beeper-0.76.7

v0.76.7

• Fix advisories for recently-added SVR enclaves.

v0.76.6

• The backup validator accepts the new "forward secrecy" format as well as the existing "ciphertext only" format.
• Added support for new CDSi and SVR2 enclaves.

v0.76.5

• Added HPKE operations to (EC)PublicKey---seal---and PrivateKey---open.
• Java: CompletableFuture now has a convencience factory method completedFuture, matching its namesake in java.util.concurrent.

v0.76.4

• Work around an issue with misbehaving write(2) calls on macOS.

v0.76.3

• Update Java publishing job to use new endpoint for Maven Central uploads.

v0.76.2

• Java: Fix lifetime management for bridged objects used with async functions; previously there was a window where they could get prematurely deallocated, leading to undefined behavior.
• Java: Simplify and fix the finalization of incremental mac streams.

beeper-0.76.1

v0.76.1

• Making a chat connection now accepts a locale (Java) or a list of language codes (Swift, TypeScript), which will set the default language to be used for any requests on that connection if provided.
• swift: Fingerpint mismatch error now contains both versions

v0.76.0

• The net-related RequestedInformation type in Java, Swift, and Rust has been renamed to ChallengeOption, and in some cases relocated, to reflect its broader usage. The cases within the type have not been changed.
• Java: documentation is now produced by Dokka instead of javadoc; for Kotlin-flavored docs, you can consume the -dokka Maven artifact instead of the -javadoc one.

v0.75.1

• backups: Update validation to reject EncryptedDigest with no transit info
• backups: Validate new backupTier field

v0.75.0

• X3DH handling has been removed from libsignal; X3DH PreKey messages will now be rejected as invalid. (Note for Rust clients: they are rejected as InvalidMessage rather than LegacyCiphertextVersion because that is more practical for the official Signal apps.) PQXDH will be required going forward and the Rust-level PreKeyBundle and related types have been updated to reflect this. There are no further API changes for the app languages.
• Node: All APIs now use Uint8Array instead of Buffer. This is a breaking change if you were relying on any of the APIs added to Buffer on top of Uint8Array, including the diverging behavior of slice() and toString().
• Require that device IDs in protocol addresses be in the range [1, 127]. This is a breaking change.
• Require Swift 6.0 to build LibSignalClient.
• Swift: use Data instead of [UInt8] as the type of buffers in arguments and return types.
• Java: remove Curve.kt from the public API.
• Java: port several classes to Kotlin; these changes are Java-compatible but might require changes in consuming Kotlin code.
• Android: acknowledgments for testing APIs are now shipped as assets/acknowledgments/libsignal-testing.md, feel free to strip them out in your build if you are also removing libsignal_jni_testing.so.
• iOS: the name of the acknowledgments file has changed from acknowledgments.plist to acknowledgments-ios.plist.

beeper-0.74.1

v0.74.1

• backups: Add integrityCheck to LocatorInfo

v0.74.0

• Integrate post-quantum ratchet in opt-in mode.

beeper-0.73.2

v0.73.2

• Android: Fix bug which can cause CompletableFuture to be stripped by ProGuard/R8.
• keytrans: Bridge to ffi

v0.73.1

• Backups: the now-deprecated remote content locator fields are ignored and the new FilePointer.locator_info field must be set.

v0.73.0

• Support for starting sessions with pre-quantum X3DH has been removed from Swift, Java, and TypeScript. PQXDH will be required going forward.
• Bridge registration service client to Swift.
• Net/Java: Some CompletableFutures are now cancellable!

beeper-0.72.1

v0.72.1

• Fixes a regression introduced in v0.68.1 where incoming PreKey messages would fail to decrypt if the local device had archived the corresponding session.
• Bridge registration service client to Swift.

v0.72.0

• Swift: sealedSenderEncrypt(message:for:from:sessionStore:identityStore:context:) and sealedSenderDecrypt(message:from:trustRoot:timestamp:sessionStore:identityStore:preKeyStore:signedPreKeyStore:context:) have been removed. The former was a simple wrapper around sealedSenderEncrypt(_:for:identityStore:context:) for 1:1 messages that didn't expose all the features of UnidentifiedSenderMessageContent, and the latter was never updated to support PQXDH messages. The Signal iOS app does not use either function. If you were using sealedSenderDecrypt, switch to UnidentifiedSenderMessageContent.init(message:identityStore:context:), and make sure to validate the resulting sender certificate and check for a self-send yourself before attempting to decrypt the inner message.
• The iOS minimum deployment target has been bumped to iOS 15.
• Unnecessary prefixes have been removed from file paths in log output.
• CDSI: fix handling of rate-limit-exceeded error to correctly parse the server-requested delay.
• Update incremental mac reading to support streaming videos.

beeper-0.71.0

v0.71.0

• A pre-key message sender's identity is stored after the message is decrypted.
• Java, Node, Swift: changed IdentityKeyStore.saveIdentity to return an enum.
• Java: Expose account registration via the registration service client.
• Node: RegistrationService.registerAccount takes account password as a string.
• keytrans: Bridge to Node
• net: Connections to Signal services (and to Cloudflare's DNS-over-HTTPS server) will now require TLS v1.3, which they would already have been using.
• net: Futures returned by ChatConnection.send() will now return more specific errors on failure
• New SVR2 enclaves for staging and production.
• keytrans: Support multiple auditors

beeper-0.70.0

v0.70.0

• Resuming an existing registration session now requires the phone number with for which the session was created.
• Make the registration service client available in Java.
• Enable registering an account via the Node registration service client.
• Java, Node, Swift: remove items marked as deprecated. This includes functions related to CDSI, HKDF, message backup validation, media sanitization, incremental MACs, and usernames.
• Android: Build with NDK 28, the latest stable.
• backups: Validate NotificationProfile::id

v0.69.1

• Node (GSE): Implement toToken() and encryptUserId() for
  CallLinkSecretParams
• The Net class (Network in Java) now stores a string-map of "remote
  config" information, intended for the same sort of server-provided
  configuration that the apps already have.
• Build for Android with 16KB page support, which makes the library
  usable on some newer Android devices that were previously not
  supported.
• Add in new CDSI enclave ID, now supporting Kyber HFS Noise channels.
• Swift: Allow initializing UnidentifiedSenderMessageContent from its
  serialized form. (Contributed by @saman3d!)

v0.69.0

• Net: Remove the fallback connect code paths for CDSI. This is a breaking change.
• backups: Validate ChatFolder::id
• Node: GroupIdentifier now has a custom toString() (to its base64 representation)
• Net: onConnectionInterrupted will now pass along ConnectedElsewhere and ConnectionInvalidated as disconnection reasons, when applicable.

v0.68.1

• Swift: GroupIdentifier is now CustomStringConvertible (to its hex bytes)
• Swift: [UInt8] and Data both now have a toHex() method backed by the Rust hex crate.
• backups: Release notes can now be included in a chat folder.
• net: Fix a bug where DNS-over-HTTPs lookups wouldn't attempt to make IPv4 and IPv6 connections
  to the nameserver in parallel.

v0.68.0

• Swift: Allow UnidentifiedSenderMessageContent to be constructed from a message type and opaque bytes by @saman3d
• net: Add a client for the registration verification service. This is currently only available via the Node bindings.
• Java: InputStreams created by MessageBackup.validate() are now correctly closed when the operation is complete.
• Node: The InputStream abstraction now has an optional close() method, which will be called by MessageBackup.validate() on any created streams when the operation is complete. If your InputStream already has a close() method, this may be a breaking change for you.
• backups: Enforce that messages with expiration timers < 24 hours are not included in Remote Backups.
• backups: Add support for LocalLocator for local backups

v0.67.6

• Retire old SVR2 staging enclave
• keytrans: Remove unused APIs
• backups: Relax check on session switchover update message authors
• Node: Don't error if an unauthenticated chat socket receives an
  empty list of alerts from the server.

v0.67.5

• Fix a bug in the Swift unauth chat listener that caused a crash on connect.

beeper-0.67.4

v0.67.4

• Android and iOS: ChatConnectionListener has a new optional callback
  for server alerts. (Already added for Node in v0.67.2.)
• Net.preconnectChat will start the connection process for an
  authenticated chat connection without needing a username and password
  ready.
• Rust: Update some dependencies (including boring) to the lastest
  compatible versions.
• Net: Harmonized WebSocket PING interval with the client keep-alive
  interval to conserve resources.
• Completely remove SVR3 support

v0.67.3

• Node: Fix packaging issue around net-related TypeScript code

v0.67.2

• Update nightly Rust compiler to the latest version.
• Our DoH resolver will no longer connnect to IPv6 DoH resolvers while
  IPv6 is disabled.
• Abstract Server(Private/Public)Params from endorsements. Reduces
  dependencies in clients and issuing servers.
• Add EndorsementPublicRootKey accessor to ServerPublicParams.
• Node: ChatListener has a new optional callback for server alerts.
  (iOS and Android coming later.)
• Add support for avatarColor/svrPin fields in backup protos
• Switch message chain key storage to store seed value rather than
  IV/MAC-key/key.

v0.67.1

• Net: try IPv6 in addition to IPv4 when connecting to the DNS-over-HTTPS
  resolver.

beeper-0.67.0

v0.67.0

• Net: expose old and new CDSI connect logic.
• Net: support uppercase scheme for proxy URL.
• Net: retire an old SVR2 enclave.
• Net: expose synchronous API for sending ChatConnection response.
• Net: improve the handling of Chat errors and the associated messages and error
  codes. This is a breaking change for Swift: a request that times out now
  produces a SignalError.requestTimeoutError(_:) instead of
  SignalError.connectionTimeoutError(_:).