Skip to content

0.15.0

Compare
Choose a tag to compare
@G1gg1L3s G1gg1L3s released this 21 Jun 21:31
· 12 commits to master since this release
d925c3b

0.15.0, June 21st 2023

TL;DR:

  • Uncompressed EC public keys are now supported.
  • Increased PBKDF2 iteration count from 200000 to 314110 for Secure Cell passphrase mode.
  • OpenSSL 3.0 is now supported.
  • Pythemis now uses pyproject.toml.
  • And as usual: enhanced security measures and fixed bugs.

Breaking changes and deprecations:

  • AndroidThemis build requires Gradle 7.3, Android SDK 11, Android NDK 25.
  • Some Soter functions are deprecated.
  • Node.js 8 is no longer supported.
  • Rust SecureSessionTransport implementations are now Send.
  • Rust 1.58 is now the minimum supported version.

Code:

  • Core

    • Uncompressed EC public keys are now supported (#959, #954)

    • Themis will generate uncompressed EC public keys when THEMIS_GEN_EC_KEY_PAIR_UNCOMPRESSED=1 environment variable is set (#959)

    • Increased PBKDF2 iteration count to maintain security of Secure Cell passphrase mode (#976).

    • Bumped embedded BoringSSL to the latest version (#1004).

    • Soter (low-level security core used by Themis)

      • soter_sign_export_key() is now deprecated, superseded by soter_sign_export_private_key() and soter_sign_export_public_key() (#959)
      • better OpenSSL 3 support, with many EC- and RSA-related deprecated functions being replaced with newer alternatives, and OpenSSL 1.X is still supported
      • removed build option THEMIS_EXPERIMENTAL_OPENSSL_3_SUPPORT since building/linking with OpenSSL 3 now works out of the box
  • Android

    • AndroidThemis build from source now requires Gradle 7.3, Android SDK 11, Android NDK 25 (#942).
  • Node.js

    • Node.js v8 is no longer supported (#901).
    • Fixed bug that leads to segfauls if key pair generation fails (#999)
  • Python

    • pythemis.scomparator and pythemis.skeygen are now imported with from pythemis import * (#914).
    • Pythemis supports pyproject.toml as a main way of building packages. The old setup.py is preserved for backwards compatibility (#1006).
  • Ruby

    • Improved compatibility with non-standard installations on Apple M1 (#917).
  • Rust

    • SecureSessionTransport implementations are now required to be Send (#898).

      This is technically a breaking change, but most reasonble implementations should be Send already. Please raise an issue if your code fails to build.

    • Minimum supported Rust version is now 1.58 (#977, #984).

    • Bindgen is pinned to 0.66.1 on CI (#1008).

  • WebAssembly

    • Node.js v8 is no longer supported (#901).