-
release@1.1.0
StableAll checks were successfulRelease / release (push) Successful in 1m16sgalambos released this
2026-06-03 11:47:56 +02:00 | 5 commits to main since this releaseWhat's New
Features
- add SPI-based CredentialFrameworkProvider resolution to PkiBootstrap via ServiceLoader
- add PkiBootstrap.openCredentialFramework() for provider-driven credential framework initialization
- register BcX509CredentialFrameworkProvider in META-INF/services
- introduce ConfigurableProvider.validateConfig(ProviderConfig) as a standard provider-side validation hook
- move integrations from lib to ext
- move content export from lib to ext
- rename affected packages for separate module distribution
- add universal AsyncBus infrastructure
- introduce SignatureWorkflow SPI and zeroecho-lib implementation
- refactor SPI/bootstrap to generic configurable providers
- add deterministic tests for PkiBootstrap with real SPI providers
- add filesystem-based PkiStore reference implementation
- PKI module core design
- add hybrid-derived key injection
- add hybrid key exchange framework
- add message-oriented agreement contexts for DH, ECDH and XDH
- introduce hybrid signature framework and signature trailer builder
- add ML-DSA and SLH-DSA streaming builders
- add ML-DSA (FIPS 204) support with policy enforcement
- SLH-DSA (FIPS 205) signature algorithm added
Bug Fixes
fix(build): update Foojay toolchain resolver for Gradle 9
- move generic backendId consistency validation into the default ConfigurableProvider validation routine
- enforce provider-local configuration validation from allocate() so direct provider use remains safe outside bootstrap
- add provider-specific validateConfig implementations for bootstrap-managed providers based on consumed configuration keys
- report unknown provider configuration keys through provider-local JUL warning logs without exposing values
- fail fast on malformed consumed configuration values instead of silently falling back where invalid input would mask operator error
- extend PkiBootstrapTest to cover CredentialFrameworkProvider bootstrap path
- extend PkiBootstrapTest to cover async and crypto.workflow initialization paths whose prefixed properties are cleared in test setup
- add negative bootstrap/provider validation coverage for backend mismatch and invalid configured values
- replace CryptoAlgorithms audit wrap instanceof chain with Java 21
- harden FsCodec determinism and persisted type round-trips
- align CSR PoP verification with standards-compatible signature validation
- make async approval deny propagation deterministic in signing bus tests
- proxy object might be returned
- harden audit runtime, fix gzip scanning, add bounds and docs
- add SLH-DSA security strength estimation for policy enforcement
- defensively copy secret and encapsulation before destroy()
Documentation
- expand JavaDoc and package-level documentation for CredentialFrameworkProvider bootstrap wiring, ServiceLoader usage, and configuration validation behavior
- update module structure documentation
Chores
- keep PkiBootstrap independent from implementation-specific BC framework classes and preserve provider autonomy over validation and diagnostics
- removal of the obsolete mockito-inline:5.2.0
- extract shared classic-leg wiring in HybridKexBuilder
- restore canonical LICENSE filename
- rename license temporarily
- update Gradle module wiring
- adjust JPMS descriptors and dependencies
- reduce IDE/Gradle drift by strengthening regression coverage
- standardize keyring pub/priv naming
- prepare for deprecated assignment replacement
- PMD 1.20.0 adaptation
- replace apache-cli deprecated methods
- update alg package docs
- deps upgrade
- PMD 8.0.0 obsolete rules replaced
- PMD warnings clean-up
- deprecated applied
- javadoc fixes (format)
- softprops/action-gh-release wants newline-delimited globs of paths
Downloads