v3.6.1: Update dependencies

Two of the dependencies (openssl and whoami) were discovered to have vulnerabilities which were fixed in minor or patch releases. This crate has been updated to insist that the minor/patch release number of these dependencies is high enough to ensure use of a patched version.

There is no reason to think that the vulnerabilities in these dependencies could have been exercised through this crate. In addition, builds of clients done after the dependencies were patched would have already picked up the non-vulnerable versions. So this change is simply to ensure that future builds cannot use the vulnerable versions.

There are no code changes in this release.

v3.6.0: Add new combination keystore

This release contains a new credential store for Linux: a combination of keyutils (for use by headless processes) and secret service (for persistence of credentials beyond reboot). Thanks very much to @soywod for the contribution!

v3.5.0: Add debug logging of internal operations

• Add debug logging of internal operations (thanks to @soywod).
• Revert iOS security-framework dependency to v2 (see #225).

v3.4.0: allow simultaneous use of secret-service and keyutils

As pointed out in #214, it is possible to use both the secret-service and the keyutils credential stores at the same time, so this should be an allowed combination of specified features. This release allows that combination, selecting the secret-service as the default keystore but also loading the keyutils keystore.

v3.3.0: Support additional credential store attributes

• Add support for credential-store attributes other than those used by this crate. This allows the creation of credentials that are more compatible with 3rd-party clients, such as the OS-provided GUIs over credentials. Fixes #208.
• Make the textual descriptions of entries consistently follow the form user@service (or user@service:target if a target was specified).

v3.2.1: Re-enable access to v1 credentials

The v3.2.0 release, which fixed #204, had an unfortunate side effect: it broke compatibility with credentials that were originally written by a v1.x release (see #207). This bug-fix release restores that compatibility.

With this change, the CLI changes in v3.2.0 have been reverted, because they are no longer necessary.

v3.2.0: Improve secret-service handling of targets

As reported in #201 and now fixed in #204, the secret-service credential store implementation could not disambiguate credentials that were created with different targets unless the collections containing those targets had already been unlocked.

The fix for this issue introduces a compatibility break: secret-service credentials created by the keyring v1 implementation, which were readable using platform-independent code in keyring v2, are no longer readable without using platform-specific code in v3. The necessary platform-specific code is very simple, and it has been added to the CLI (both for documentation purposes and to allow the CLI to access v1 credentials). The comments in issue #204 explain why the decision was made to add this secret-service-specific compatibility break; these include the fact that keyring v2 was released 18 months ago so only those users who haven't changed their password in a very long time would still have a v1 credential in their secret-service store.

The README has been updated to address this compatibility break and to provide recommendations for keyring clients who want to update their code to make sure users with old credentials are not impacted.

v3.1.0: enhance the CLI

As reported in #201, the CLI had a couple of problems:

• It didn't allow empty user names, even on platforms where that's supported.
• Its debugging output on Ambiguous errors provided no information about the underlying platform credentials.

The first issue was just a bug, now fixed.

The second issue stemmed from the fact that platform-independent code couldn't get at the details of the underlying platform-specific credentials. To fix this, the CredentialAPI had to be extended to provide access to the underlying platform credential's implementation of the std::fmt::Debug trait, and each of the keying credential stores extended to implement the new API.

To make this API extension backward-compatible, a default implementation was provided that did what the former code did: it revealed nothing. But that allows this release to be a SerVer-compatible dot release, rather than a major release.

v3.0.5: update docs and clean up dead code

As reported in #132, using the secret-service asynchronously via the keyring wrapper can lead to deadlocks. The docs have been updated to make this clear, and a recommendation has been added to use the sync-secret-service feature so as to avoid any issues related to async runtimes, even if the calling app may already be asynchronous.

While this fix was being made, it was discovered that new clippy lints in Rust 1.80 had been added. These lints revealed some dead code related to windows testing, and some documentation that was "legal" per the markdown spec but slightly ambiguous in intent. Both of these other issues were also fixed.

There are no code changes in this release relative to v3.0.4.

v3.0.4: expose cross-platform module alias

As reported in #197, there's no way for a client to access an instance of the default credential builder with platform-independent code. This releases fixes that oversight, and provides an example as part of the documentation of the credential module.