beeper-0.84.0

v0.84.0

• keytrans: Verify signatures from all auditors
• Java: Fixed IdentityKeyPair(byte[]) to correctly declare that it throws InvalidKeyException.
• Node: Add BackupsJsonExporter, to convert Backup proto objects to human-readable JSON for export.

beeper-0.83.0

v0.83.0

• backups: Support polls in backup validator
• spqr: Remove client-provided options to turn on/off SPQR, defaulting to on everywhere.

v0.82.1

• keytrans: Unify errors with other typed APIs
• Locally-closed WebSocket connections now explicitly send close code 1000 instead of an empty close frame
• node: Buffer is explicitly imported from node:buffer

beeper-0.82.0

beeper

• Enabled LTO for iOS and Android builds

v0.82.0

• Node: migrate libsignal-client to the ECMAScript module format (from CommonJS).
• Node: interfaces now use property notation for method requirements, which TypeScript can check more strictly.
• net: Direct connections to the Signal servers will be tried as a fallback if connecting through an HTTP or SOCKS proxy fails or takes too long.

v0.81.1

• Enable negotiating permessage-deflate support for chat websocket connections, if configured.
• Net: remove Noise connection shadowing for staging Chat websocket connections.

v0.81.0

• KyberPreKeyStore.markKyberPreKeyAsUsed now takes three arguments, to allow tracking how the pre-key is used: the Kyber pre-key ID, the signed EC pre-key ID, and the session base key.
• We now always defer to an HTTP/HTTPS proxy for DNS resolution.

beeper-0.80.3

v0.80.3

• Internal changes and logging updates only

v0.80.2

• backups: Add logging to BackupAuthCredentialRequestContext_ReceiveResponse internals

v0.80.1

• Sealed sender SenderCertificates can now use a bytes representation for the sender, and may avoid embedding their signing ServerCertificate in favor of referencing a "known" certificate baked into libsignal. See sealed_sender.proto and the KNOWN_SERVER_CERTIFICATES list in the source for more details.

v0.80.0

• backups: relax restriction that backups with backup_tier == free cannot have backupsSubscriberData
• Migrate crates to Rust 2024 edition.
• Desktop: add a distinct error type for incremental mac verification failures.

v0.79.1

• The first "Typed API" service interface for chat-server, UnauthUsernamesService, has been added to libsignal's app layer.
• The libsignal-net remote config option chatRequestConnectionCheckTimeoutMillis controls a new check: if a chat request hasn't been responded to in this amount of time, libsignal will check if the connection is using the preferred network interface, and close it early if not.
• Java: CertificateValidator.validate(SenderCertificate, long) is once again open for testing.
• backups: Validate quote body length
• MSRV has been increased to 1.85

beeper-0.79.0

v0.79.0

• Rust: libsignal-protocol's fingerprint-related operations have a dedicated error type now, FingerprintError, rather than reusing SignalProtocolError.
• backups: validate presence of OutgoingMessageDetails.dateReceived, remove deprecated BackupLocator/AttachmentLocator/LocalLocator

v0.78.3

• keytrans: Distinguish self-monitoring from monitoring for others
• Net: Shadow Chat websocket connections in staging with Noise Direct connections when enabled via remote config.

beeper-0.78.2

v0.78.2

• Finalize errors produced by SVR-B operations.

v0.78.1

• backups: Add support for call link epochs.
• Rust: libsignal_net_infra::ws2 has been merged into libsignal_net_infra::ws, with Connection and Config included directly and helper types available under ws::connection. The old ws::WebSocketConfig has been removed.
• Android: run TLS verification on a dedicated thread.

beeper-0.78.0

v0.78.0

SVR-B

• Operations have been consistently renamed to store and restore.
• restore now returns an object containing both the BackupForwardSecrecyToken for decryption, and "secret data" to be used in the first store after restoration.
• SvrB now has a createNewBackupChain method, allowing you to locally persist the backup "secret data" before the first store to SVR-B for a fresh install.
• With the first two changes, the secret data argument to restore is now required. See doc comments for more details.

Other changes

• Rust: SessionRecord::has_usable_sender_chain now takes an additional parameter to specify which criteria make a session "usable" beyond simply having a sender chain. The previous behavior can be requested by using SessionUsabilityRequirements::NotStale.

v0.77.1

• Add more logging for network connectivity issues

v0.77.0

• Java: Align cancellation behavior of our CompletableFuture with the one from OpenJDK:
  • The parameter to cancel() is ignored.
  • completeExceptionally(someCancellationException) is treated as a cancellation.
  • get() can now directly throw CancellationExceptions (as documented) instead of wrapping them in ExecutionException.
  • Cancellations of libsignal operations continue to propagate bidirectionally when using CompletableFuture's transformation methods, unlike the version in OpenJDK.
    As a bonus, CompletableFuture now supports the handle() transformation.
• Exposed the new SVR-B API to TypeScript, Swift, and Kotlin.
• BackupForwardSecrecyTokens can now be used to derive MessageBackupKeys.
• Downgraded some networking-related error logs to warnings.

beeper-0.76.7

v0.76.7

• Fix advisories for recently-added SVR enclaves.

v0.76.6

• The backup validator accepts the new "forward secrecy" format as well as the existing "ciphertext only" format.
• Added support for new CDSi and SVR2 enclaves.

v0.76.5

• Added HPKE operations to (EC)PublicKey---seal---and PrivateKey---open.
• Java: CompletableFuture now has a convencience factory method completedFuture, matching its namesake in java.util.concurrent.

v0.76.4

• Work around an issue with misbehaving write(2) calls on macOS.

v0.76.3

• Update Java publishing job to use new endpoint for Maven Central uploads.

v0.76.2

• Java: Fix lifetime management for bridged objects used with async functions; previously there was a window where they could get prematurely deallocated, leading to undefined behavior.
• Java: Simplify and fix the finalization of incremental mac streams.

beeper-0.76.1

v0.76.1

• Making a chat connection now accepts a locale (Java) or a list of language codes (Swift, TypeScript), which will set the default language to be used for any requests on that connection if provided.
• swift: Fingerpint mismatch error now contains both versions

v0.76.0

• The net-related RequestedInformation type in Java, Swift, and Rust has been renamed to ChallengeOption, and in some cases relocated, to reflect its broader usage. The cases within the type have not been changed.
• Java: documentation is now produced by Dokka instead of javadoc; for Kotlin-flavored docs, you can consume the -dokka Maven artifact instead of the -javadoc one.

v0.75.1

• backups: Update validation to reject EncryptedDigest with no transit info
• backups: Validate new backupTier field

v0.75.0

• X3DH handling has been removed from libsignal; X3DH PreKey messages will now be rejected as invalid. (Note for Rust clients: they are rejected as InvalidMessage rather than LegacyCiphertextVersion because that is more practical for the official Signal apps.) PQXDH will be required going forward and the Rust-level PreKeyBundle and related types have been updated to reflect this. There are no further API changes for the app languages.
• Node: All APIs now use Uint8Array instead of Buffer. This is a breaking change if you were relying on any of the APIs added to Buffer on top of Uint8Array, including the diverging behavior of slice() and toString().
• Require that device IDs in protocol addresses be in the range [1, 127]. This is a breaking change.
• Require Swift 6.0 to build LibSignalClient.
• Swift: use Data instead of [UInt8] as the type of buffers in arguments and return types.
• Java: remove Curve.kt from the public API.
• Java: port several classes to Kotlin; these changes are Java-compatible but might require changes in consuming Kotlin code.
• Android: acknowledgments for testing APIs are now shipped as assets/acknowledgments/libsignal-testing.md, feel free to strip them out in your build if you are also removing libsignal_jni_testing.so.
• iOS: the name of the acknowledgments file has changed from acknowledgments.plist to acknowledgments-ios.plist.

beeper-0.74.1

v0.74.1

• backups: Add integrityCheck to LocatorInfo

v0.74.0

• Integrate post-quantum ratchet in opt-in mode.