WARNING: THIS SITE IS A MIRROR OF GITHUB.COM / IT CANNOT LOGIN OR REGISTER ACCOUNTS / THE CONTENTS ARE PROVIDED AS-IS / THIS SITE ASSUMES NO RESPONSIBILITY FOR ANY DISPLAYED CONTENT OR LINKS / IF YOU FOUND SOMETHING MAY NOT GOOD FOR EVERYONE, CONTACT ADMIN AT ilovescratch@foxmail.com
Skip to content

v2.5.0

Choose a tag to compare

View all tags
@MasterKale MasterKale released this 16 Jan 23:22
· 52 commits to master since this release
v2.5.0
002e86b

Changes:

  • A new require_user_presence argument has been added to verify_registration_response() to enable verification of WebAuthn responses generated through use of conditional create where the up bit in authData.flags will be False (#236, h/t @bschoenmaeckers)
  • verify_authentication_response() has been updated to return user_verified as well to indicate whether or not the user performed user verification (#235, h/t @ggirol-rc)
  • Verification of "android-key" attestation statements has been modernized in light of Android's latest observable behavior (#240)
  • Verification of "android-safetynet" attestation statements now enforces the "basicIntegrity" flag instead of the "ctsProfileMatch" flag when determining device integrity (#241)
  • The list of known TPM manufacturers has been updated (#242)

Contributors

bschoenmaeckers and ggirol-rc
Assets 2
Loading