Skip to content

v0.11.0
Compare
Choose a tag to compare
@ivard ivard released this 10 Nov 14:05
· 439 commits to master since this release
v0.11.0
0778649
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.

Added

  • Storage encryption functionality in irmaclient
  • Challenge response user authentication using ECDSA key pair between irma keyshare server and irmaclient
  • Support for multiple keyshare servers in irmaclient to improve testability
  • Extra configuration options for postgres database connections in irma keyshare server and irma keyshare myirmaserver
  • Rate limiting on sending emails to the same email address in a short time period by irma keyshare server and irma keyshare myirmaserver
  • Middleware to catch panics in HTTP handlers and return a 500 error instead
  • Performance test scripts for irma keyshare server
  • MyIRMA webclient service in docker-compose.yml to improve development setup
  • CI status check for i386 architecture
  • CodeQL static code analysis
  • Contact details for support, discussion and responsible disclosure
  • VSCode launch configuration

Changed

  • BREAKING: irmaclient requires minimum irma keyshare server version 0.11.0 (due to challenge response user authentication).
    irma keyshare server does support older irmaclient versions.
  • Updated dependencies
  • Phased out unmaintained jasonlvhit/gocron library and migrated to go-co-op/gocron
  • Made gocron usage more consistent
  • Phased out legacy irmaclient log entry formats
  • Consistently specify charset in HTTP responses when the content type is application/json
  • Applied the code convention changes of golang 1.19
  • Always use the latest version of golang in GitHub status checks
  • Improved input validation of email addresses
  • Improved testability of revoked credentials
  • Use new URL of timestamp server (atumd) in unit tests

Fixed

  • Broken retrieval of user from postgres database by irma keyshare server
  • Also remove legacy file storage when calling RemoveStorage in irmaclient
  • irma keyshare myirmaserver requests login and email attribute options as conjunction instead of as disjunction
  • Chained sessions did not work due to bug in irma keyshare server
  • Attributes from multiple issuer schemes could not be mixed in chained sessions
  • Panics occurred during error handling in irmaclient
  • Avoid gocron panics in revocation code during irmaclient startup
  • Do not abort irma keyshare tasks run while looping over expired accounts and finding an invalid email address (quick fix)
  • Use subject value instead of file path value as email subject in account removed email of irma keyshare myirmaserver
  • Requestor JWT authentication did not work at revocation endpoint of irma server
  • Concurrency issues in irmaclient.Client.credential() and irma.Configuration.parseKeysFolder()

Security

  • Prevent that a user can detect whether a certain email address is registered at irma keyshare server and irma keyshare myirmaserver (vulnerable versions have never been live in production)

Note: On 23-01-2023 we fixed an issue in the irma CLI tool artifacts. This means that the file hashes have changed.

Assets 12
Loading