Skip to content

v0.4.1

Latest

Choose a tag to compare

@ascender1729 ascender1729 released this 23 Jun 19:45

Stable 0.4.1. Promotes 0.4.1rc2, with the cloud-to-OSS audit-chain known issue resolved.

Added

  • Post-quantum / hybrid signing (FIPS 204 ML-DSA-65 + Ed25519, optional [pqc] extra). Cryptosuites mldsa65-jcs-2026 and hybrid-ed25519-mldsa65-jcs-2026; the default Ed25519 path is unchanged.

Security

  • Credential verification key-binding: keys are decoded from the trust anchor (issuer.id for credentials, the server DID for presentations), closing an issuer key-substitution masquerade.
  • Fail-closed REST API auth when ATTESTIX_API_KEY is unset.
  • Dependency CVE floors (cryptography>=46.0.7, PyJWT[crypto]>=2.12.0).

Fixed

  • Cloud-to-OSS audit-chain re-verification: the importer now preserves each row's chain tenant and persists the audit chain under it, decoupled from the storage tenant, so bundles minted under a workspace UUID import and re-verify cleanly.
  • Bundle import reads the cloud vc_jsonld credential key.

585 passing tests (494 functional + 91 conformance). pip install attestix