diff options
| author | Matthew Miller <matthew@millerti.me> | 2022-02-10 16:40:04 -0800 |
|---|---|---|
| committer | Matthew Miller <matthew@millerti.me> | 2022-02-10 16:40:04 -0800 |
| commit | ae2cbc392f3e56bf4a914e01b47f42a1620751b8 (patch) | |
| tree | 1c7cdec59710b22dc76f83c491ab79103ce58e68 | |
| parent | ef75d848a7da6ad8da773db53072be56dd43e6de (diff) | |
Update CHANGELOG to v4.4.0
| -rw-r--r-- | CHANGELOG.md | 13 |
1 files changed, 13 insertions, 0 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md index ab91912..219b12b 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,18 @@ # Changelog +## v4.4.0 + +**Packages:** + +- @simplewebauthn/server@4.4.0 + +**Changes:** + +- **[server]** Attestation statement verification involving FIDO metadata now correctly validates the credential public keypair algorithm against possible algorithms defined in the metadata statement. +- **[server]** The expired GlobalSign R2 root certificate for `"android-safetynet"` responses has been removed +- **[server]** Certificate path validation errors will now identify which part of the chain and which certificate has an issue +- **[server]** `verifyAuthenticationResponse()`'s `expectedChallenge` argument also accepts a function that accepts a Base64URL `string` and returns a `boolean` to run custom logic against the `clientDataJSON.challenge` returned by the authenticator (see v4.3.0 release notes for more info). + ## v4.3.0 **Packages:** |