Skip to content

Latest commit

 

History

History
314 lines (220 loc) · 13.2 KB

CHANGELOG.md

File metadata and controls

314 lines (220 loc) · 13.2 KB

Revision history for rsasl

All notable changes are documented or linked to in this file. The format of the changelog is based on 'Keep a Changelog'. In short, this changelog is sorted the most recent release at the top, and the first section documents features that are in the development branch but have not yet landed in the main branch from which releases are generated.

rsasl adheres to Semantic Versioning; with the notable exception of custom mechanism support and excluding bug-fixes there will not be any backwards-incompatible changes within a major version release.

The MSRV (minimum supported Rust version) of the project is documented in the Cargo.toml and in the README. Changes to the MSRV are considered a non-breaking change and thus can happen in a MINOR release. They will however never happen in a patch release.

Upcoming Changes — Not Yet ;)

Changes rendered on GitHub

v2.2.0 — 2024-10-15

Changes rendered on GitHub

Fixed

  • #58 — Constructing OAuthBearerError is not (directly) possible
  • #57 — Export types for unstable_custom_mechanism feature

v2.1.0 — 2024-08-21

Changes rendered on GitHub

Added

  • SCRAM-SHA-512 and SCRAM-SHA-512-PLUS mechanisms were added by WenyXu

Fixed

  • #26 — SCRAM-SHA512 and SCRAM-SHA512-PLUS support

    The two mechanisms have been added by WenyXu, as mentioned above

v2.0.2 — 2024-08-10

Changes rendered on GitHub

Added

  • Mathieu-Lala added a lot of build engineering, improving the CI and adding dependabot alerts.

Changed

  • Mathieu-Lala also moved the I/O-dependant code from acid_io to core2. This change is not user-visible as it only applies to no_std systems which are not supported yet.

Fixed

  • #41 — Library not compiling on rust v1.82.0 Changes in the typechecker made rsasl not compile on Rust versions past v1.81. Thanks to Mathieu-Lala this was fixed for rsasl v2.0.2

v2.0.1 — 2023-09-12

Changes rendered on GitHub

Fixed

  • #29 — GSSAPI fails to build on macOS

    This issue seems to be caused by the same problem as estokes/libgssapi#2. Building libgssapi without default features solves this build issue.

v2.0.0 — 2023-02-04

Changes rendered on GitHub

Added

  • GSSAPI mechanism implementation
  • Security layer functionality in Session
  • Mechanisms preference can be selected by implementations of Callback using Callback::prefer.

Changed

  • Recursive callbacks calls are now prevented by making property methods on MechanismData take &mut self. See ADR-0003 ([crate::docs::adr] on docs.rs, GitHub link otherwise) for further details about why this change was done.

Fixed

  • #9 — GSSAPI Mechanism support

  • #18 — Decide if recursive callback calls are acceptable

    Closed by the above change explicitly making them impossible

v2.0.0-rc.4 — 2022-11-22

Changes rendered on GitHub

Added

  • SASLClient::start_suggested can now be called with any impl IntoIterator<Item=&&Mechname>. As &[&Mechname] does implement this trait no changes are required for users of this method.
  • A new method SASLClient::start_suggested_iter is added that takes impl IntoIterator<Item=&Mechname>, i.e. an iterator with a layer of indirection removed compared to the non-_iter variant. This variant is more efficient if direct references to &Mechname can be constructed. It also may be easier to use with a zero-copy parsing approach than the non-_iter variant.

Changed

  • MSRV was raised to rustc 1.61.0 due to that release stabilizing generic parameters in const fn.

v2.0.0-rc.3 — 2022-10-12

Changes rendered on GitHub

Changed

  • Thanks to Mathieu Lala work rsasl is much closer to a stable release! PR#19 fixes most clippy lints and marks externally visible structs and enums #[non_exhaustive] so we don't program ourselves into a corner.

Fixed

  • #14 — Ensure types that are visible by external crates can be extended without breaking semver.

    This fix makes using rsasl safer for downstream crates as version updates have a smaller change of breakage and uphold more semver guarantees.

v2.0.0-rc.2 — 2022-09-28

Changes rendered on GitHub

Added

  • All dependencies on std::io::Write have been moved to acid_io::Write from the acid_io crate. This will make moving towards a #[no_std]-enabled version of rsasl easier, as the move of std::io into core is still somewhat far off. All types implementing std::io::Write also automatically implement acid_io::Write, so no changes to downstream code should be necessary.
  • An OAUTHBEARER mechanism implementation

Changed

  • Finished the changes started in -preview12 and -rc.1; instead of Session::step and Session::step64 returning a tuple they now only return a State which contains a two-valued enum for "was a message produced". This means the previous (potentially wrong!) "message size" is now not returned anymore. Clients that must know the exact length of output written (e.g. because the surrounding protocol includes length values, or they need to special-case zero-length messages) should use a length-tracking writer.

    To move to the new version, instead of e.g. the following:

    let (state, written) = session.step(input, &mut output)?;

    code must now use

    let state = session.step(input, &mut output)?;
let written = state.has_sent_message();

    for the same effect.

Fixed

  • The client-side XOAUTH2 implementation now correctly indicates a final (empty) message to be sent when an error was returned by the server.
  • #10 — OAUTHBEARER Mechanism support

v2.0.0-rc.1 — 2022-08-30

Changes rendered on GitHub

v2.0.0-rc.1 is a re-release of the v2.0.0-preview12 version due to me messing up the pre-release version numbering of the preview releases. preview12 is ordered alphanumerically as mixed ASCII and thus considered smaller than preview9. To enforce numeric sorting the number must be separated using a dot, so e.g. preview.12. However preview.12 is considered smaller than all previewXX releases because it is shorter. Thus rsasl now uses rc as 'r' is sorted after 'p' and thus 'rc.X' > 'previewYZ'. Sorry for the confusion.

v2.0.0-preview12 — 2022-08-30

Changes rendered on GitHub

Added

  • New integration tests that should make it easier to test rsasl against other implementations

Changed

  • Session::step64 did not return the actual bytes written but the bytes encoded into base64. As the exact length isn't know step64 now returns a bool instead of an Option<usize> to indicate if a message should be sent.

v2.0.0-preview11 — 2022-08-25

Changes rendered on GitHub

Fixed

  • Fixed a bug where the XOAUTH2 mechanisms were registered as PLAIN instead, making all PLAIN authentication fail.

v2.0.0-preview10 — 2022-08-24

Changes rendered on GitHub

Fixed

  • ANONYMOUS client now correctly allows no token to be provided
  • ANONYMOUS server will now correctly allow no token to be provided by a client
  • EXTERNAL client now correctly requests an optional AuthzId instead of a required AuthId
  • EXTERNAL server now correctly provides Authzid instead of Authid
  • PLAIN client correctly rejects empty authid or password. Empty authzid is still treated as no authzid provided.
  • PLAIN server now allows non-UTF8 passwords, and does not apply saslprep to the authzid anymore. If authid or password are empty after saslprep an error is returned.
  • SCRAM server now calls validate correctly

v2.0.0-preview9 — 2022-08-08

Changes rendered on GitHub

Changed

  • Mechname::new is now more appropiately named Mechname::parse
  • SASLConfig::with_credentials only enabled LOGIN if no authzid is provided
  • Session is now Send + Sync

Fixed

  • XOAUTH2 now compiles with the msrv 1.56.0
  • clippy passes the code with default lints now

v2.0.0-preview8 — 2022-08-05

Changes rendered on GitHub

rsasl is now licensed under Apache-2.0 and MIT dual license.

Added

  • Properties can now contain data with other lifetimes than 'static
  • XOAUTH2 mechanism, both server and client-side.
  • Testing utilities for the server side of an authentication exchange

Changed

  • Request::satisfy_with is now limited to SizedProperty.
  • The -PLUS variants of SCRAM aren't automatically registered by the static registry anymore. Instead they should be manually registered if they are to be used.

Fixed

  • Fixed 'actionable' callbacks not correctly indicating they were handled

v2.0.0-preview7 — 2022-07-30

Changes rendered on GitHub

First 'alpha' release of rsasl 2.0.0, with most of the API stabilized enough that testing if rsasl is usable by third-party crates in other situations than BFFH is possible.

Examples of using rsasl in other crates:

v2.0.0-preview1 — 2021-12-03

Changes rendered on GitHub

First preview release for the pure-Rust version. This is a full rewrite of rsasl, changing just about every part of the code. Most of the code was transpiled using c2rust and then ported piece by piece to more sensible and modern Rust.

Big thanks to all c2rust contributors making this release possible.

v1.4.1 — 2021-10-20

Changes rendered on GitHub

  • Fixes potential bad pointer conversion on non-x86 targets

v1.4.0 — 2021-10-09

  • Usability improvements with better type aliases

1.3.0 — 2021-10-02

  • Improved error messages

1.2.0 — 2021-10-02

  • SaslError marked Eq and Ord
  • Fixes a null-pointer panic when passing invalid SaslErrors

1.0.0 — 2021-04-06

  • Initial stabilized release