All changes to this project are documented in this file.
This project adheres to Semantic Versioning, except that – as is typical in the Rust community – the minimum supported Rust version may be increased without a major version increase.
Do not manually edit this file. It will be automatically updated when a new release is published.
17 September 2024
- Fix error when trying to sign BMFF content with Builder. (#582)
12 September 2024
- upgrades to [email protected], preventing panic on invalid riff files (#579)
- EC signature DER support (#581)
- Update base64 requirement from 0.21.2 to 0.22.1 in /sdk (#519)
- (MINOR) Rust API enhancements and fixes. (#575)
- Fix GIF off by one with XMP (#562)
30 August 2024
- (MINOR) Fragmented BMFF media (#572)
29 August 2024
- Depend on url crate version 2.5.2 or newer (#573)
17 August 2024
- Inline certs for wasm test signer (#564)
15 August 2024
- Bmff write fix (#552)
- Fix remote embedding RIFF when specifying mime type (#551)
- Fix data hash out of bounds when using placeholder beyond stream length (#546)
- Adds embeddable apis and remote_url/no_embed options (#537)
- export_schema: add unstable_api feature (#542)
- Ingredient checks (#529)
- Add base_path field to Builder (#539)
- Export
AssertionDefinition
andActionTemplate
in public API (#522)
30 July 2024
- Use timestamp with OpenSSL validation to prevent check chain check er… (#531)
- Fix GIF
remove_cai_store_from_stream
behavior (#524)
26 July 2024
- Update crate to fix bad certificate dump content (#525)
- Introduce a mutex around the FFI calls to OpenSSL (#516)
- Bump bcder minimum version to 0.7.3 (#526)
- (MINOR) Updates needed for v2 JavaScript SDK (#521)
- Add region of interest assertion definition (#506)
- Fix CI tests (#520)
- Builder Archive update (#507)
- Update range-set requirement from 0.0.9 to 0.0.11 in /sdk (#442)
- Make sure reading past end of JUMBF box is an error (#518)
- added final details (#517)
18 July 2024
- Ensure Ingredient data_types make it to the store and back. (#514)
- draft security md (#508)
- Make data_types field optional when serializing data-box-map (#512)
- Fix box hash placeholder len (set to 1) (#511)
- Set data box placeholder len to at least 1 for GIF (#510)
- Rewind mp3 streams when reading/writing (#509)
- Update README.md (#351)
- Add GIF support (#489)
- Update image requirement from 0.24.7 to 0.25.1 in /make_test_images (#445)
- Upgrade uuid to 1.7.0 & fix removed wasm-bindgen feature (#450)
- Expose
SignatureInfo
publicly (#501) - Cleanup empty/unused files + lints (#500)
15 July 2024
- Fetching of databoxes must always use HashedURI to enforce hash checks. (#505)
- Temporarily allow unused
JsonAssertionData
to fix unused error in CI (#498) - Add remote manifest support to MP3 (#496)
28 June 2024
25 June 2024
- Add data_type (future) to Ingredient_V2 (#490)
- Let's not assume that third-party assertions are using serde_cbor (#491)
24 June 2024
19 June 2024
- Add iterators over manifests and resources in unstable API (#482)
- OCSP certificate should be valid at signing time (#481)
- url crate version 2.5.1 introduces new license "Unicode-3.0" (#483)
- Implement
Debug
w/ detailed manifest forReader
(#473) - Bump MSRV to 1.74 (#478)
- Allow empty Merkle proof for last leaf node. (#470)
10 May 2024
- Steps toward removing RemoteSigner APIs. (#466)
07 May 2024
- (Minor) Additional unit tests and fixes for injection (or previously untested) issues. (#464)
- Expose authoring support in WASM (#369)
- Move signer to first parameter on Builder.sign (#457)
- Gpeacock/embed_remote_settings (#460)
- (MINOR) Removes xmp_write feature and xmp_toolkit (#461)
- Async Signer: add support for async OCSP call (#458)
- Use cargo test in CI (#459)
- (MINOR) Initial V2 API work (#437)
05 April 2024
- Add
video/quicktime
to the list of BMFF MIME types (#441) - Streaming XMP write support for PNG (#439)
03 April 2024
- Fixed temp file auto delete (#438)
- Add
Sync
trait toTrustHandlerConfig
(#440) - remove file_io dependency on fetch_remote_manifests (#434)
- Remove verify after signing when compiling without openssl (#404)
- Streaming write support for BMFF (#435)
- Added support for XMP streaming writes for TIFF/DNG (#433)
- Implements embed_reference_to_stream for jpeg (#430)
25 March 2024
- Adds Action changes field as option vec of serde_json value (#431)
13 March 2024
- (MINOR) Adds Send trait to TrustHandlerConfig (#426)
12 March 2024
- Roll back rasn-* version requirements since 0.12.6 was yanked (#425)
12 March 2024
- Adds a Manifest::composed manifest method (#424)
- Allow cert dump to work in WASM (#420)
- Update minimum dependency of rasn-* crates (#423)
08 March 2024
- Fix include_byte references that were not available in external crate builds
08 March 2024
- (MINOR) Remove testing function that was inadvertently public (#421)
08 March 2024
- Trust support (#415)
08 March 2024
- add a thumb resource when referencing an embedded uri (#419)
07 March 2024
- Adds Manifest.remote_manifest_url() (CAI-5437) (#418)
- Fix use of deprecated method
chrono::NaiveDateTime::timestamp
(#417) - Fix up some random typos. (#353)
26 February 2024
- SDK configuration settings support (infrastructure) (#408)
- Support streaming writes for TIFF (#410)
- Fixed typo in comment (#409)
- (MINOR) Update
xmp_toolkit
to v1.7.1, remove Ring dependency, fix build errors (#407) - Crate udate to fix jpeg parsing error (#402)
- allows builds to pass (#403)
- Ocsp support (#371)
06 February 2024
- Finish async signing implementation for cose_sign (#370)
- adds read_cai test for PDF with content credentials (#366)
- [IGNORE] README edits (#356)
- Update ci.yml
- Remove deprecated twoway crate (#361)
- Fix response strings for BMFF and Box hash statuses (#360)
- Restore correct 1.3 CoseSign1 headers (#359)
- Openssl update to version 3.x (#357)
- Add support for ARW and NEF (#355)
04 December 2023
- CAI-5041 Clear Windows temp attribute (#352)
22 November 2023
- Remove Blake3 dependency from c2pa-rs (#348)
21 November 2023
- Fix PDF reading of manifest from wrong key (#346)
17 November 2023
- readme update (#345)
- Add support for embeddable manifests with RemoteSigner (#344)
- Blake build fix (#343)
- Update image crate dependency and limit features (#341)
- Bump xmp_toolkit requirement to 1.6 (#339)
- Disable Windows builds with latest Rust version (#342)
01 November 2023
- (PATCH) switches af relationship for a reference to the c2pa data to an array of references, one of which is the c2pa spec (#333)
- Restore async versions of embed functions (#327)
- (MINOR) Support databox thumbnails CAI-4142 (#325)
- (MINOR) Reuse claim thumbnail as ingredient thumbnail if the store is valid (#322)
- (MINOR) Use JUMBF URIs for ManifestStore identifiers (#323)
- Add ManifestStore::from_stream (#319)
- Adds embed_to_stream (#313)
04 October 2023
- Support for validating JPEGs that contain MPF (multi-picture format). (#317)
- Add ability to customize HTTP headers on timestamp request to Signer and AsyncSigner traits (#315)
- Add all of the MIME types that are associated with WAV files (#316)
- Allow MS_C2PA_SIGNING OID to pass (#314)
29 September 2023
- supports removal of manifests from pdf (#312)
- Support for MP3 (#295)
- (MINOR) Signer can call timestamp authority directly (#311)
- implements pdf read support (#309)
13 September 2023
- Add support for default SVG MIME type (#305)
- Support for writing and reading manifest data from simple PDFs (without incremental updates or signatures) (#249)
- Increase actix requirement to 0.13.1 (#304)
- (MINOR) Expose HashRange (#300)
- Lock openssl-sys version to 0.9.92 (#302)
- Update links to C2PA spec to 1.3 (#292)
- Error saving stream writes (#290)
- Fix for overly harsh checks when checking Merkle trees. (#289)
02 August 2023
- Adds a way to force no claim thumbnail generation (#288)
- adds ManifestStoreReport::cert_chain_from_bytes (#286)
14 July 2023
14 July 2023
- (MINOR) User, UserCbor and Uuid assertions removed from SDK (#141)
- Fix for #195 make_test_images missing ingredient references (#254)
- Return ResourceNotFound instead of NotFound for resource get (#279)
- (MINOR) Minor improvements for Wasm and Node.js interoperability (#276)
- Fix iloc extent_offsets when offset_size is 0 (#277)
- (MINOR) Converts DataHash and BoxHash methods to use RemoteSigner instead of AsyncSigner (#280)
- (MINOR) Embeddable manifest support (#266)
- Repair CI tests (#278)
21 June 2023
- (MINOR) force minor version change (#273)
21 June 2023
- Bump minor version and update README.md (#272)
- Updates (#270)
- Add
Send
toCAIRead
trait so that it can be used across threads (#271) - Generate old COSE headers for temporary backwards support (#269)
19 June 2023
- Fix for returning input stream data when using
embed_from_memory
(#268)
13 June 2023
- Remove no-default ci test (#259)
- includes the cert serial number in the ValidationInfo output (#263)
- adds ManifestStoreReport::cert_chain (#265)
- Update Timestamp message imprint to include entire protected header (#264)
09 June 2023
- Box hash support (#261)
- Fix timestamp Accuracy decoding (#262)
- Make remote manifest handling consistent across input types (#260)
- (MINOR) Support for Ingredients V2 and Actions V2 (#258)
- Generate and validate 1.3 Cose signatures (#256)
- Add type exports via JSON Schema (#255)
- Bmff v2 (#251)
18 May 2023
04 May 2023
- (MINOR) Added ResourceNotFound error (#244)
03 May 2023
- backed out calls to set_memory_thumbnail (#243)
- Revert "backed out calls to set_memory_thumbnail"
- backed out calls to set_memory_thumbnail This was causing thumbnail files to not be generated.
24 April 2023
- Fixes bug in Ingredient_from_stream_info (#241)
20 April 2023
- Ingredient async and thumbnail support (#240)
- Update actix requirement from 0.11.0 to 0.13.0 in /sdk (#209)
- Update uuid requirement from 0.8.1 to 1.3.1 in /sdk (#237)
- Upgrade x509-parser to 0.15.0 (#229)
- Add support for ARM on Linux (#233)
05 April 2023
- (MINOR) SVG support (#226)
- (MINOR) Update several X509-related crate dependencies (#225)
- Update thiserror to 1.0.40 in /sdk (#223)
- Avoid chrono's transitive dependency on time crate (#222)
- Require openssl >0.10.48 to address multiple RUSTSEC warnings (#221)
- Apply code format to doc comments (#220)
28 March 2023
- Update README (#215)
23 March 2023
- Makefile update (#213)
- Streaming enhancement (#212)
- Adds base_path_take to ResourceStore (#205)
- Add write support for HEIC, HEIF, AVIF (#210)
- (MINOR) Riff support with refactored AssetIO (#203)
- (MINOR) Resource format and is_parent / relationship changes (#202)
- Fix hash algo warning in Wasm and hashing for RSA-PSS SHA-384/512 (#206)
- Derive impl of Default for Relationship enum (#204)
07 March 2023
02 March 2023
- Fix issue where value was inadvertently included in Exclusion structure (#197)
- (MINOR) Bump MSRV to 1.63.0 (#198)
- Fixed unit test failure (invalid unique name generation). (#190)
22 February 2023
- Disable mdat exclusion (#187)
- Bmff v2 (#186)
- Fix for using non-c2pa segment when add required segments (#185)
- Update Ingredient and VC hashes to 1.2 spec (#184)
- (MINOR) Create a ResourceStore for binary assets (#180)
- Fix Clippy warnings from new Rust 1.67 (#182)
- Visualizations (#163)
19 December 2022
- Update xmp-toolkit from 0.6.0 to 1.0.0 (#165)
- Prepare 0.16.1 release
- Address new Clippy warnings for Rust 1.66 (#164)
- Create external manifests for unknown types (#162)
19 December 2022
03 December 2022
- Updates some cargo dependencies (#159)
- makes manifest#add_redaction public; adds test (#156)
- Fixes support for instanceId on action and generate parameters.ingredient field when possible (#158)
- Support digitalSourceType field in Action (#154)
- (MINOR) Add sign feature for signing manifests without file I/O (#125)
- TIFF/DNG support (#152)
09 November 2022
- Fix bad error response when manifest is stripped (#153)
- (MINOR) Bump MSRV to 1.61 (#142)
- Fix new Clippy warnings generated by Rust 1.65 (#151)
- Build infrastructure improvements (#150)
- Fix manifest.set_thumbnail when add_thumbnails is enabled (#148)
- Fix for XMP links being mistaken for remote URLs (#147)
- Upgrade xmp_toolkit to 0.6.0 (#146)
- create jpeg thumbnails for pngs without alpha (#145)
- Add test_embed_with_ingredient_err (#134)
04 October 2022
23 September 2022
- (MINOR) Remove previously embedded manifests for remote manifests (#136)
- (MINOR) Add support for manifest removal (#123)
21 September 2022
- manifest_data was missing for remote manifests (#135)
13 September 2022
- Add ManifestStore::from_manifest_and_asset_bytes_async (#130)
26 August 2022
- Add RemoteManifestUrl Error, returning url (#120)
- Convert status_log error val to a string so that we can return full errors (#121)
- Report failures from remote manifest fetch (#116)
- Fast XMP extraction from PNG (#117)
- Bump MSRV to 1.59.0 (#118)
- Make sure there is a single manifest store in the asset (#114)
- (MINOR) Switch to "lib" for crate-type (#113)
16 August 2022
- Update C2PA manifest store mime type (#112)
- Updates Manifest API to support remote and external manifests (#107)
- Support validating remote and external manifest stores (#108)
- Fix build error when xmp_write is not defined (#105)
- Fix box order for BMFF (#104)
- Added support for external manifests (#101)
03 August 2022
- Remove inadvertent 1.0.0 release from changelog (#97)
- Treat 'meta' box as standard container (#95)
- Fix for
sign_claim
masking error (#96)
01 August 2022
- Bug fix: Ingredients with valid claims not reporting correct thumbnails (#94)
- Update
make_test_images
to use timestamp authority (#90) - Fix bad response for case when there is no timestamp (#89)
21 July 2022
- (MINOR) Add support for remotely generated CoseSign1 signatures (#87)
- Optimize performance of large assets (#84)
20 July 2022
- Add Unicode license to allow-list (#85)
- (MINOR)
IngredientOptions
allow override of hash and thumbnail generation; image library is now a default feature (#79)
19 July 2022
- Fix publish workflow (#82)
19 July 2022
- (MINOR) Introduce a new
SigningAlg
enum (#76) - Support for asynchronous signing of claims (#57)
- Adds an add_validation_status method to Ingredient (#68)
15 July 2022
- Use rsa crate for RSA-PSS verification in Wasm (#77)
15 July 2022
- Add a new API to provide access to COSE signing logic for external signers (#75)
- (MINOR) Move crate-level functions for creating signers to new public
create_signer
mod (#72)
14 July 2022
- Fix broken documentation build (#74)
14 July 2022
- Configure docs.rs to include feature-gated items (#73)
- Update XMP Toolkit to 0.5.0 (#71)
- Refactor code to limit memory usage and remove data copies during hash generation (#67)
29 June 2022
- (MINOR) Return specific errors for FileNotFound and UnsupportedType (#62)
28 June 2022
- Fix up changelog noise
- Fix bug with multiple ingredients in
Manifest::from_store
(#61)
28 June 2022
- (MINOR) Initial BMFF support (#39)
23 June 2022
- Return assertion instance values starting at
1
instead of2
(#60)
22 June 2022
- Update thumbnail to be
Vec<u8>
, add serialization feature (#59) - Adds xmp_write feature to make xmp-toolkit inclusion optional (#53)
20 June 2022
- (MINOR) Add asset attribute getters for manifest (#56)
- (MINOR) Remove temp_signer from sdk; update docs and examples to use get_signer_from_files (#52)
- (MINOR) Clean up client example; update actions and schema (#51)
16 June 2022
- Fix bug in updating crate reference in README (#50)
16 June 2022
- Fix bug in Cargo.toml updates (#49)
16 June 2022
- Add status badges for CI validation, crates.io, and code coverage (#46)
- Remove self-signed end-entity cert support (#48)
- Add rustfmt toml to get edition 2018 formatting (#36)
- (MINOR) Update from_bytes(_async) to return a Result (#43)
- Adjust temp signer reserved sizes to account for large timestamps (#45)
- Fix bug in verify_from_buffer (#44)
- Remove cargo edit from publish workflow (#42)
- Apply fix from c2patool publish workflow (#40)
- Remove need for using OpenSSL to generate certs by using pre-generated certs (#41)
- Update README and pull request template with formatting changes (#38)
08 June 2022
- Make most jumbf_io functions crate private and move Store dependencies to Store (#37)
- Remove c2patool source now that it's in its own repo (#35)
- (MINOR) Update ManifestAssertion supporting instances (#34)
- Export top level signing functions, hide other signature details (#32)
- Add documentation for the
Actions
andMetadata
assertions (#30) - Rework how c2patool is configured (#28)
- Convert make_tests into a scriptable engine; rename to make_test_images (#29)
- Update thiserror requirement from >= 1.0.20, < 1.0.26 to >= 1.0.20, < 1.0.32 in /sdk (#9)
- Update base64 requirement from 0.12.2 to 0.13.0 in /sdk (#10)
- Update range-set requirement from 0.0.7 to 0.0.9 in /sdk (#13)
- Make Assertions opaque in the public SDK (#22)
- Update c2pa requirement from 0.1 to 0.2 in /c2patool (#23)
26 May 2022
- Fix dependency reference from c2patool crate to c2pa crate (#21)
- (MINOR) Detailed API review for Ingredient struct (#17)
26 May 2022
26 May 2022
- No-op change to verify correct handling of PR numbers (#19)
- Fix error in formatting changelog
- Fix missing links in changelog
26 May 2022
- Add Makefile for local testing (#18)
- Add workflow for automatically releasing c2pa crate (#16)
- Reduce fixtures size (#15)
- Add codecov.io integration (#4)
- Configure dependabot (#8)
- Configure dependabot (#7)
- Remove unnecessary steps from cargo-deny job (#6)
- Update to latest GH Actions checkout action (#5)
- Change ring license hash to decimal (#3)
23 May 2022
- Initial public release