Releases: parallaxsecond/parsec
Releases · parallaxsecond/parsec
1.4.0
Main features delivered
- TPM security fix
- New CI set up to track dependency mismatches
- Minor fixes
For a more comprehensive view of the release see the changelog below.
Changelog
1.4.0 (2024-03-28)
1.4.0-rc2 (2024-03-28)
Merged pull requests:
- tpm/tests: Ignore test_root_key_check case #755 (tgonzalezorlandoarm)
1.4.0-rc1 (2024-03-18)
Implemented enhancements:
- Set up build to track dependency mismatches #360
Fixed bugs:
- e2e_tests/stress.rs: Add a workaround for spurious test failures #739 (tgonzalezorlandoarm)
Security fixes:
- TPM Provider: Check root key's name #751 (tgonzalezorlandoarm)
Closed issues:
- parsec-cli-tests.sh error: The CSR does not contain the serialNumber field of the Distinguished Name #742
- Migrate away from using users crate #678
- Parsec Quickstart - Docker: Pull access denied for parallaxsecond/parsec-quickstart, repository does not exist #666
- Vulnerability in SQLite #648
Merged pull requests:
- dependency_cross_matcher: Fix typo (missing comma) #754 (tgonzalezorlandoarm)
- structopt: Migrate to clap #753 (tgonzalezorlandoarm)
- Cargo.toml: Bump tss-esapi to 7.5.0 #750 (tgonzalezorlandoarm)
- nightly/audit: Temporary ignore RUSTSEC-2024-0006 #748 (tgonzalezorlandoarm)
- Use infallible conversion into instead of try_into #747 (gowthamsk-arm)
- .cargo/config.toml: remove #746 (billatarm)
- Dependency mismatcher Comparison option #745 (tgonzalezorlandoarm)
- dependency_cross_matcher job: Move to PR runs and minor refactoring #743 (tgonzalezorlandoarm)
- Cargo.lock: Update rustix and bitflags dependencies to latest version #741 (tgonzalezorlandoarm)
- cargo-check: Run with both stable and MSRV Compilers #737 (tgonzalezorlandoarm)
- ci.yml: Trigger docker image creation only on workflow_dispatch #736 (tgonzalezorlandoarm)
- ci.yml,deny.toml: Setup license testing #735 (tgonzalezorlandoarm)
- Cargo.toml: Specify rust-version=1.66.0 #733 (tgonzalezorlandoarm)
- Track and test dependencies' 'next' branch #732 (tgonzalezorlandoarm)
- Add dependency cross matching #731 (tgonzalezorlandoarm)
- e2e_tests/mangled_ping: Fix socket path #728 (tgonzalezorlandoarm)
- ci/coverage: Fix cargo-tarpaulin to its locked version #727 (tgonzalezorlandoarm)
1.3.0
Main features delivered
- Bug fixes
- MSRV upgrade
- General crate updates
For a more comprehensive view of the release see the changelog below.
Changelog
1.3.0 (2023-10-25)
1.3.0-rc2 (2023-10-19)
Merged pull requests:
- e2e_tests/wrong_permitted_algorithm: Change used sha for hw compatibi… #723 (tgonzalezorlandoarm)
1.3.0-rc1 (2023-10-17)
Closed issues:
Merged pull requests:
- Bump psa-crypto and interface crates #718 (gowthamsk-arm)
- Update toml, env_logger and bindgen crates #716 (tgonzalezorlandoarm)
- Bump various crates #714 (tgonzalezorlandoarm)
- Update picky crates #711 (tgonzalezorlandoarm)
- Cargo.toml: Remove uuid crate #710 (tgonzalezorlandoarm)
- Bump sd-notify to 0.4.1 #708 (tgonzalezorlandoarm)
- fuzz: Bump bumpalo to 3.14.0 #706 (tgonzalezorlandoarm)
- Update the tss-esapi crate to version 7.3.0 #702 (tgonzalezorlandoarm)
- Fix cargo-tarpaulin version to 0.26.1 #701 (tgonzalezorlandoarm)
- Add a Security Vulnerability Reporting section in the README #700 (tgonzalezorlandoarm)
- Update maintainers list #699 (tgonzalezorlandoarm)
- ci: Fix coverage builds, nightly issues #698 (tgonzalezorlandoarm)
- Update cryptoki and cryptoki-sys crates #697 (tgonzalezorlandoarm)
- Use arrays instead of vec! when possible #696 (tgonzalezorlandoarm)
- Make wrong_permitted_algorithm test use a non-deprecated Hash #695 (tgonzalezorlandoarm)
- Fix coverage builds for different providers #694 (tgonzalezorlandoarm)
- Update MSRV to Rust 1.66.0 #692 (tgonzalezorlandoarm)
- Bump ASN1 crates dependencies #691 (anta5010)
- Minor fixes to changelog #690 (gowthamsk-arm)
- Upgrade proc-macro2 package #688 (tgonzalezorlandoarm)
- Update CONTRIBUTORS.md #687 (Firstyear)
- Disable the optional features for the 'structopt' crate #686 (tgonzalezorlandoarm)
- Upgrade enumflags2 crate #685 (tgonzalezorlandoarm)
- Remove unmaintained 'users' crate #684 (tgonzalezorlandoarm)
- Fix compilation issues #682 (tgonzalezorlandoarm)
- Bump base64 dependency to 0.21.0 #679 (ema)
1.2.0
Main features delivered
- Support for Debian packaging
- Docker quick start package
- Fixes for security reports
- MSRV update
- Minor improvements
For a more comprehensive view of the release see the changelog below.
Changelog
1.2.0
Closed issues:
- Parsec 1.1 fails to build with meta-security master branch #663
1.2.0-rc1 (2023-03-21)
Closed issues:
- Parsec fails to compile for arm32 #647
Merged pull requests:
- Update crates #671 (gowthamsk-arm)
- Update rusqlite to fix security issue #662 (gowthamsk-arm)
- Update MSRV to 1.58 #661 (gowthamsk-arm)
- Remove dependency on crate "version" #657 (ema)
- Update TPM TCTI configuration docs #656 (paulhowardarm)
- Add support for a Quickstart Docker image #654 (dennisgove)
- Update to remove const_err #653 (marcsvll)
- Fix Clippy warnings for rustc version 1.65 #652 (mohamedasaker-arm)
- Bump sd-notify to 0.3.0 #651 (stevecapperarm)
1.1.0
Main features delivered
- Add generate random support into TPM and PKCS11 providers
- Implement configurable exclusion of deprecated primitives
- Allow binary PIN values for PKCS11 provider
- Recognise a PKCS11 hardware token with its serial number instead of slot number
For a more comprehensive view of the release see the changelog below.
Changelog
1.1.0 (2022-09-13)
1.1.0-rc2 (2022-09-13)
Merged pull requests:
- Update change log for release candidate 1.1.0-rc2 #639 (mohamedasaker-arm)
- Release candidate prep 1.1.0 rc2 #638 (mohamedasaker-arm)
1.1.0-rc1 (2022-09-07)
Implemented enhancements:
- Update PKCS11 dependency #604
- Allow binary PIN values for PKCS11 providers #603
- Implement get_random in the PKCS11 provider #594
- Implement get_random in TPM provider #593
- Create script for Quickstart package #534
- Recognise a PKCS11 hardware token with its serial number instead of slot number #481
- Implement configurable exclusion of deprecated primitives #119
Fixed bugs:
- RSA padding oracle issue #619
- PKCS11 provider serial_number configuration #615
- Export of public EC key fails with PKCS#11 back-end on NXP Layerscape #599
- Wrong permissions on KIM files #598
- Send back PsaErrorInvalidPadding when needed #620 (ionut-arm)
Security fixes:
- Update Spiffe dependency #602
Closed issues:
- Add key persistence tests for TS provider #568
- Create stability tests for SQLite KIM #519
- Change default socket path for E2E tests #463
Merged pull requests:
- Update Change log and service version no. #637 (mohamedasaker-arm)
- Update maintainers list #636 (mohamedasaker-arm)
- Fix spiffy issue #635 (gowthamsk-arm)
- Add sqlite stability tests #634 (gowthamsk-arm)
- Feature/119 implement configurable exclusion of deprecated primitives #633 (mohamedasaker-arm)
- Feature/603 allow binary pin values for pkcs11 #631 (mohamedasaker-arm)
- Add
Eqto the types withPartialEq#630 (ionut-arm) - build and share docker image across jobs #628 (mohamedasaker-arm)
- Kim file permissions #627 (gowthamsk-arm)
- Testing/568 add key persistence tests for ts provider #625 (mohamedasaker-arm)
- Fix problem reported by Clippy (rust 1.62) #624 (mohamedasaker-arm)
- Validate hash sign operation before execution. #623 (gowthamsk-arm)
- Fix Hugues' email address #622 (hug-dev)
- Compare trimmed token serial numbers (PKCS11 provider) #621 (mohamedasaker-arm)
- Added some context to error messages. #618 (fredrik-jansson-se)
- Implement get_random in the PKCS11 provider #613 (gowthamsk-arm)
- Add a script to create the Quickstart package #612 (mohamedasaker-arm)
- Change default socket path for E2E tests #610 (gowthamsk-arm)
- Fix
cargo-auditTOML config #609 (ionut-arm) - Recognise a PKCS11 hardware token with its serial number instead of slot number #608 (mohamedasaker-arm)
- Bump version of cryptoki #605 (ionut-arm)
- Fix issue #599 - allow EC_POINT public key data to omit ASN.1 structure wrapping #600 (paulhowardarm)
- Add generate random support into TPM provider #595 (anta5010)
1.0.0
Main features delivered
- Added a new Key Info Manager - the SQLite KIM - which will serve as the default KIM from now on.
- Added and implemented a new operation,
CanDoCrypto, which allows clients to verify the capabilities of the various backends before performing any actual cryptographic operations. - Added and implemented two operations,
AttestKeyandPrepareKeyAttestation, in the TPM provider, backed byTPM2_ActivateCredential. - Added support for importing ECC public keys in the TPM provider.
For a more comprehensive view of the release see the changelog below.
Changelog
1.0.0 (2022-03-21)
1.0.0-rc3 (2022-03-21)
Fixed bugs:
- Cargo audit failing #544
Merged pull requests:
1.0.0-rc2 (2022-03-02)
Implemented enhancements:
Closed issues:
- Update the Parsec Book to include SQLiteKeyInfoManager #532
1.0.0-rc1 (2022-02-16)
Implemented enhancements:
parsec.servicehardening #569- Implement
CryptoCanDofor the Trusted Services and Mbed Crypto providers #543 - Implement CryptoCanDo for TPM provider #542
- Refactor the PKCS11 CryptoCanDo implementation #541
- Implement ActivateCredential key attestation #539
- Making the SQLiteKIM the default #531
- Create a new KeyInfoManager based on SQLite #424
- Add support for other cryptographic services in the Trusted Service provider #341
- Add system emulation tests for TS provider #304
- Add support for importing ECC public key in the TPM provider #170
- Add asymmetric encryption to TS provider #580 (ionut-arm)
- Change dependency revision for TSS crate #579 (ionut-arm)
- Add systemd hardening options #572 (ionut-arm)
- Make SQLite KIM default #570 (ionut-arm)
- Feature sqlite kim #566 (ionut-arm)
- Add error handling to ActivateCredential #562 (ionut-arm)
- Add ActivateCredential tests and fixes #560 (ionut-arm)
- Activate credential #558 (ionut-arm)
- Expand support for importing public keys for TPM #540 (ionut-arm)
- [CryptoAuthLib provider] PsaAeadEncrypt and PsaAeadDecrypt implemented #536 (TomaszPawelecGL)
Fixed bugs:
- Disable test from old E2E suite #574
- Errors in validating ECC key bits in PKCS11 provider #545
- UnixDomainSocket connection returns error from server #528
- Fuzz Testing & Nightly Cargo udeps are failing due to prost-derive #514
- TPM Provider does not persist generated keys accross reboot #504
- Issue with PKCS11 backend with Nitrokey HSM #380
- Skip flakey test #577 (ionut-arm)
- Fix codecov build #573 (ionut-arm)
- Fix handling of
bitsin PKCS11 imports #546 (ionut-arm)
Closed issues:
- Align with stable TSS crate #567
- Stable 0.8.1 release depends on tss-esapi alpha #527
- Create E2E tests for SQLite KIM #516
- Switch to dynamic key names in tests #453
- Add capabilities discovery operations #426
Merged pull requests:
- Update Changelog and service version no. #583 (ionut-arm)
- Bump bindgen dependency version #582 (ionut-arm)
- Bump SQLite dependency #581 (ionut-arm)
- [CryptoAuthLib provider] PsaRawKeyAgreement operation implementation #578 (akazimierskigl)
- Implement can-do-crypto for TS and mbed-crypto providers #565 (anta5010)
- Add error message if submodule not initialised #564 (ionut-arm)
- [CryptoAuthLib provider] PsaCipherEncrypt and PsaCipherDecrypt implementation #563 (akazimierskigl)
- Add clippy and fmt checkt to e2e_tests #561 (ionut-arm)
- Re-factor e2e tests to use common key attributes functions #556 (anta5010)
- Merge can-do-crypto branch into main #555 (anta5010)
- Merge main branch changes into can-do crypto #554 (anta5010)
- Jn9e9/issue453 #552 (jn9e9)
- e2e CanDoCrypto tests for Hashes, ECC curves and Crypto algorithms #551 (anta5010)
- Implement CanDoCrypto trait and use it for PKCS11 and TPM providers #550 (anta5010)
- Use ec_params for can-do-crypto checks instead of hard-coded values #549 (anta5010)
- Small refactor of PKCS11 CryptoCanDo #548 (anta5010)
- Merge origin/main into can-do-crypto #547 (anta5010)
- Increase the MSRV to 1.53.0 #535 (hug-dev)
- Update the CHANGELOG file with 0.8.1 #533 (hug-dev)
- Added the CanDoCrypto operation as well as fixing some of the other test scripts. #522 (Kakemone)
0.8.1
Main features delivered
- ECC keys are now supported in the PKCS11 provider
- a SPIFFE based authenticator is now available
- New CryptoAuthLib provider operation support: generate/import/export keys, sign/verify
- The TPM provider can be set as optional depending on platform availability
- The
slot_numberfield is now optional all-providersnow contains the Trusted Service provider- The TPM provider has been updated to store keys in a different format, with migration capability from the previous format.
See the changelog below to see all differences with previous release.
Changelog
0.8.1 (2021-09-17)
Implemented enhancements:
- Add Unit Tests to SQLiteKeyInfoManager #510
- Change KeyTriple to Include Auth ID, Provider Name & Provider UUID #488
- Update provider to use new version fo TransKeyCtx #515 (ionut-arm)
Fixed bugs:
- Decide and implement a new serialization format for KeyInfo #509
- Memory leak in TS context #501
- Disable broken workflows #525 (ionut-arm)
Closed issues:
- Make a Parsec Ockam Vault: investigation issue #506
- Add Basic SQLiteKeyInfoManager Storage/Retrieval Functionality #503
- Add config tests for multiple provider names #496
Merged pull requests:
- Bump version for release #526 (ionut-arm)
- Use as_ptr for TS service name #524 (anta5010)
- Lower Hash algorithm #499 (hug-dev)
- Update CHANGELOG #498 (hug-dev)
0.8.0 (2021-08-05)
Implemented enhancements:
- Add Provider Name Config Option #487
- Add PKCS11 provider export-attributes switch #462
- Refactor the all-providers workflow #455
- Adjust linking for TS provider #427
- Allow providers to be optional or conditional depending on platform feature availability #401
- Add cross-compilation tests for the TPM provider #382
- Make the slot_number field optional #375
- Design workflow and associated APIs for key attestation in Parsec #370
- Implement error handling for TS caller errors #332
- Add release-build tests to CI #163
- Add the possibility of changing key store location of Mbed Crypto provider #53
- Add TS provider to all-providers #482 (ionut-arm)
- Adjust TS provider linking #474 (ionut-arm)
- Add cargo-audit config #473 (ionut-arm)
- Update dependency on Trusted Services #467 (ionut-arm)
- Add import and export support for ECC for PKCS11 #452 (ionut-arm)
- Add a SPIFFE based authenticator #449 (hug-dev)
- Add ECC functionality to PKCS11 prov #446 (ionut-arm)
- Enable coverage testing for TS provider #434 (ionut-arm)
- Create SECURITY.md #414 (ionut-arm)
- Add TPM provider cross-compilation #403 (ionut-arm)
- Added Option<Slot> to PKCS 11 Provider constructor #402 (Sven-bg)
Fixed bugs:
- If a response is an error, log it before sending it #417
- Fix ingress/egress trace logs #416
- Make
KeyInfoa private type #400 - Unable to build 0.7.2 for i686 (and ppc64/ppc64le) #379
- Unable to build 0.7.2 for armv7 #378
- Document clearly how Mbed Crypto provider keys are stored #373
- Fix code coverage reports #495 (ionut-arm)
- Modify the git submodule command #490 (hug-dev)
- Do not login if no user pin was entered #489 (hug-dev)
- Fix git command and use Arm machine #485 (ionut-arm)
- Fix CircleCI config format. #484 (ionut-arm)
- Add submodule initialisation to CircleCI #483 (ionut-arm)
- Make cross-compilation run on release version #454 (ionut-arm)
- Bump picky crate versions #443 (ionut-arm)
- Remove the TS coverage computation #436 (ionut-arm)
- Fix nightly workflow #435 (ionut-arm)
- Fix ServiceConfig import in fuzz_service #433 (ionut-arm)
- Fix Contributing link #415 (ionut-arm)
- Fix ownership of ibmtpm folder #385 (ionut-arm)
- Fix CircleCI config #384 (ionut-arm)
- Implement a few fixes #374 (ionut-arm)
Security fixes:
- Resurrect fuzz testing framework #422
- Set up Github security policy #398
- Investigate testing of Cryptoauthlib provider #315
- rust-spiffe: make sure that the claims returned by the validation operation are as expected #290
- rust-spiffe: provide a local validation of the JWT-SVID #289
- Revive the fuzz testing framework #429 (ionut-arm)
Closed issues:
- NXP PKCS#11 Parsec integration testing. #456
- Split the build tests on a different CI workflow #447
- Support ECC signing keys in the PKCS#11 provider #421
- Stability: Communication with backends #412
- Adopt CII Best Practices Badge from the LF #411
- Unable to build parsec 0.7.2 with rust 1.43.1. Parsec 0.6.0 builds fine. #409
- Stability: Build toolchain #408
- Stability: Environment variables #405
- Stability: Dynamic libraries dependencies #397
- Stability: systemd communication [#396](https://github.com/parallaxsecond/par...
0.7.0
Changelog
0.7.0 (2021-03-23)
Main features and bugfixes delivered
- Added support for admin clients in the service. Admins can perform two operations forbidden for other clients:
ListClients(returns a list of clients with active data available in at least one provider), andDeleteClient(which removes all data stored by the service for a given client). - Updated our PKCS11 backend to use an improved, higher-level crate (
cryptoki) that offers a safer interface. - Two new providers were added, one for ATECCx08 devices via CryptoAuthLib, and one for Trusted Services running in a Trusted Execution Environment. Both are under development and thus not ready for production deployments.
- Fixed a bug where all keys reported by
ListKeyswere shown asMbedCryptoProviderkeys.
Implemented enhancements:
- Stop the duplication of key ID conversions #331
- Add key management operations support #267
- Enable TS context initialization #266
- Create the Trusted Service bindings #265
- Improve import key support in TPM provider #251
- Investigate and define the work required for SPIFFE-based client identity management #232
- Make existence of key info consistent with existence of key #149
- Extract Docker images into own repo #124
- Add version structures for better handling of versions #43
- Rearrange modules for a more structured feel #32
- Change CI to use published Docker image #357 (ionut-arm)
- Improve coverage script #348 (ionut-arm)
- Add coverage checking in nightly run #347 (ionut-arm)
- Trusted service provider #330 (ionut-arm)
- Add admin configuration #316 (ionut-arm)
- Add new parsec provider using ATECCx08 cryptochip via CryptoAuthentication Library #303 (RobertDrazkowskiGL)
- Improve error handling in builder #298 (ionut-arm)
- Add Changelog file (#278) #280 (ionut-arm)
- Remove PKCS11 single thread lock (#264) #277 (ionut-arm)
Fixed bugs:
- Move the spiffe related features in its own branch #327
- Resolve default implementation issue for
list\_keysinProvide#312 - ListKeys should only be callable on the Core provider #310
- Service should not start if some components weren't built successfully #297
- No changelog for the releases #278
- PKCS11 multi-threading #264
- Fix ImportKey to allow importing private key #126
- PKCS 11 provider stress tests sometimes fail #116
- Update docker registry for TPM2 images #356 (ionut-arm)
- Run the Codecov script outside container #353 (ionut-arm)
- Fix code coverage docker command #352 (ionut-arm)
- Remove the spiffe-based authenticator #328 (hug-dev)
Security fixes:
- Add a test for admin operations #309
- Implement admin logic #308
- Investigate admin role and admin-level operations #292
- Add failure-counter mechanism #176
Closed issues:
- Implement ListClients and DeleteClient in the core provider #311
- Correct lint issues found after the toolchain upgrade to version 1.49.0 #305
- Investigate cross-compilation to Linux on Aarch64 #300
- Investigate adding ListClients and DeleteClient operations #293
- Consume the new, safer Rust PKCS#11 interface into Parsec when it is available #272
- Add a SPIFFE JWT-SVID multitenancy test #269
- Add a JWT-SVID Authenticator #268
- Investigate and define the work required for compatibility with Arm Firmware Framework for Armv8-A (FF-A) #247
Merged pull requests:
- Prepare for 0.7.0 release #363 (hug-dev)
- Update to latest TSS crate version #362 (ionut-arm)
- Enable code coverage for PKCS11, disable for TS #361 (ionut-arm)
- Add Edmund to Contributors list #359 (ionut-arm)
- Add myself to contributors, re. rust-cryptoki #358 (nickray)
- Add some cross-compilation tests #355 (hug-dev)
- Upgrade all dependencies to their latest version #345 (hug-dev)
- Create KeyInfoManagerClient #343 (ionut-arm)
- Parsec PsaHashCompare operation implementation for CryptoAuthLib provider #333 (akazimierskigl)
- Parsec PsaGenerateRandom operation implementation for CryptoAuthLib provider #325 (RobertDrazkowskiGL)
- Add consistency in key creation/deletion #324 (hug-dev)
- Make the authenticators their own features #322 (puiterwijk)
- Improve mandatory Provide methods #321 (ionut-arm)
- Use newest TSS crate #320 (ionut-arm)
- Add ListClients and DeleteClient operations #318 (hug-dev)
- Added support for PsaHashCompute to CryptoAuthLib provider. #317 (RobertDrazkowskiGL)
- Update service dependencies #314 (ionut-arm)
- Add a test checking ListKeys provider target #313 (hug-dev)
- Fix lint warning #306 (ionut-arm)
- Return correct key provider id in list_keys #302 (jn9e9)
- Use the new abstraction on the PKCS11 interface #301 (hug-dev)
- Switch Travis CI build to cron-only #299 (ionut-arm)
- Add a JWT-SVID authenticator #283 (hug-dev)
- Add Patrick to the contributor list #281 (puiterwijk)
0.6.0
Changelog
0.6.0 (2020-10-20)
Main features delivered
- Authentication support for Unix Peer Credentials (for Domain Sockets); authenticators are now configurable at runtime using
config.toml - Added support for an operation (
ListKeys) to list all keys belonging to a client - Removed filesystem checks (ownership/permissions) as we can now more safely rely on valid setup by the admin
Implemented enhancements:
- Add multitenancy testing infrastructure 👩🔧 #245
- Delete "Provider" suffix out of provider names #134
- Improve error message on service startup #260 (ionut-arm)
Fixed bugs:
Closed issues:
- Add authenticator configuration #270
- Assemble a PR checklist for code reviewers #258
- Adjust README disclaimer wording #231
Merged pull requests:
0.5.0
Changelog
0.5.0 (2020-10-02)
Main features delivered
- Moved the Parsec service assets to locations in the filesystem where they would match the FHS spec
- Added memory cleanup for sensitive buffers - before the memory is released, the contents are scrubbed away
Implemented enhancements:
- Creating a build-time configuration file #256
- Merge integration tests in E2E test suite #228
- Support dbus-parsec with NXP secureobj library #223
- Verify which dependencies can/should be updated #158
- Add more test cases #151
- Test Parsec installation as a systemd daemon #49
- Improve E2E testing #253 (ionut-arm)
- Upgrade and clean dependencies #246 (hug-dev)
- Import private key support for TPM provider #243 (joechrisellis)
- Allow software operations in PKCS11 provider #241 (ionut-arm)
- Improve key metadata handling #240 (ionut-arm)
- Add support for
psa\_generate\_randomoperation for MbedCrypto provider #208 (joechrisellis)
Fixed bugs:
- Memory cleanup of sensitive data #122
- Fix attribute conversion in PKCS11 provider #254 (ionut-arm)
- Fix sign attribute in PKCS11 #252 (ionut-arm)
- Add Uuid from the interface directly #242 (hug-dev)
- Add
buffer\_size\_limitconfig option for providers #233 (joechrisellis)
Security fixes:
Closed issues:
- Implement ListAuthenticators #216
- Better error message when file not found #210
- Implement an authenticator based on the domain socket peer credential #200
Merged pull requests:
- Add Unix peer credentials authenticator #214 (joechrisellis)