v0.19.1

Fix

• Bug in irmaclient that caused attributes to be stored in the wrong order in credential removal logs

v0.19.0

Changed

• Remove legacy storage from irmaclient
• Add support for issuing SD-JWT VC together with Idemix over the IRMA protocol to irmaclient and irmaserver
  • Irma servers can opt-in to SD-JWT VC issuance by configuring issuer certificates and private keys for SD-JWT VC
  • SD-JWT VCs are issued in batches of which the size is specified in the issuance request
  • SD-JWT VCs contain key binding public keys for which the private key is stored securely on the client
    • These holder/key binding public keys are provided to the issuer's irma server by the client during the commitments POST request
  • SD-JWT VC issuers are verified via certificates on the new Yivi trust lists, permissions are checked on the client via a custom json field in the certificates
  • Old Client was renamed to IrmaClient and was wrapped in new Client struct together with new OpenID4VPClient
• Add support for disclosing SD-JWT VC credentials over the OpenID4VP 1.0 protocol to irmaclient
  • Supports both direct_post and direct_post.jwt response modes
  • Supports DCQL queries for credentials that can be found in the schemes, specified by vct_values
  • Supports x509_san_dns client identifier prefix
  • Verifiers are trusted via x509 certificates on the new Yivi trust lists, attribute permissions are checked on the client via a custom json field in these certificates

Fix

• Solve issue that made log logo paths invalid on iOS after each update/recompilation

Security

• Fix for CVE GHSA-pv8v-c99h-c5q4 (Next session functionality can be used to do sessions on irma server without proper permissions)

v0.18.1

Fix

Bug in irmaclient that caused the pin challenge to always be called (at least) twice

v0.18.0

Changed

• Download schemes from https://schemes.yivi.app/ instead of https://privacybydesign.foundation/schememanager/

  Note: if the scheme auto-update mechanism is enabled in your irma server (enabled by default), please make sure outgoing
  network traffic is allowed from your irma server to schemes.yivi.app (51.158.130.42) and privacybydesign.foundation (37.97.206.70)

v0.17.1

Changed

• Make keyshare pin challenge more resilient by retrying when pin_challengeresponse fails due to a server conflict

Security

• Update github.com/golang-jwt/jwt/v4 from 4.5.1 to 4.5.2

v0.17.0

Added

• Option to generate and use scheme private keys encrypted with a passphrase

Changed

• Use golang version 1.23
• Make keyshare protocol more resilient by retrying when getResponse fails due to a server conflict

Fixed

• Key ID not being set correctly in keyshare JWTs
• Infinite loop in SSE go-routine in sessions with pairing mode enabled

Security

• Update go toolchain to 1.23.5
• Update golang.org/x/crypto to 0.32.0

Internal

• Fix docker-compose not being available for test jobs in default GH Actions runner image
• Dev: make sure keyshare and myirmaserver don't crash when using example configuration
• Add arm64 docker build to delivery workflow

v0.16.0

Added

• Option to configure client mtls redis cert and key for irma server, irma keyshare server and irma keyshare myirmaserver

Security

• Update go toolchain to 1.22.5
• Update github.com/hashicorp/go-retryablehttp dependency from 0.7.1 to 0.7.7

Internal

• Phase out deprecated GitHub Actions packages

v0.15.2

Security

• Update go toolchain to 1.22.1
• Update github.com/jackc/pgx/v5 dependency from 5.4.3 to 5.5.4

Internal

• Fix sqlserver tests in GitHub Actions workflow

v0.15.1

Fixed

• RemoveScheme function in irmaclient already stripping storage before checking whether the scheme is in assets

Security

• Update go toolchain to 1.21.5

v0.15.0

Added

• Support for Redis in Sentinel mode
• Redis support for irma keyshare server and irma keyshare myirmaserver
• /health endpoint for irma server, irma keyshare server and irma keyshare myirmaserver
• RemoveRequestorScheme function in irmaclient to remove a requestor scheme from the irma_configuration directory

Changed

• Using optimistic locking in the irma server instead of pessimistic locking
• storage-fallback-key-file option of irma keyshare server being replaced by storage-fallback-keys-dir option

Fixed

• HTTP cookies not stored in irmaclient when received from a Set-Cookie header
• Invalid hostname specified in MX record bypasses e-mail address revalidation
• Background revocation tasks not stopped when closing an irmaclient
• RemoveScheme function in irmaclient not deleting issuer schemes without a keyshare server (#260)

Internal

• Fixed issue with expired irma-demo.MijnOverheid key in testdata
• Always use testdata of current branch for integration-test jobs in GitHub Actions workflow