Automatic release updating embedded log_list.json and log_list.sig
v.2.2.0
Fixes to ASN.1 parser which was previously crashing for some certificates.
Fixes distinct operator rules to only need 2
v2.1.3
Automatic release updating embedded log_list.json and log_list.sig
v2.1.2
Automatic release updating embedded log_list.json and log_list.sig
v2.1.1
Automatic release updating embedded log_list.json and log_list.sig
v2.1.0
Bug fix to ensure the backup resources cache is actually used. Thanks to @HylkeB for the original bug report and fix code.
v2.0.1
Automatic release updating embedded log_list.json and log_list.sig
v2.0.0
What's Changed
Library now uses the v3 schema for the Certificate Transparency log list. This has allowed caching to be re-worked and made more robust. A failover copy of the log list is now embedded in the library so is always available. The new schema also helps reduce the risk of replay attacks.
The certificate transparency policy has been updated to match the latest Chrome policy which generally requires fewer SCT entries.
BouncyCastle has been removed from the library which removes perceived security vulnerabilities in code within BC that we don't use.
While not generally recommended the library has been updated to allow installation of CT checks by multiple libraries using Java Security Providers. Specific guidance of this use case has been added for SDK developers.
⚠️ Breaking Changes
Dependency updates including:
Kotlin 1.8.10
Requires desugaring to be enabled to work on Android 7 (API 25) or lower.
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
dependabot[bot]
commented
1 year ago
Bumps com.appmattus.certificatetransparency:certificatetransparency-android from 1.1.1 to 2.2.1.
Release notes
Sourced from com.appmattus.certificatetransparency:certificatetransparency-android's releases.
Commits
30ef24cAuto update log_list.json and log_list.sigbd567f3Auto update log_list.json and log_list.sig400b2b6Auto update log_list.json and log_list.sig6c94cc7Auto update log_list.json and log_list.siga0c2ef2Fix reading ASN.1 length field plus more robust tests (#84)3841fe9Auto update log_list.json and log_list.sig9814f27Auto update log_list.json and log_list.sigac3b1cfAuto update log_list.json and log_list.sig7ed1ca1Auto update log_list.json and log_list.sig5a43db0Auto update log_list.json and log_list.sigDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)