1
0
Fork 0
mirror of https://github.com/pgpainless/pgpainless.git synced 2024-12-26 12:58:02 +01:00

Update changelog

This commit is contained in:
Paul Schaub 2021-12-13 13:21:44 +01:00
parent af8d04c66f
commit bf5510893d
Signed by: vanitasvitae
GPG key ID: 62BEE9264BF17311

View file

@ -5,6 +5,27 @@ SPDX-License-Identifier: CC0-1.0
# PGPainless Changelog
## 1.0.0-rc7-SNAPSHOT
- Make `Passphrase` comparison constant time
- Bump Bouncycastle to 1.70
- Use new `PGPCanonicalizedDataGenerator` where applicable
- Implement decryption with user-provided session key
- Remove workaround for invalid signature processing
- Remove Blowfish from default symmetric decryption/encryption policy
- When adding/generating keys: Check compliance to `PublicKeyAlgorithmPolicy`
- Fix `BaseSecretKeyRingProtector` misinterpreting empty passphrases
- SOP: Fix NPE when attempting to sign with key with missing signing subkey
- Describe Threat Model in [pgpainless-core/README.md]
- Fix NPE when attempting to decrypt GNU_DUMMY_S2K key
- Validate public key parameters when unlocking secret keys
- Introduce iteration limits to prevent resource exhaustion when
- reading signatures
- reading keys
- `CachingSecretKeyRingProtector`: Prevent accidental passphrase overriding via `addPassphrase()`
- `EncryptionOptions`: replace method argument type `PGPPublicKeyRingCollection` with `Iterable<PGPPublicKeyRing>` to allow for `Collection<PGPPublicKeyRing>` as argument
- `SigningOptions`: replace method argument type `PGPSecretKeyRingCollection` with `Iterable<PGPSecretKeyRing>` to allow for `Collection<PGPSecretKeyRing>` as argument
- Prevent message decryption with non-encryption subkey
## 1.0.0-rc6
- Restructure method arguments in `SecretKeyRingEditor`
- Add explanations of revocation reasons to `RevocationAttributes`