# CHANGELOG All notable changes to this project will be documented in this file. The format is based on Keep a Changelog and this project adheres to Semantic Versioning. ## [0.7.0] - 2025-05-18 ### Added - [Wax.Challenge] Add the `bytes` option that allows passing custom bytes to the challenge ### Changed - [Wax] Options passed to the `Wax` module functions now take precedence over environment - [Wax] Origin can now be an origin string (as before) or a list of origins (new) against which the client data origin is checked ### Removed - [Wax] Removed support for safetynet attestations (as it is deprecated) ## [0.6.7] - 2025-02-17 ### Fixed - Add missing option `allow_credentials` ## [0.6.6] - 2024-10-24 ### Fixed - Suppress several warnings with Elixir 1.17 & OTP 27 ## [0.6.5] - 2024-03-31 ### Fixed - [Wax] Use system time instead of monotonic time for timeout handling [(#38)](https://github.com/tanguilp/wax/issues/38) ## [0.6.4] - 2024-02-03 ### Changed - [Wax.Metadata] Relax CRL check requirements (https://github.com/tanguilp/wax/issues/36) ## [0.6.3] - 2023-06-20 ### Fixed - [Wax.AttestationStatementFormat.AndroidSafetynet] Fix erroneous alg check ## [0.6.2] - 2023-06-20 ### Added - [Wax.AuthenticatorData] Added `flag_backup_eligible` and `flag_credential_backed_up` flags ## [0.6.1] - 2023-02-20 ### Changed - [Wax] External ASN1 compiler is used (through a new dependency) that should fix issue when compiling Wax for the first time ## [0.6.0] - 2022-11-07 ### Changed - [Wax] `Wax.new_authentication_challenge/1` signature change to support *resident keys* - [Wax] `Wax.authenticate/6` signature change to support *resident keys* ## [0.5.0] - 2022-11-04 ### Changed - [Wax] Requires OTP25+ - [Wax] Supports Apple Anonymous attestation - [Wax] Returns metadata as a map conforming with [FIDO Metadata Statement](https://fidoalliance.org/specs/mds/fido-metadata-statement-v3.0-ps-20210518.html), and no longer Elixir structs - [Wax] All returned errors are exceptions - [Wax.Metadata] Wax now loads MDSv3 metadata, and no longer requires an access token - [Wax.Metadata] The `tesla` library is no longer used ## [0.4.1] - 2021-05-18 ### Fixed - [Wax.Metadata] Update root certificate for TOC integrity checking following FIDO MDSv2 switch to public PKI infrastructure ## [0.4.0] - 2020-09-26 ### Changed - [Wax.Metadata] Metadata retrieval now makes use of the Tesla library. **Beware**, Tesla's default adapter is insecure (`:https`), so you **need to configure a secure adapter**, such as Hackney, if you use MDSv2 metadata. ## [0.3.1] - 2020-09-21 ### Fixed - [Wax.Metadata.Statement] Added newly added user verification methods and attachment hints. User verification method names **have been updated** to reflect the latest specification. See `t:Wax.Metadata.Statement.user_verification_method/0` type for new values. ## [0.3.0] - 2020-09-18 ### Changed - [Wax] Renamed application to `:wax_` due to a name collision. **Do not forget** to rename any `:wax` entry in your configuration files - [Wax] secp256k1's COSE alg value set to new standardized value ## [0.2.1] - 2020-05-30 ### Fixed - [Wax.AttestationStatementFormat.TPM] Commented TPM manufacturer ID used only for testing with the FIDO2 test suite ## [0.2.0] - 2020-04-17 ### Added - [Wax] When verifying trust root, `Wax.register/3` checks the authenticator status against the values whitelisted by the `:acceptable_authenticator_statuses` option - [Wax.CoseKey] Added support for PS256, PS384, PS512, EdDSA signature schemes and ES256K (secp256k1 curve) signature algorithms - [Wax.Challenge] Added timeout field and verification - [Wax] Added `:android_key_allow_software_enforcement` option - [Wax.Metadata] FIDO2 metadata TOC checked against CRLs (#12) - [Wax] Added a mean to load metadata from a directory - [Wax] Added `:silent_authentication_enabled` option ### Changed - [Wax] `Wax.register/3` and `Wax.authenticate/5` signatures change and now return the whole authenticator data. - [Wax] the `:user_verified_required` option is replace by the `:user_verification` option ### Fixed - [Wax.Metadata] TOC JWS signature is verified against FIDO Fundation certificate