Releases: wultra/powerauth-server
Release 1.8.2
This release contains the following improvements and bugfixes:
- Additional fix of deadlocks on MSSQL.
Release 1.8.1
This release contains the following improvements and bugfixes:
- Support for MSSQL.
- Fix deadlocks on MSSQL.
- Improve performance.
- FIDO2 improvements.
- Add STATUS_REASON to cancel operations.
- Escape data in the operation template.
- Dependency updates.
Release 1.7.2
This release contains the following bugfixes:
- Create operation does not return proximity OTP.
- DB migration issue in MS SQL.
- Missing external ID in FIDO2 operation.
Release 1.7.1
This release contains the following improvements and bugfixes:
- Improve performance of deleting values in table
pa_unique_values
. - FIDO2: Credential ID now contains operation data to allow display of operation data on hardware authenticator.
- FIDO2: Return excludeCredentials in registration challenge response to simplify filtering out already registered authenticators.
- FIDO2: Various fixes for the bugfix release.
Release 1.6.3
This release contains the following improvements and bugfixes:
- Improve performance of deleting values in table
pa_unique_values
.
Release 1.7.0
This release contains the following improvements and bugfixes:
- Integration of FIDO2 support into PowerAuth server compatible with a variety of software and hardware authenticators using WebAuthN protocol.
- Add support for OpenTelemetry Traceparent HTTP Header.
- User-Agent of the device approving/rejecting the operation is parsed as a Device object in callbacks and Operation detail responses.
- Dependency updates.
Second snapshot release of FIDO2 support (v2)
Second snapshot including support of FIDO2 protocol in PowerAuth (v2). Do not deploy to production, the functionality will be included in the 1.7.0 release.
Includes: https://github.com/wultra/powerauth-server/releases/tag/fido2-snapshot-20240319
Additional fix: #1417
Second snapshot release of FIDO2 support
Second snapshot including support of FIDO2 protocol in PowerAuth. Do not deploy to production, the functionality will be included in the 1.7.0 release.
Migration notes since first snapshot PoC for FIDO2 support:
- Database migration:
- datatype of
extras
column in tablepa_activation
changed tovarchar(4000)
- added tables
pa_application_config
andpa_fido2_authenticator
- migration guide and scripts are available in https://github.com/wultra/powerauth-server/blob/develop/docs/PowerAuth-Server-1.7.0.md
- Updated REST API parameters:
- parameter
credentialId
is used consistently instead ofid
orexternalId
(inAuthenticatorDetail
,AuthenticatorParameters
,AssertionVerificationRequest
,RegistrationResponse
) - parameter
operationType
changed totemplateName
inAssertionChallengeRequest
, added optional parameteruserId
to personalize the request - added parameter
allowCredentials
inAssertionChallengeResponse
and relatedAllowCredentials
type - update model classes are reflected in OpenDoc: http://[host]:[port]/powerauth-java-server/swagger-ui/index.html
- Updated signature types:
- by default all hardware authenticators use the
POSSESSION
signature type except Wultra hardware authenticator which usesPOSSESSION_KNOWLEDGE
signature type - signature types can be configured for different authenticators in table
pa_fido2_authenticator
- Supported authenticator attestations:
- added Basic Attestation using certificates next to existing Self Attestation
- Added configuration of FIDO2 functionality:
- it is possible to restrict allowed attestation formats using configuration key
fido2_attestation_fmt_allowed
in tablepa_application_config
as JSON array of strings, e.g. [ "packed" ] - it is possible to restrict authenticator AAGUIDs using configuration key
fido2_aaguids_allowed
in tablepa_application_config
as JSON array of strings, e.g. [ "5ad235f4-f1f3-4803-966f-1a1950e0f155", "e9b3c0e3-1f91-4d7a-aed2-8d651851866b" ] - it is possible to configure root CA certificates for Basic Attestation using configuration key
fido2_root_ca_certs
in tablepa_application_config
as JSON array with certificates in PEM format - new configuration property
powerauth.service.scheduled.job.fido2AuthenticatorCacheEviction
to set eviction period of internalpa_fido2_authenticator
cache
- Bugfix: parameter
externalId
inAssertionChallengeRequest
is no longer ignored - New validations:
- multiple registations of same
credentialId
no longer allowed - persistance and checking of assertion verification counter
- protocol checked in existing PowerAuth services
- AAGUID and attestation formats are checked in case configured
- Added logging and auditing for FIDO2 functionality, updated
extras
for activations andadditionalData
for operations
Release 1.6.2
This release contains the following improvements and bugfixes:
- Fixed Liquibase for MSSQL.
Release 1.4.4
This release contains the following improvements and bugfixes:
- Able to expose metrics for Prometheus, if enabled.