Skip to content

Navigation Menu

Appearance settings

Explore
By company size
By use case
By industry
View all solutions
Topics
- AI
- DevOps
- Security
- Software Development
- View all
Explore
- GitHub Sponsors
  Fund open source developers
- The ReadME Project
  GitHub community articles
Repositories
- Enterprise platform
  AI-powered developer platform
Available add-ons
Pricing

Search code, repositories, users, issues, pull requests...

Search

Clear

Search syntax tips

Provide feedback

We read every piece of feedback, and take your input very seriously.

Include my email address so I can be contacted

Saved searches

Use saved searches to filter your results more quickly

Name

Query

To see all available qualifiers, see our documentation.

Appearance settings

You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session. You switched accounts on another tab or window. Reload to refresh your session.

Dismiss alert

Yubico / java-webauthn-server Public

Notifications You must be signed in to change notification settings
Fork 159
Star 513

Code
Issues 19
Pull requests 2
Discussions
Actions
Security
Insights

Additional navigation options

Code
Issues
Pull requests
Discussions
Actions
Security
Insights

Releases: Yubico/java-webauthn-server

Releases · Yubico/java-webauthn-server

Version 1.7.0

19 Oct 16:26

emlun

This tag was signed with the committer’s verified signature. The key has expired.

emlun Emil Lundberg

GPG key ID: B9C3C1205DB091E2

Expired

Verified

Learn about vigilant mode.

This commit was signed with the committer’s verified signature. The key has expired.

emlun Emil Lundberg

GPG key ID: B9C3C1205DB091E2

Expired

Verified

Learn about vigilant mode.

Compare

Choose a tag to compare

Loading

Version 1.7.0

webauthn-server-attestation:

Updated name of AAGUID 2fc0579f811347eab116bb5a8db9202a to "YubiKey 5/5C NFC"
Changed name of "YubiKey 5 Series security key" to "YubiKey 5 Series"

webauthn-server-core:

Changes:

Fixed crash on unknown attestation statement formats
- Unless RelyingParty.allowUntrustedAttestation is set to false, unknown attestation statements will now pass as untrusted attestations, instead of throwing an IllegalArgumentException.
Disambiguated Jackson deserialization of class AuthenticatorTransport

New features:

Class RegisteredCredential can now be serialized to and deserialized from JSON.

Artifacts built with openjdk 11.0.8 2020-07-14.

Assets 4

Loading

Uh oh!

There was an error while loading. Please reload this page.

All reactions

Pre-release 1.7.0-RC1

05 Oct 14:58

emlun

This tag was signed with the committer’s verified signature. The key has expired.

emlun Emil Lundberg

GPG key ID: B9C3C1205DB091E2

Expired

Verified

Learn about vigilant mode.

This commit was signed with the committer’s verified signature. The key has expired.

emlun Emil Lundberg

GPG key ID: B9C3C1205DB091E2

Expired

Verified

Learn about vigilant mode.

Compare

Choose a tag to compare

Loading

Pre-release 1.7.0-RC1 Pre-release

Pre-release

Changes:

Fixed crash on unknown attestation statement formats
- Unless RelyingParty.allowUntrustedAttestation is set to false, unknown attestation statements will now pass as untrusted attestations, instead of throwing an IllegalArgumentException.

New features:

Class RegisteredCredential can now be serialized to and deserialized from JSON.

Artifacts built with openjdk 11.0.8 2020-07-14.

Assets 4

Loading

Uh oh!

There was an error while loading. Please reload this page.

All reactions

Version 1.6.4

26 Jun 11:38

emlun

This tag was signed with the committer’s verified signature. The key has expired.

emlun Emil Lundberg

GPG key ID: B9C3C1205DB091E2

Expired

Verified

Learn about vigilant mode.

This commit was signed with the committer’s verified signature. The key has expired.

emlun Emil Lundberg

GPG key ID: B9C3C1205DB091E2

Expired

Verified

Learn about vigilant mode.

Compare

Choose a tag to compare

Loading

Version 1.6.4

Changed dependency declarations to version ranges
Bumped Guava dependency to version [24.1.1,30) in response to CVE-2018-10237

Artifacts built with openjdk 11.0.7 2020-04-14.

Assets 4

Loading

Uh oh!

There was an error while loading. Please reload this page.

All reactions

Version 1.6.3

25 May 16:29

emlun

This tag was signed with the committer’s verified signature. The key has expired.

emlun Emil Lundberg

GPG key ID: B9C3C1205DB091E2

Expired

Verified

Learn about vigilant mode.

This commit was signed with the committer’s verified signature. The key has expired.

emlun Emil Lundberg

GPG key ID: B9C3C1205DB091E2

Expired

Verified

Learn about vigilant mode.

Compare

Choose a tag to compare

Loading

Version 1.6.3

webauthn-server-attestation:

Added new YubiKey AAGUIDs to metadata.json

webauthn-server-core:

Bumped Jackson dependency to version 2.11.0 in response to CVEs:
Fixed incorrect JavaDoc on AssertionResult.isSignatureCounterValid(): it will also return true if both counters are zero.

Artifacts built with openjdk 11.0.6 2020-01-14.

Assets 4

Loading

Uh oh!

There was an error while loading. Please reload this page.

All reactions

Pre-release 1.6.3-RC1

07 May 16:09

emlun

This tag was signed with the committer’s verified signature. The key has expired.

emlun Emil Lundberg

GPG key ID: B9C3C1205DB091E2

Expired

Verified

Learn about vigilant mode.

This commit was signed with the committer’s verified signature. The key has expired.

emlun Emil Lundberg

GPG key ID: B9C3C1205DB091E2

Expired

Verified

Learn about vigilant mode.

Compare

Choose a tag to compare

Loading

Pre-release 1.6.3-RC1 Pre-release

Pre-release

webauthn-server-attestation:

Added new YubiKey AAGUIDs to metadata.json

webauthn-server-core:

Bumped Jackson dependency to version 2.11.0 in response to CVEs:
Fixed incorrect JavaDoc on AssertionResult.isSignatureCounterValid(): it will also return true if both counters are zero.

Artifacts built with openjdk 11.0.6 2020-01-14.

Assets 4

Loading

Uh oh!

There was an error while loading. Please reload this page.

All reactions

Version 1.6.2

30 Mar 10:29

emlun

This tag was signed with the committer’s verified signature. The key has expired.

emlun Emil Lundberg

GPG key ID: B9C3C1205DB091E2

Expired

Verified

Learn about vigilant mode.

This commit was signed with the committer’s verified signature. The key has expired.

emlun Emil Lundberg

GPG key ID: B9C3C1205DB091E2

Expired

Verified

Learn about vigilant mode.

Compare

Choose a tag to compare

Loading

Version 1.6.2

Fixed dependencies missing from release POM metadata

Artifacts built with openjdk 11.0.6 2020-01-14.

Assets 4

Loading

Uh oh!

There was an error while loading. Please reload this page.

All reactions

Version 1.6.1

05 Mar 16:16

emlun

This tag was signed with the committer’s verified signature. The key has expired.

emlun Emil Lundberg

GPG key ID: D8588A5844E2A774

Expired

Verified

Learn about vigilant mode.

This commit was signed with the committer’s verified signature. The key has expired.

emlun Emil Lundberg

GPG key ID: D8588A5844E2A774

Expired

Verified

Learn about vigilant mode.

Compare

Choose a tag to compare

Loading

Version 1.6.1

Security fixes:

Bumped Jackson dependency to version 2.9.10.3 in response to CVE-2019-20330 and CVE-2020-8840

Artifacts built with openjdk 11.0.6 2020-01-14.

Assets 4

Loading

Uh oh!

There was an error while loading. Please reload this page.

All reactions

Version 1.6.0

22 Nov 17:09

emlun

This tag was signed with the committer’s verified signature. The key has expired.

emlun Emil Lundberg

GPG key ID: D8588A5844E2A774

Expired

Verified

Learn about vigilant mode.

This commit was signed with the committer’s verified signature. The key has expired.

emlun Emil Lundberg

GPG key ID: D8588A5844E2A774

Expired

Verified

Learn about vigilant mode.

Compare

Choose a tag to compare

Loading

Version 1.6.0

Security fixes:

Bumped Jackson dependency to version 2.9.10.1 which has patched CVE-2019-16942

webauthn-server-core:

Bug fixes:

Fixed bug introduced in 1.4.0, which caused RegistrationResult.attestationMetadata to always be empty.

webauthn-server-attestation:

New enum constant Transport.LIGHTNING
Fixed transports field of YubiKey NEO/NEO-n in metadata.json.
Added YubiKey 5Ci to metadata.json.
Most deviceUrl fields in metadata.json changed to point to stable addresses in Yubico knowledge base instead of dead redirects in store.

Artifacts built with JDK 11.

Assets 4

Loading

Uh oh!

There was an error while loading. Please reload this page.

All reactions

Pre-release 1.6.0-RC1

08 Nov 18:21

emlun

This tag was signed with the committer’s verified signature. The key has expired.

emlun Emil Lundberg

GPG key ID: D8588A5844E2A774

Expired

Verified

Learn about vigilant mode.

This commit was signed with the committer’s verified signature. The key has expired.

emlun Emil Lundberg

GPG key ID: D8588A5844E2A774

Expired

Verified

Learn about vigilant mode.

Compare

Choose a tag to compare

Loading

Pre-release 1.6.0-RC1 Pre-release

Pre-release

Security fixes:

Bumped Jackson dependency to version 2.9.10.1 which has patched CVE-2019-16942

webauthn-server-core:

Bug fixes:

Fixed bug introduced in 1.4.0, which caused
RegistrationResult.attestationMetadata to always be empty.

webauthn-server-attestation:

New enum constant Transport.LIGHTNING
Fixed transports field of YubiKey NEO/NEO-n in metadata.json.
Added YubiKey 5Ci to metadata.json.
Most deviceUrl fields in metadata.json changed to point to stable addresses in Yubico knowledge base instead of dead redirects in store.

Artifacts built with JDK 11.

Assets 4

Loading

Uh oh!

There was an error while loading. Please reload this page.

All reactions

Version 1.5.0

01 Nov 15:04

emlun

This tag was signed with the committer’s verified signature. The key has expired.

emlun Emil Lundberg

GPG key ID: D8588A5844E2A774

Expired

Verified

Learn about vigilant mode.

This commit was signed with the committer’s verified signature. The key has expired.

emlun Emil Lundberg

GPG key ID: D8588A5844E2A774

Expired

Verified

Learn about vigilant mode.

Compare

Choose a tag to compare

Loading

Version 1.5.0

Changes:

RelyingParty now makes an immutable copy of the origins argument, instead of storing a reference to a possibly mutable value.
The enum AuthenticatorTransport has been replaced by a value class containing methods and value constants equivalent to the previous enum.
The return type of PublicKeyCredentialDescriptor.getTransports() is now a SortedSet instead of Set. The builder still accepts a plain Set.
Registration ceremony now verifies that the returned credential public key matches one of the algorithms specified in RelyingParty.preferredPubkeyParams and can be successfully parsed.

New features:

Origin matching can now be relaxed via two new RelyingParty options:
- allowOriginPort (default false): Allow any port number in the origin
- allowOriginSubdomain (default false): Allow any subdomain of any origin listed in RelyingParty.origins
- See JavaDoc for details and examples.
The new AuthenticatorTransport can now contain any string value as the transport identifier, as required in the editor's draft of the L2 spec. See: w3c/webauthn#1275
Added support for RS1 credentials. Registration of RS1 credentials is not enabled by default, but can be enabled by setting RelyingParty.preferredPubKeyCredParams to a list containing PublicKeyCredentialParameters.RS1.
- New constant PublicKeyCredentialParameters.RS1
- New constant COSEAlgorithmIdentifier.RS1

Artifacts built with JDK 11.

Assets 4

Loading

Uh oh!

There was an error while loading. Please reload this page.

All reactions

Previous 1 2 … 7 8 9 10 11 12 Next

Footer

© 2025 GitHub, Inc.

Footer navigation

Terms
Privacy
Security
Status
Docs
Contact

You can’t perform that action at this time.