diff options
Diffstat (limited to 'CHANGELOG.rst')
| -rw-r--r-- | CHANGELOG.rst | 69 |
1 files changed, 69 insertions, 0 deletions
diff --git a/CHANGELOG.rst b/CHANGELOG.rst new file mode 100644 index 0000000..0ab2eeb --- /dev/null +++ b/CHANGELOG.rst @@ -0,0 +1,69 @@ +Changes in `1.3.0 <http://matrix.org/git/olm/commit/?h=1.3.0>`_ +=============================================================== + +The release updates the group session identifier to avoid collisions. +The group sessions are now identified by their ed25519 public key. + +These changes alter the pickle format of outbound group sessions, attempting +to unpickle an outbound group session created with a previous version of olm +will give ``OLM_CORRUPTED_PICKLE``. Inbound sessions are unaffected. + +This release alters the format of group session_key messages to include the +ratchet counter. The session_key messages are now self signed with their +ed25519 key. No attempt was made to preserve backwards-compatibility. +Attempting to send session_keys between old and new versions will give +``OLM_BAD_SESSION_KEY``. + +Changes in `1.2.0 <http://matrix.org/git/olm/commit/?h=1.2.0>`_ +=============================================================== + +This release updates the implementation of group session communications, to +include Ed25519 signatures on group messages, to ensure that participants in +group sessions cannot masquerade as each other. + +These changes necessitate changes to the pickle format of inbound and outbound +group sessions, as well as the session_keys exchanged between them. No attempt +has been made to preserve backwards-compatibility: + +* Attempting to restore old pickles will give ``OLM_CORRUPTED_PICKLE``. +* Attempting to send session_keys between old and new versions will give + ``OLM_BAD_SESSION_KEY``. +* Attempting to send messages between old and new versions will give one of a + number of errors. + +There were also a number of implementation changes made as part of this +release, aimed at making the codebase more consistent, and to help with the +implementation of the group message signatures. + + +Changes in `1.1.0 <http://matrix.org/git/olm/commit/?h=1.1.0>`_ +=============================================================== + +This release includes a fix to a bug which caused Ed25519 keypairs to be +generated and used insecurely. Any Ed25519 keys generated by libolm 1.0.0 +or earlier should be considered compromised. + +The fix necessitates a change to the format of the OlmAccount pickle; since +existing OlmAccounts should in any case be considered compromised (as above), +the library refuses to load them, returning OLM_BAD_LEGACY_ACCOUNT_PICKLE. + + +Changes in `1.0.0 <http://matrix.org/git/olm/commit/?h=1.0.0>`_ +=============================================================== + +This release includes a fix to a bug which had the potential to leak sensitive +data to the application: see +https://github.com/vector-im/vector-web/issues/1719. Users of pre-1.x.x +versions of the Olm library should upgrade. Our thanks to `Dmitry Luyciv +<https://github.com/dluciv>`_ for bringing our attention to the bug. + +Other changes since 0.1.0: + + * *Experimental* implementation of the primitives for group sessions. This + implementation has not yet been used in an application and developers are + advised not to rely on its stability. + + * Replace custom build scripts with a Makefile. + + * Include the major version number in the soname of libolm.so (credit to + Emmanuel Gil Peyrot). |