CHANGELOG.rst 2.33 KB
Newer Older
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
Changes in `1.2.0 <http://matrix.org/git/olm/commit/?h=1.2.0>`_
===============================================================

This release updates the implementation of group session communications, to
include Ed25519 signatures on group messages, to ensure that participants in
group sessions cannot masquerade as each other.

These changes necessitate changes to the pickle format of inbound and outbound
group sessions, as well as the session_keys exchanged between them. No attempt
has been made to preserve backwards-compatibility:

* Attempting to restore old pickles will give ``OLM_CORRUPTED_PICKLE``.
* Attempting to send session_keys between old and new versions will give
  ``OLM_BAD_SESSION_KEY``.
* Attempting to send messages between old and new versions will give one of a
  number of errors.

There were also a number of implementation changes made as part of this
release, aimed at making the codebase more consistent, and to help with the
implementation of the group message signatures.


23
24
25
26
27
Changes in `1.1.0 <http://matrix.org/git/olm/commit/?h=1.1.0>`_
===============================================================

This release includes a fix to a bug which caused Ed25519 keypairs to be
generated and used insecurely. Any Ed25519 keys generated by libolm 1.0.0
Richard van der Hoff's avatar
Richard van der Hoff committed
28
or earlier should be considered compromised.
29
30
31
32
33
34

The fix necessitates a change to the format of the OlmAccount pickle; since
existing OlmAccounts should in any case be considered compromised (as above),
the library refuses to load them, returning OLM_BAD_LEGACY_ACCOUNT_PICKLE.


Richard van der Hoff's avatar
Richard van der Hoff committed
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
Changes in `1.0.0 <http://matrix.org/git/olm/commit/?h=1.0.0>`_
===============================================================

This release includes a fix to a bug which had the potential to leak sensitive
data to the application: see
https://github.com/vector-im/vector-web/issues/1719. Users of pre-1.x.x
versions of the Olm library should upgrade. Our thanks to `Dmitry Luyciv
<https://github.com/dluciv>`_ for bringing our attention to the bug.

Other changes since 0.1.0:

 * *Experimental* implementation of the primitives for group sessions. This
   implementation has not yet been used in an application and developers are
   advised not to rely on its stability.

 * Replace custom build scripts with a Makefile.

 * Include the major version number in the soname of libolm.so (credit to
   Emmanuel Gil Peyrot).