Automatic release updating embedded log_list.json and log_list.sig
v2.0.0
What's Changed
Library now uses the v3 schema for the Certificate Transparency log list. This has allowed caching to be re-worked and made more robust. A failover copy of the log list is now embedded in the library so is always available. The new schema also helps reduce the risk of replay attacks.
The certificate transparency policy has been updated to match the latest Chrome policy which generally requires fewer SCT entries.
BouncyCastle has been removed from the library which removes perceived security vulnerabilities in code within BC that we don't use.
While not generally recommended the library has been updated to allow installation of CT checks by multiple libraries using Java Security Providers. Specific guidance of this use case has been added for SDK developers.
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
dependabot[bot]
commented
1 year ago
Bumps com.appmattus.certificatetransparency:certificatetransparency-android from 1.1.1 to 2.0.1.
Release notes
Sourced from com.appmattus.certificatetransparency:certificatetransparency-android's releases.
Commits
6717844Auto-release library every Wednesday (#73)4e6be4aAuto update log_list.json and log_list.siga80ce94Update publishing task following plugin upgrades7c6f27bMerge branch 'main' of https://github.com/appmattus/certificatetransparency266485fRemove unnecessary permission37dcfa4Reset time for log list update job back to 2pmb24edcfAuto update log_list.json and log_list.sig114295eUse custom token for log list update job7bcf198Reset log_list upload time back to 2pma52c330Ensure log list update job has correct permissionsDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)