diff --git a/CHANGELOG.md b/CHANGELOG.md index d918029c..096d3496 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,24 @@ All notable changes to this project will be documented in this file. +## 0.7.0 - 2024-07-17 + +### Features + +- Add an [Elliptic Curve Integrated Encryption + Scheme](https://en.wikipedia.org/wiki/Integrated_Encryption_Scheme). This + scheme can be used to establish a secure *ephemeral* encrypted channel, in + situations for which Olm may be unsuitable due to complexity or the + unavailability of long-term identity keys. There is also support for + out-of-band authentication of the receiver side. The scheme was designed + primarily for purposes of implementing Matrix QR code login. + ([#151](https://github.com/matrix-org/vodozemac/pull/151)). + +### Security + +- Use a constant-time Base64 encoder for secret key material to mitigate + side-channel attacks leaking secret key material ([#156](https://github.com/matrix-org/vodozemac/pull/156)). + ## [0.6.0] - 2024-05-06 ### Security Fixes diff --git a/Cargo.toml b/Cargo.toml index f60ebc44..8ff4f1d8 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -6,7 +6,7 @@ authors = [ name = "vodozemac" description = "A Rust implementation of Olm and Megolm" repository = "https://github.com/matrix-org/vodozemac" -version = "0.6.0" +version = "0.7.0" edition = "2021" keywords = ["matrix", "chat", "messaging", "olm", "cryptography"] license = "Apache-2.0" @@ -35,30 +35,30 @@ base64 = "0.22.1" base64ct = { version = "1.6.0", features = ["std", "alloc"] } cbc = { version = "0.1.2", features = ["std"] } chacha20poly1305 = "0.10.1" -curve25519-dalek = { version = "4.1.2", default-features = false, features = ["zeroize"] } +curve25519-dalek = { version = "4.1.3", default-features = false, features = ["zeroize"] } ed25519-dalek = { version = "2.1.1", default-features = false, features = ["rand_core", "std", "serde", "hazmat", "zeroize"] } -getrandom = "0.2.14" +getrandom = "0.2.15" hkdf = "0.12.4" hmac = "0.12.1" matrix-pickle = { version = "0.2.0" } pkcs7 = "0.4.1" -prost = "0.12.4" +prost = "0.13.1" rand = "0.8.5" -serde = { version = "1.0.200", features = ["derive"] } -serde_bytes = "0.11.14" -serde_json = "1.0.116" +serde = { version = "1.0.204", features = ["derive"] } +serde_bytes = "0.11.15" +serde_json = "1.0.120" sha2 = "0.10.8" -subtle = "2.5.0" -thiserror = "1.0.59" +subtle = "2.6.0" +thiserror = "1.0.62" x25519-dalek = { version = "2.0.1", features = ["serde", "reusable_secrets", "static_secrets", "zeroize"] } -zeroize = "1.7.0" +zeroize = "1.8.1" [dev-dependencies] -anyhow = "1.0.82" +anyhow = "1.0.86" assert_matches = "1.5.0" assert_matches2 = "0.1.2" olm-rs = "2.2.0" -proptest = "1.4.0" +proptest = "1.5.0" [patch.crates-io] olm-rs = { git = "https://github.com/poljar/olm-rs" } diff --git a/cliff.toml b/cliff.toml index d429497e..e3a2463b 100644 --- a/cliff.toml +++ b/cliff.toml @@ -39,6 +39,7 @@ commit_preprocessors = [ ] # regex for parsing and grouping commits commit_parsers = [ + { message = ".*[sS]ecurity", group = "Security"}, { message = "^feat", group = "Features"}, { message = "^fix", group = "Bug Fixes"}, { message = "^doc", group = "Documentation"}, @@ -49,7 +50,6 @@ commit_parsers = [ { message = "^chore\\(release\\): prepare for", skip = true}, { message = "^chore", skip = true}, { message = "^ci", skip = true}, - { body = ".*[sS]ecurity", group = "Security"}, ] # filter out the commits that are not matched by commit parsers filter_commits = true