Release 0.23.0

This release contains following improvements and bugfixes:

• Improved information entropy in PowerAuth online signatures using BASE64 encoding.
• Improved protection of encrypted status blob against possible replay attacks.
• Improved protection of payload encrypted by our ECIES scheme.
• Improved protocol reliability by allowing the mobile client to synchronize its counter with the server.
• Spring vault integration for storing cryptographic material.
• Activation lookup and status update for multiple activations.
• Enabled Spring actuators health and info.
• Fixed transaction rollbacks in case of errors.
• Bouncy Castle library upgraded to 1.64.
• Dependency updates related to security advisories.

Release 0.22.1 - hotfix

Hotfix release which allows usage of biometry for vault unlock.

• #363: Allow vault key unlock with biometry

Release 0.22.0

This release contains following improvements and bugfixes:

• Java 11 support
• Support for activation using recovery codes and PUKs
• Allow biometry for offline signature verification
• External user ID is stored for actions on activations
• Added JBoss deployment descriptor
• Proxy and timeout configuration for HTTP callbacks
• Added PowerAuth Token time validity check
• Bouncy Castle library upgraded to 1.61
• Dependency updates related to security advisories

Release 0.21.0

This is a major release of PowerAuth Server component with support of PowerAuth protocol version 3. The release contains following improvements and bug fixes (among others):

• Versioning of SOAP and REST interfaces based on PowerAuth protocol version
• Versioning of methods in SOAP clients based on PowerAuth protocol version
• Implementation of ECIES encryption scheme for activations, tokens and vault unlock
• Introduction of hash-based counter for signatures
• Updated encrypted status blob in activations
• Support for activation codes with CRC checksum
• New endpoints for upgrade of activations and for obtaining ECIES decryptor
• Activation last change timestamp saved in database
• Logging migrated to SLF4J
• Performance improvements (indexes, locking of activations only when required)
• Dependency updates

Release 0.19.1 - hotfix

Hotfix release for the issue with Axis 2 SOAP client.

• #249: Backport fix of WSDL for vault unlock error state in Axis client

Release 0.19.0

• #39: Application level record encryption
• #71: Implement personalized and non-personalized variants of createOfflineSignaturePayload
• #55: Add version and buildTime to status endpoint
• #69: Improve logging of PowerAuth Server
• Migrate to Spring Boot 2.0
• Migrate to multiple sequences
• Support for Java 9 (Java 8 is still preferred)

Release 0.18.0

This is another major release of PowerAuth Server component. Among others, it contains following improvements and bug fixes:

• Added activation status change log to improve auditing.
• Added vault unlock reason to improve auditing and cleaner indication of semantics.
• Added activation block reason to improve auditing and unblock handling.
• Improved offline signatures.
• Fix transaction handling for concurrent DB transactions.
• Updated library dependencies.

Here is a full list of fixes in 0.18.0 milestone.

Please follow migration instructions to migrate from 0.17.x to 0.18.0.

Release 0.17.0

This version of PowerAuth Server introduces:

• Support for Token Based Authentication.
• Support for offline signatures.
• Fixed issue with counter increasing too eagerly.
• Minor changes and code enhancements.

Update notes:

When updating from 0.16.X and older releases, please create the new PA_TOKEN table - see the documentation. Optionally, uppercase values in all columns that contain signature type.

Release 0.16.0

This issue is a minor release, that contains updated license, fixed comments, updated version libs, and minor bugfixes.

First release in a separate maven repository.