from days to seconds in the public API
-
-
-
-* E2EI:
- * **BREAKING CHANGE** change certificate expiry from days to seconds in the public API
- * **BREAKING CHANGE** add the potential new CRL Distribution points to:
- * `decryptMessage`
- * `processWelcomeMessage`
- * `joinByExternalCommit`
- * `addClientsToConversation`
- * `newAddProposal`
- * `e2eiRotateAll`
-
-## [1.0.0-rc.33] - 2024-01-24
-
-
- git-conventional changelog
-
-### Bug Fixes
-
-- Restore pki_env from disk whenever necessary
-- Relax uniqueness constraint on intermediate certificates and CRLs on sqlite
-
-### Features
-
-- Filter out root CA when registering intermediates in case the provider repeats it
-- [**breaking**] Remove refreshToken handling from WASM altogether as it is not used
-
-
-
-* E2EI:
- * Fixed a bug on mobile where intermediate certificates & CRLs had a uniqueness constraint
- * Fixed a bug where the PkiEnv was not restored from disk after restarts
- * Ignore TrustAnchor when registering intermediate certificates
- * Remove RefreshToken handling on Web
-
-## [1.0.0-rc.32] - 2024-01-23
-
-
- git-conventional changelog
-
-### Bug Fixes
-
-- Remove unused test
-- Use forked x509-cert to fix WASM compilation
-- Fix tests
-- Duration overflow in x509 expiration setting
-- Typo in E2eiAcmeCA registration SQL query
-- Add missing CRLDP field to FFI + fill it up
-
-### Features
-
-- Add full PKI test harness
-
-
-
-* E2EI:
- * Fixed a bug with Root CA Trust Anchor registration that wasn't working on native platforms (non-WASM)
- * Fixed a bug with the initialization of our Intermediate CA store causing CRL & End-Identity certificate validation to fail
- * Fixed a missing field in the FFI (CRL distribution-points) and added the logic to fill up the field
- * Fixed an integer overflow in the X.509 expiration setting
-* MLS:
- * Fixed errors when a single certificate is contained in a Credential (obsolete check)
-* Misc:
- * Updated dependencies in many libraries
-
-## [1.0.0-rc.31] - 2024-01-22
-
-
- git-conventional changelog
-
-### Bug Fixes
-
-- Use 2 acme authorizations instead of 1
-
-
-
-* fix(e2ei): use 2 ACME authorizations instead of 1
-
-## [1.0.0-rc.30] - 2024-01-16
-
-
- git-conventional changelog
-
-### Bug Fixes
-
-- Wrong rusty-jwt-tools pinned in rc30
-
-### Features
-
-- [**breaking**] Expose keyauth in ACME authz
-
-
-### Bug Fixes
-
-- Pin rusty-jwt-tools v0.8.4 fixing an issue with the wrong signature key being used for the client DPoP token
-
-
-### Bug Fixes
-
-- Actually fix keyauth issue
-
-
-### Bug Fixes
-
-- Use rusty-jwt-tools v0.8.1 which fixes the keyauth issue
-
-
-### Bug Fixes
-
-- Previous fix was not compiling
-
-
-### Bug Fixes
-
-- E2ei keystore method 'find_all' was unimplemented on WASM for intermediate CAs & CRLs
-
-
-### Bug Fixes
-
-- Pin e2ei package tag
-- Add PKI API to bindings
-
-### Features
-
-- Added support for PKI environment
-- Change ClientId & Handle format to URIs
-
-
-### Bug Fixes
-
-- Null pointer in Javascript when calling 'new_oidc_challenge_response'
-- Swift wrapper for E2eiEnrollment was not used in other methods
-- Use 'implementation' Gradle configuration not to enforce dependencies version into consumers. Fixes #451
-
-### Features
-
-- [**breaking**] Remove PerDomainTrustAnchor extension altogether. Backward incompatible changes !
-
-
-### Bug Fixes
-
-- README mentions a task which doesn't exist ([#445](https://github.com/wireapp/core-crypto/issues/445))
-- Remove unnecessary boxing of values before persisting them in IndexedDb
-
-### Features
-
-- [**breaking**] Remove 'clientId' from activation & rotate enrollment now that we expect a specific ClientId format
-- [**breaking**] Add `get_credential_in_use()` to check the e2ei state from a GroupInfo
-- [**breaking**] Rename `E2eiConversationState::Degraded` in to `E2eiConversationState::NotVerified`
-- [**breaking**] Managed OIDC refreshToken (wpb-5012)
-
-### Miscellaneous Tasks
-
-- Remove unused 'MlsSignatureKeyPairExt' trait and 'get_indexed' method
-- Streamline "collection" in wasm storage
-- WasmEncryptedStorage::get_many was not used
-
-### Testing
-
-- Verify that clients can create conversation with x509 credentials
-
-
-### Features
-
-- [**breaking**] Canonicalize ClientId keeping only the regular version where the UserId portion is the hyphenated string representation of the UUID. Also apply this to 'getUserIdentities()'
-
-
-### Features
-
-- Better errors: 'ImplementationError' was way too often used as a fallback when the developer was too lazy to create a new error. This tries to cure that, especially with e2ei errors. It also tries to distinguish client errors from internal errors
-- [**breaking**] Simplify API of 'add_clients_to_conversation' by not requiring to repeat the ClientId of the new members alongside their KeyPackage when the former can now be extracted from the latter
-- [**breaking**] Introduce handle & team in the client dpop token
-
-### Testing
-
-- Test DB migration from 0.9.2
-
-
-### Testing
-
-- Add new keystore regression test to CI
-- Test keystore migration regressions
-
-
-### Bug Fixes
-
-- Preserve schema upgrade path between schemafix'd versions and upcoming
-
-### Miscellaneous Tasks
-
-- Release v1.0.0-rc.18
-
-
-### Bug Fixes
-
-- Don't depend on OpenSSL on WASM
-- Dynamic linking issue on Android with the atomic lib
-
-### Miscellaneous Tasks
-
-- Release v1.0.0-rc.17 ([#425](https://github.com/wireapp/core-crypto/issues/425))
-- Use actual CI cache
-
-
-### Bug Fixes
-
-- Prevent CI from overriding RUSTFLAGS
-- Added missing d.ts declarations
-- KP test was taking too much time
-
-### Documentation
-
-- Updated README.md noting Bun usage
-
-### Features
-
-- Switch from node to bun
-
-### Miscellaneous Tasks
-
-- Release v1.0.0-rc.16
-
-
-### Bug Fixes
-
-- Add '-latomic' flag when building for Android to dynamically link atomic lib which is supposedly causing issues with openssl
-
-### Features
-
-- Re-export e2ei types
-
-### Miscellaneous Tasks
-
-- Fix some clippy lints
-
-
-### Bug Fixes
-
-- Backward incompatible database schemas. It only preserves Proteus compatibility when migrating from CC 0.11.0 -> 1.0.0. For anything MLS-related it is recommended to wipe all the groups
-
-### Miscellaneous Tasks
-
-- Release 1.0.0-rc.14
-
-
-### Bug Fixes
-
-- Do not reapply buffered messages when rejoining with external commit
-- Coarsetime issue causing compilation error on WASM
-
-### Features
-
-- [**breaking**] Make initial number of generated KeyPackage configurable
-- Add e2ei ffi in Swift wrapper
-- [**breaking**] Add LeafNode validation
-
-### Miscellaneous Tasks
-
-- Release 1.0.0-rc.13
-- Use wasm_bindgen macros to generate Typescript classes used in e2ei enrollment process
-
-### Testing
-
-- Try fixing flaky time-based LeafNode validation tests
-
-
-### Bug Fixes
-
-- Use sed in a cross-platform way for kt edits
-
-### Miscellaneous Tasks
-
-- Release v1.0.0-rc.12
-
-
-### Bug Fixes
-
-- [**breaking**] UniFFI Errors
-
-### Miscellaneous Tasks
-
-- Release v1.0.0-rc.11
-
-
-### Bug Fixes
-
-- UniFFI symbol matching
-
-### Miscellaneous Tasks
-
-- Release v1.0.0-rc.10
-
-
-### Bug Fixes
-
-- Make UniFFI produce the correct symbol in bindings
-- Change e2ei enrollment identifier causing collision now that keypairs are reused
-
-### Documentation
-
-- Regenerate changelog
-
-### Features
-
-- [**breaking**] Return raw PEM certificate in `getUserIdentities` for display purpose
-- [**breaking**] Bump rusty-jwt-tools to v0.5.0. Add 'revokeCert' to AcmeDirectory
-
-### Miscellaneous Tasks
-
-- Release v1.0.0-rc.9
-
-
-### Bug Fixes
-
-- TLS serialization of x509 credential
-- [**breaking**] UniFFI Async cancellable routines + bytes
-- Make interop runner pick up CHROME_PATH from env
-
-### Features
-
-- Expose `getUserIdentities` through the FFI
-- [**breaking**] Also restore buffered messages on the receiver side
-- Increase max past epoch to 3 since backend inordering of messages requires client's config to backend's one + 1
-
-### Miscellaneous Tasks
-
-- Release 1.0.0-rc.8
-- Fix clippy lint on wasm tests
-- Quiet clippy new lint about non send in Arc because it comes from wasm-bindgen wrapped Javascript object which cannot be shared between threads anyway
-- Remove useless application message epoch check
-
-### Refactor
-
-- Borrow conversation_id in `new_conversation`
-
-### Testing
-
-- Fix wasm test hitting a limit. Just split them for now, waiting for a proper solution
-- Fix spinoff 0.8 compilation
-
-
-### Bug Fixes
-
-- Kotlin tests not compiling after methods became async
-
-### Features
-
-- Correlate RotateBundle with a GroupId
-
-### Miscellaneous Tasks
-
-- Release 1.0.0-rc.7
-
-
-### Bug Fixes
-
-- `e2eiRotateAll` return type was not wrapped
-- Signature KeyPair was rotated when credentials were which was zealous. Also fixes an important bug caused by inverted private & public keypair part when rotating credentials
-
-### Features
-
-- [**breaking**] Handle the case when a client tries to decrypt a Welcome referring to a KeyPackage he already has deleted locally
-- Add keystore dump exporter CLI tool
-
-### Miscellaneous Tasks
-
-- Release 1.0.0-rc.6
-
-### Testing
-
-- Add a roundtrip test for e2ei credential rotation to tackle a false positive regression
-
-
-### Bug Fixes
-
-- E2ei enum for conversation state was unused and failing the Typescript publication. Now CI will have the same compiler flags when checking bindings in order to prevent this again
-
-### Miscellaneous Tasks
-
-- Release 1.0.0-rc.5
-
-
-### Miscellaneous Tasks
-
-- Release 1.0.0-rc.4
-- Patch visibility issue for enum 'E2eiConversationState' which was failing when building Typescript bindings
-
-
-
-* fix(e2ei): include "keyauth" in the ACME authorization, turn challenge non-optional in ACME authorization and stop including keyauth in the ACME challenge request. This version only works with IdP supporting extra OAuth claims (and by consequence only work with Keycloak and not Dex)
-
-## [1.0.0-rc.29] - 2024-01-16
-
-
- git-conventional changelog
-
-### Bug Fixes
-
-- Pin rusty-jwt-tools v0.8.4 fixing an issue with the wrong signature key being used for the client DPoP token
-
-
-
-* fix(e2ei): issue with the wrong signature key being used for the client DPoP token
-
-## [1.0.0-rc.28] - 2024-01-15
-
-
- git-conventional changelog
-
-### Bug Fixes
-
-- Actually fix keyauth issue
-
-
-
-* fix(e2ei): issue related to invalid 'keyauth'
-
-## [1.0.0-rc.26] - 2024-01-15
-
-
- git-conventional changelog
-
-### Bug Fixes
-
-- Previous fix was not compiling
-
-
-
-* fix(e2ei): e2ei keystore method 'find_all' was unimplemented on WASM for intermediate CAs & CRLs
-
-## [1.0.0-rc.24] - 2024-01-15
-
-
- git-conventional changelog
-
-### Bug Fixes
-
-- Pin e2ei package tag
-- Add PKI API to bindings
-
-### Features
-
-- Added support for PKI environment
-- Change ClientId & Handle format to URIs
-
-
-
-* feat(e2ei): add methods to register root/intermediate certificates and CRLs. Also checks revocation status when asking for a conversation/user/device state.
-* feat(e2ei): change ClientId & Handle to URIs with the scheme 'wireapp://'. Use '!' as delimiter in the ClientId
-
-## [1.0.0-rc.23] - 2024-01-08
-
-
- git-conventional changelog
-
-### Bug Fixes
-
-- Null pointer in Javascript when calling 'new_oidc_challenge_response'
-- Swift wrapper for E2eiEnrollment was not used in other methods
-- Use 'implementation' Gradle configuration not to enforce dependencies version into consumers. Fixes #451
-
-### Features
-
-- [**breaking**] Remove PerDomainTrustAnchor extension altogether. Backward incompatible changes !
-
-
-
-* feat(mls)!: remove `PerDomainTrustAnchor` extension from required capabilities. Backward incompatible changes ! If you ever migrate from a previous version to this one take care of deleting all your groups
-* fix(e2ei): fix a null pointer in the Javascript API
-* fix(e2ei): Swift wrapper for E2eiEnrollment was not used in other methods
-* fix: use 'implementation' Gradle configuration not to enforce dependencies version into consumers
-
-## [1.0.0-rc.22] - 2023-12-13
-
-
- git-conventional changelog
-
-### Bug Fixes
-
-- README mentions a task which doesn't exist ([#445](https://github.com/wireapp/core-crypto/issues/445))
-- Remove unnecessary boxing of values before persisting them in IndexedDb
-
-### Features
-
-- [**breaking**] Remove 'clientId' from activation & rotate enrollment now that we expect a specific ClientId format
-- [**breaking**] Add `get_credential_in_use()` to check the e2ei state from a GroupInfo
-- [**breaking**] Rename `E2eiConversationState::Degraded` in to `E2eiConversationState::NotVerified`
-- [**breaking**] Managed OIDC refreshToken (wpb-5012)
-
-### Miscellaneous Tasks
-
-- Remove unused 'MlsSignatureKeyPairExt' trait and 'get_indexed' method
-- Streamline "collection" in wasm storage
-- WasmEncryptedStorage::get_many was not used
-
-### Testing
-
-- Verify that clients can create conversation with x509 credentials
-
-
-
-* feat(e2ei)!: manage OIDC refreshToken in CoreCrypto's encrypted-at-rest store. As a consequence, some methods went async (all the enrollment ones in WASM). The refreshToken has to be supplied in `newOidcChallengeRequest()` and is persisted in `newOidcChallengeResponse()`. Clients should fetch it back from an `Enrollment` created by `newRotateEnrollment()` with the new `getRefreshToken()` method.
-* feat(e2ei)!: remove 'clientId' from `newActivationEnrollment()` & `newRotateEnrollment()`. We can do this now that we expect a specific ClientId format.
-* feat(e2ei): add `getCredentialInUse(GroupInfo)` to check the e2ei state from a GroupInfo. This allows verifying the state of a conversation before joining it (and potentially degrading the e2ei state).
-* feat(e2ei)!: rename `E2eiConversationState::Degraded` in to `E2eiConversationState::NotVerified`
-
-## [1.0.0-rc.21] - 2023-12-05
-
-
- git-conventional changelog
-
-### Features
-
-- [**breaking**] Canonicalize ClientId keeping only the regular version where the UserId portion is the hyphenated string representation of the UUID. Also apply this to 'getUserIdentities()'
-
-
-
-* feat!: canonicalize ClientId keeping only the regular version where the UserId portion is the hyphenated string representation of the UUID. Also apply this to `getUserIdentities()`
-
-## [1.0.0-rc.20] - 2023-12-04
-
-
- git-conventional changelog
-
-### Features
-
-- Better errors: 'ImplementationError' was way too often used as a fallback when the developer was too lazy to create a new error. This tries to cure that, especially with e2ei errors. It also tries to distinguish client errors from internal errors
-- [**breaking**] Simplify API of 'add_clients_to_conversation' by not requiring to repeat the ClientId of the new members alongside their KeyPackage when the former can now be extracted from the latter
-- [**breaking**] Introduce handle & team in the client dpop token
-
-### Testing
-
-- Test DB migration from 0.9.2
-
-
-### Testing
-
-- Add new keystore regression test to CI
-- Test keystore migration regressions
-
-
-### Bug Fixes
-
-- Preserve schema upgrade path between schemafix'd versions and upcoming
-
-### Miscellaneous Tasks
-
-- Release v1.0.0-rc.18
-
-
-### Bug Fixes
-
-- Don't depend on OpenSSL on WASM
-- Dynamic linking issue on Android with the atomic lib
-
-### Miscellaneous Tasks
-
-- Release v1.0.0-rc.17 ([#425](https://github.com/wireapp/core-crypto/issues/425))
-- Use actual CI cache
-
-
-### Bug Fixes
-
-- Prevent CI from overriding RUSTFLAGS
-- Added missing d.ts declarations
-- KP test was taking too much time
-
-### Documentation
-
-- Updated README.md noting Bun usage
-
-### Features
-
-- Switch from node to bun
-
-### Miscellaneous Tasks
-
-- Release v1.0.0-rc.16
-
-
-### Bug Fixes
-
-- Add '-latomic' flag when building for Android to dynamically link atomic lib which is supposedly causing issues with openssl
-
-### Features
-
-- Re-export e2ei types
-
-### Miscellaneous Tasks
-
-- Fix some clippy lints
-
-
-### Bug Fixes
-
-- Backward incompatible database schemas. It only preserves Proteus compatibility when migrating from CC 0.11.0 -> 1.0.0. For anything MLS-related it is recommended to wipe all the groups
-
-### Miscellaneous Tasks
-
-- Release 1.0.0-rc.14
-
-
-### Bug Fixes
-
-- Do not reapply buffered messages when rejoining with external commit
-- Coarsetime issue causing compilation error on WASM
-
-### Features
-
-- [**breaking**] Make initial number of generated KeyPackage configurable
-- Add e2ei ffi in Swift wrapper
-- [**breaking**] Add LeafNode validation
+## [1.0.0-rc.31] - 2024-01-22
-### Miscellaneous Tasks
+
+ git-conventional changelog
-- Release 1.0.0-rc.13
-- Use wasm_bindgen macros to generate Typescript classes used in e2ei enrollment process
+### Bug Fixes
-### Testing
+- Use 2 acme authorizations instead of 1
-- Try fixing flaky time-based LeafNode validation tests
+
+* fix(e2ei): use 2 ACME authorizations instead of 1
-### Bug Fixes
+## [1.0.0-rc.30] - 2024-01-16
-- Use sed in a cross-platform way for kt edits
+
+ git-conventional changelog
-### Miscellaneous Tasks
+### Bug Fixes
-- Release v1.0.0-rc.12
+- Wrong rusty-jwt-tools pinned in rc30
+### Features
-### Bug Fixes
+- [**breaking**] Expose keyauth in ACME authz
-- [**breaking**] UniFFI Errors
+
-### Miscellaneous Tasks
+* fix(e2ei): include "keyauth" in the ACME authorization, turn challenge non-optional in ACME authorization and stop including keyauth in the ACME challenge request. This version only works with IdP supporting extra OAuth claims (and by consequence only work with Keycloak and not Dex)
-- Release v1.0.0-rc.11
+## [1.0.0-rc.29] - 2024-01-16
+
+ git-conventional changelog
### Bug Fixes
-- UniFFI symbol matching
+- Pin rusty-jwt-tools v0.8.4 fixing an issue with the wrong signature key being used for the client DPoP token
-### Miscellaneous Tasks
+
-- Release v1.0.0-rc.10
+* fix(e2ei): issue with the wrong signature key being used for the client DPoP token
+
+## [1.0.0-rc.28] - 2024-01-15
+
+ git-conventional changelog
### Bug Fixes
-- Make UniFFI produce the correct symbol in bindings
-- Change e2ei enrollment identifier causing collision now that keypairs are reused
+- Actually fix keyauth issue
-### Documentation
+
-- Regenerate changelog
+* fix(e2ei): issue related to invalid 'keyauth'
-### Features
+## [1.0.0-rc.26] - 2024-01-15
-- [**breaking**] Return raw PEM certificate in `getUserIdentities` for display purpose
-- [**breaking**] Bump rusty-jwt-tools to v0.5.0. Add 'revokeCert' to AcmeDirectory
+
+ git-conventional changelog
-### Miscellaneous Tasks
+### Bug Fixes
-- Release v1.0.0-rc.9
+- Previous fix was not compiling
+
-### Bug Fixes
+* fix(e2ei): e2ei keystore method 'find_all' was unimplemented on WASM for intermediate CAs & CRLs
-- TLS serialization of x509 credential
-- [**breaking**] UniFFI Async cancellable routines + bytes
-- Make interop runner pick up CHROME_PATH from env
+## [1.0.0-rc.24] - 2024-01-15
-### Features
+
+ git-conventional changelog
-- Expose `getUserIdentities` through the FFI
-- [**breaking**] Also restore buffered messages on the receiver side
-- Increase max past epoch to 3 since backend inordering of messages requires client's config to backend's one + 1
+### Bug Fixes
-### Miscellaneous Tasks
+- Pin e2ei package tag
+- Add PKI API to bindings
-- Release 1.0.0-rc.8
-- Fix clippy lint on wasm tests
-- Quiet clippy new lint about non send in Arc because it comes from wasm-bindgen wrapped Javascript object which cannot be shared between threads anyway
-- Remove useless application message epoch check
+### Features
-### Refactor
+- Added support for PKI environment
+- Change ClientId & Handle format to URIs
-- Borrow conversation_id in `new_conversation`
+
-### Testing
+* feat(e2ei): add methods to register root/intermediate certificates and CRLs. Also checks revocation status when asking for a conversation/user/device state.
+* feat(e2ei): change ClientId & Handle to URIs with the scheme 'wireapp://'. Use '!' as delimiter in the ClientId
-- Fix wasm test hitting a limit. Just split them for now, waiting for a proper solution
-- Fix spinoff 0.8 compilation
+## [1.0.0-rc.23] - 2024-01-08
+
+ git-conventional changelog
### Bug Fixes
-- Kotlin tests not compiling after methods became async
+- Null pointer in Javascript when calling 'new_oidc_challenge_response'
+- Swift wrapper for E2eiEnrollment was not used in other methods
+- Use 'implementation' Gradle configuration not to enforce dependencies version into consumers. Fixes #451
### Features
-- Correlate RotateBundle with a GroupId
+- [**breaking**] Remove PerDomainTrustAnchor extension altogether. Backward incompatible changes !
-### Miscellaneous Tasks
+
-- Release 1.0.0-rc.7
+* feat(mls)!: remove `PerDomainTrustAnchor` extension from required capabilities. Backward incompatible changes ! If you ever migrate from a previous version to this one take care of deleting all your groups
+* fix(e2ei): fix a null pointer in the Javascript API
+* fix(e2ei): Swift wrapper for E2eiEnrollment was not used in other methods
+* fix: use 'implementation' Gradle configuration not to enforce dependencies version into consumers
+
+## [1.0.0-rc.22] - 2023-12-13
+
+ git-conventional changelog
### Bug Fixes
-- `e2eiRotateAll` return type was not wrapped
-- Signature KeyPair was rotated when credentials were which was zealous. Also fixes an important bug caused by inverted private & public keypair part when rotating credentials
+- README mentions a task which doesn't exist ([#445](https://github.com/wireapp/core-crypto/issues/445))
+- Remove unnecessary boxing of values before persisting them in IndexedDb
### Features
-- [**breaking**] Handle the case when a client tries to decrypt a Welcome referring to a KeyPackage he already has deleted locally
-- Add keystore dump exporter CLI tool
+- [**breaking**] Remove 'clientId' from activation & rotate enrollment now that we expect a specific ClientId format
+- [**breaking**] Add `get_credential_in_use()` to check the e2ei state from a GroupInfo
+- [**breaking**] Rename `E2eiConversationState::Degraded` in to `E2eiConversationState::NotVerified`
+- [**breaking**] Managed OIDC refreshToken (wpb-5012)
### Miscellaneous Tasks
-- Release 1.0.0-rc.6
+- Remove unused 'MlsSignatureKeyPairExt' trait and 'get_indexed' method
+- Streamline "collection" in wasm storage
+- WasmEncryptedStorage::get_many was not used
### Testing
-- Add a roundtrip test for e2ei credential rotation to tackle a false positive regression
-
+- Verify that clients can create conversation with x509 credentials
-### Bug Fixes
+
-- E2ei enum for conversation state was unused and failing the Typescript publication. Now CI will have the same compiler flags when checking bindings in order to prevent this again
+* feat(e2ei)!: manage OIDC refreshToken in CoreCrypto's encrypted-at-rest store. As a consequence, some methods went async (all the enrollment ones in WASM). The refreshToken has to be supplied in `newOidcChallengeRequest()` and is persisted in `newOidcChallengeResponse()`. Clients should fetch it back from an `Enrollment` created by `newRotateEnrollment()` with the new `getRefreshToken()` method.
+* feat(e2ei)!: remove 'clientId' from `newActivationEnrollment()` & `newRotateEnrollment()`. We can do this now that we expect a specific ClientId format.
+* feat(e2ei): add `getCredentialInUse(GroupInfo)` to check the e2ei state from a GroupInfo. This allows verifying the state of a conversation before joining it (and potentially degrading the e2ei state).
+* feat(e2ei)!: rename `E2eiConversationState::Degraded` in to `E2eiConversationState::NotVerified`
-### Miscellaneous Tasks
+## [1.0.0-rc.21] - 2023-12-05
-- Release 1.0.0-rc.5
+
+ git-conventional changelog
+### Features
-### Miscellaneous Tasks
+- [**breaking**] Canonicalize ClientId keeping only the regular version where the UserId portion is the hyphenated string representation of the UUID. Also apply this to 'getUserIdentities()'
-- Release 1.0.0-rc.4
-- Patch visibility issue for enum 'E2eiConversationState' which was failing when building Typescript bindings
+
+* feat!: canonicalize ClientId keeping only the regular version where the UserId portion is the hyphenated string representation of the UUID. Also apply this to `getUserIdentities()`
-### Bug Fixes
+## [1.0.0-rc.20] - 2023-12-04
-- Proteus wasm test now uses wasm-browser-run
-- Cargo doc fixes for wasm-browser-run
-- Interop runner now uses wasm-browser-run to install chromedriver
-- Support chromedriver 115 delivery method
-- `e2ei_rotate_all` was returning 'undefined' on WASM
-- [**breaking**] Entities leaked. Some methods handling the lifecycle of a MLS group were not cleaning created entities correctly. This avoids required storage space to grow linearly.
+
+ git-conventional changelog
### Features
-- [**breaking**] Rename `e2eiIsDegraded` by `e2eiConversationState` and change return type to an enumeration instead of a boolean to match all the e2ei states a conversation could have.
-- Add `e2ei_is_enabled` for clients to spot if their MLS client is enrolled for end-to-end identity
+- Better errors: 'ImplementationError' was way too often used as a fallback when the developer was too lazy to create a new error. This tries to cure that, especially with e2ei errors. It also tries to distinguish client errors from internal errors
+- [**breaking**] Simplify API of 'add_clients_to_conversation' by not requiring to repeat the ClientId of the new members alongside their KeyPackage when the former can now be extracted from the latter
+- [**breaking**] Introduce handle & team in the client dpop token
-### Miscellaneous Tasks
+### Testing
-- Release 1.0.0-rc.3
-- Update rstest versions
-- Updated xtask deps
+- Test DB migration from 0.9.2
@@ -1405,14 +485,6 @@ Platform support legends:
git-conventional changelog
-### Bug Fixes
-
-- Preserve schema upgrade path between schemafix'd versions and upcoming
-
-### Miscellaneous Tasks
-
-- Release v1.0.0-rc.18
-
* Native platforms only: Preserve database schema upgrade path from 0.8.x, 1.0.0-pre.6+schemafix-0007 and onwards.
@@ -1848,6 +920,14 @@ In that case he has to catch & ignore the "OrphanWelcome" error and to rejoin th
git-conventional changelog
+### Bug Fixes
+
+- E2ei enum for conversation state was unused and failing the Typescript publication. Now CI will have the same compiler flags when checking bindings in order to prevent this again
+
+### Miscellaneous Tasks
+
+- Release 1.0.0-rc.5
+
* Fix WASM publication issues
@@ -1857,6 +937,11 @@ In that case he has to catch & ignore the "OrphanWelcome" error and to rejoin th
git-conventional changelog
+### Miscellaneous Tasks
+
+- Release 1.0.0-rc.4
+- Patch visibility issue for enum 'E2eiConversationState' which was failing when building Typescript bindings
+
* Fix WASM publication issues
@@ -1866,6 +951,26 @@ In that case he has to catch & ignore the "OrphanWelcome" error and to rejoin th
git-conventional changelog
+### Bug Fixes
+
+- Proteus wasm test now uses wasm-browser-run
+- Cargo doc fixes for wasm-browser-run
+- Interop runner now uses wasm-browser-run to install chromedriver
+- Support chromedriver 115 delivery method
+- `e2ei_rotate_all` was returning 'undefined' on WASM
+- [**breaking**] Entities leaked. Some methods handling the lifecycle of a MLS group were not cleaning created entities correctly. This avoids required storage space to grow linearly.
+
+### Features
+
+- [**breaking**] Rename `e2eiIsDegraded` by `e2eiConversationState` and change return type to an enumeration instead of a boolean to match all the e2ei states a conversation could have.
+- Add `e2ei_is_enabled` for clients to spot if their MLS client is enrolled for end-to-end identity
+
+### Miscellaneous Tasks
+
+- Release 1.0.0-rc.3
+- Update rstest versions
+- Updated xtask deps
+
@@ -1942,6 +1047,24 @@ In that case he has to catch & ignore the "OrphanWelcome" error and to rejoin th
git-conventional changelog
+### Bug Fixes
+
+- Make clippy happy
+- Xtask release fix for kotlin sonatype publishing
+- Disable stripping to allow FFI to build
+- Incorrect error value in tests
+
+### Features
+
+- [**breaking**] Prevent conversation overwrite when joining
+- [**breaking**] Detect duplicate messages from previous epoch and fail with a dedicated error
+- Publish to Sonatype instead of Github Packages ([#347](https://github.com/wireapp/core-crypto/issues/347))
+
+### Miscellaneous Tasks
+
+- Release v1.0.0-pre.7
+- Pin dependencies on wireapp org forks
+
* **[BREAKING]** We now detect duplicate messages from previous epochs, as such the `GenerationOutOfBound` error is now named `DuplicateMessage`.
@@ -1968,47 +1091,6 @@ In that case he has to catch & ignore the "OrphanWelcome" error and to rejoin th
- PostQuantum Ciphersuite
- [**breaking**] Remove `export_group_info()`
-
-### Bug Fixes
-
-- Backend sends raw GroupInfo, we were trying to deserialize it from a MlsMessage
-
-
-### Bug Fixes
-
-- Pin a version of openmls with a fix in tls_codec related to variable length encoding
-
-### Testing
-
-- Fix external commit test was not merging the external commit
-
-
-### Bug Fixes
-
-- Typo in build xcframework task
-
-
-### Features
-
-- CoreCrypto draft-20 upgrade
-- Generate XCFramework when releasing for Swift ([#330](https://github.com/wireapp/core-crypto/issues/330))
-
-
-### Features
-
-- Add `e2ei_is_degraded` to flag a conversation as degraded when at least 1 member is not using a e2ei certificate
-
-
-### Bug Fixes
-
-- Usize to u64 conversion error on Android in `client_valid_keypackages_count`. Whatever the reason this applies a default meaningful value
-- [**breaking**] Creating a MLS group does not consume an existing KeyPackage anymore, instead it always generates a new local one. Also, explicitly ask for the credential type of the creator before creating a new MLS group.
-- Mobile FFI was failing when initializing MLS client due to a Arc being incremented one too many times. Also add the E2EI API in the Kotlin wrapper and a test for it
-
-### Features
-
-- [**breaking**] Hide everywhere `Vec` appears in the public API since it seems to fail for obscure reasons on aarch64 Android devices. Undo when we have a better understanding of the root cause of this
-
* feat!: PostQuantum Ciphersuite support ! Using [Xyber768](https://www.ietf.org/archive/id/draft-westerbaan-cfrg-hpke-xyber768d00-02.html) for Key Exchange.
diff --git a/CHANGELOG.tpl b/CHANGELOG.tpl
index 2252f5716..0e8bee132 100644
--- a/CHANGELOG.tpl
+++ b/CHANGELOG.tpl
@@ -8,11 +8,20 @@ Platform support legends:
* ❌ = tier 3 support. It doesn't work just yet, but we plan to make it work.
+## [1.0.0-rc.44] - 2024-02-27
+
+
+ git-conventional changelog
+{{git-cliff tag="v1.0.0-rc.44" unreleased=true}}
+
+
+* Fix issues when e2ei is turned off on a environment and the PKI env is restored which to validation failures when verifying a GroupInfo.
+
## [1.0.0-rc.43] - 2024-02-22
git-conventional changelog
-{{git-cliff tag="v1.0.0-rc.43" unreleased=true}}
+{{git-cliff tag="v1.0.0-rc.43"}}
* Fixed WASM IndexedDB ObjectStores being tentatively created when they already exist during migrations
diff --git a/crypto-attributes/Cargo.toml b/crypto-attributes/Cargo.toml
index 30cafd565..aae5a41c2 100644
--- a/crypto-attributes/Cargo.toml
+++ b/crypto-attributes/Cargo.toml
@@ -2,7 +2,7 @@
name = "core-crypto-attributes"
description = "Macros for core-crypto"
repository = "https://github.com/wireapp/core-crypto"
-version = "1.0.0-rc.43"
+version = "1.0.0-rc.44"
edition = "2021"
license = "GPL-3.0-only"
diff --git a/crypto-ffi/Cargo.toml b/crypto-ffi/Cargo.toml
index 00bcef6ec..8b6f7ed0d 100644
--- a/crypto-ffi/Cargo.toml
+++ b/crypto-ffi/Cargo.toml
@@ -2,7 +2,7 @@
name = "core-crypto-ffi"
description = "Platform-specific bindings (Android, iOS, WASM) for CoreCrypto"
repository = "https://github.com/wireapp/core-crypto"
-version = "1.0.0-rc.43"
+version = "1.0.0-rc.44"
edition = "2021"
license = "GPL-3.0-only"
publish = false
@@ -35,7 +35,7 @@ sha2 = { version = "0.10", features = ["force-soft"] }
[target.'cfg(not(target_family = "wasm"))'.dependencies]
# UniFFI - Android + iOS bindings - Runtime support
uniffi = { workspace = true }
-core-crypto = { version = "^1.0.0-rc.43", path = "../crypto", features = ["uniffi"] }
+core-crypto = { version = "^1.0.0-rc.44", path = "../crypto", features = ["uniffi"] }
[target.wasm32-unknown-unknown.dependencies]
wasm-bindgen = "0.2"
@@ -46,7 +46,7 @@ serde = { version = "1.0", features = ["derive"] }
js-sys = "0.3"
web-sys = "0.3"
strum = "0.26"
-core-crypto = { version = "^1.0.0-rc.43", path = "../crypto" }
+core-crypto = { version = "^1.0.0-rc.44", path = "../crypto" }
# UniFFI - Android + iOS bindings - Build support
diff --git a/crypto-ffi/bindings/gradle.properties b/crypto-ffi/bindings/gradle.properties
index 32f38e99d..ace3b1746 100644
--- a/crypto-ffi/bindings/gradle.properties
+++ b/crypto-ffi/bindings/gradle.properties
@@ -15,7 +15,7 @@ kotlin.code.style=official
# gradle-maven-publish configuration
GROUP=com.wire
-VERSION_NAME=1.0.0-rc.43
+VERSION_NAME=1.0.0-rc.44
SONATYPE_HOST=DEFAULT
SONATYPE_AUTOMATIC_RELEASE=true
RELEASE_SIGNING_ENABLED=true
diff --git a/crypto/Cargo.toml b/crypto/Cargo.toml
index d720e12b3..78a6fdd5f 100644
--- a/crypto/Cargo.toml
+++ b/crypto/Cargo.toml
@@ -2,7 +2,7 @@
name = "core-crypto"
description = "Abstraction over OpenMLS with persistent keystore"
repository = "https://github.com/wireapp/core-crypto"
-version = "1.0.0-rc.43"
+version = "1.0.0-rc.44"
edition = "2021"
license = "GPL-3.0-only"
publish = false
@@ -77,13 +77,13 @@ rexie = { version = "0.4", optional = true }
base64 = { version = "0.21", optional = true }
[target.'cfg(not(target_os = "ios"))'.dependencies]
-core-crypto-keystore = { version = "^1.0.0-rc.43", path = "../keystore" }
+core-crypto-keystore = { version = "^1.0.0-rc.44", path = "../keystore" }
[target.'cfg(target_os = "ios")'.dependencies]
-core-crypto-keystore = { version = "^1.0.0-rc.43", path = "../keystore", features = ["ios-wal-compat"] }
+core-crypto-keystore = { version = "^1.0.0-rc.44", path = "../keystore", features = ["ios-wal-compat"] }
[dependencies.mls-crypto-provider]
-version = "^1.0.0-rc.43"
+version = "^1.0.0-rc.44"
path = "../mls-provider"
[dev-dependencies]
@@ -107,7 +107,7 @@ fluvio-wasm-timer = "0.2"
time = { version = "0.3", features = ["wasm-bindgen"] }
[dev-dependencies.core-crypto-keystore]
-version = "^1.0.0-rc.43"
+version = "^1.0.0-rc.44"
path = "../keystore"
features = ["dummy-entity"]
@@ -120,7 +120,7 @@ version = "0.5"
features = ["async_std", "html_reports"]
[dev-dependencies.core-crypto-attributes]
-version = "^1.0.0-rc.43"
+version = "^1.0.0-rc.44"
path = "../crypto-attributes"
[package.metadata.wasm-pack.profile.release]
diff --git a/interop/Cargo.toml b/interop/Cargo.toml
index 45150c9b3..b4eebeb96 100644
--- a/interop/Cargo.toml
+++ b/interop/Cargo.toml
@@ -1,6 +1,6 @@
[package]
name = "interop"
-version = "1.0.0-rc.43"
+version = "1.0.0-rc.44"
edition = "2021"
license = "GPL-3.0-only"
diff --git a/keystore-dump/Cargo.toml b/keystore-dump/Cargo.toml
index 3027eb11f..f8e905dba 100644
--- a/keystore-dump/Cargo.toml
+++ b/keystore-dump/Cargo.toml
@@ -1,7 +1,7 @@
[package]
name = "keystore-dump"
description = "Dumps a keystore to JSON on stdout"
-version = "1.0.0-rc.43"
+version = "1.0.0-rc.44"
edition = "2021"
license = "GPL-3.0-only"
diff --git a/keystore/Cargo.toml b/keystore/Cargo.toml
index 9b1247ee5..020f5f9e5 100644
--- a/keystore/Cargo.toml
+++ b/keystore/Cargo.toml
@@ -2,7 +2,7 @@
name = "core-crypto-keystore"
description = "Encrypted keystore with support for OpenMLS and Proteus"
repository = "https://github.com/wireapp/core-crypto"
-version = "1.0.0-rc.43"
+version = "1.0.0-rc.44"
edition = "2021"
license = "GPL-3.0-only"
publish = false
diff --git a/mls-provider/Cargo.toml b/mls-provider/Cargo.toml
index eac3e3ae7..73374f6e8 100644
--- a/mls-provider/Cargo.toml
+++ b/mls-provider/Cargo.toml
@@ -2,7 +2,7 @@
name = "mls-crypto-provider"
description = "MLS Crypto Provider wrapping core-crypto-keystore"
repository = "https://github.com/wireapp/core-crypto"
-version = "1.0.0-rc.43"
+version = "1.0.0-rc.44"
edition = "2021"
license = "GPL-3.0-only"
publish = false
@@ -49,10 +49,10 @@ version = "0.10"
features = ["x25519", "p256", "p384", "xyber768d00", "serde_impls"]
[target.'cfg(not(target_os = "ios"))'.dependencies]
-core-crypto-keystore = { version = "^1.0.0-rc.43", path = "../keystore" }
+core-crypto-keystore = { version = "^1.0.0-rc.44", path = "../keystore" }
[target.'cfg(target_os = "ios")'.dependencies]
-core-crypto-keystore = { version = "^1.0.0-rc.43", path = "../keystore", features = ["ios-wal-compat"] }
+core-crypto-keystore = { version = "^1.0.0-rc.44", path = "../keystore", features = ["ios-wal-compat"] }
[dev-dependencies]
wasm-bindgen-test = "0.3"
diff --git a/package.json b/package.json
index 2286a3543..ebf21092c 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
{
"name": "@wireapp/core-crypto",
- "version": "1.0.0-rc.43",
+ "version": "1.0.0-rc.44",
"description": "CoreCrypto bindings for the Web",
"type": "module",
"module": "platforms/web/corecrypto.js",
@@ -43,4 +43,4 @@
"ts-loader": "^9.5.1",
"typescript": "^5.3.3"
}
-}
+}
\ No newline at end of file