v0.22.2

- Allow specifying the device transfer private key serialization format for iOS

v0.22.1

- Refined the Java API for usernames (keeping compatibility with
  v0.22.0)
- Implemented IAS signature verification for iOS

v0.22.0

- usernames: A new library to support Signal’s opaque “username hashes”
- attest: Add a new enclave, with support for v4 of the DCAP PCS API

Android + Server

- Support for Android KitKat has been dropped
- Testing on Windows should now work

iOS

Use as a CocoaPod now depends on prebuilt Rust binaries that can be fetched from build-artifacts.signal.org. This requires adding

    ENV['LIBSIGNAL_FFI_PREBUILD_CHECKSUM'] = '...'

to the consuming Podfile. The referenced archives are downloaded to ~/Library/Caches/org.signal.libsignal, and are unarchived as part of the build.

- ScannableFingerprint.compare now correctly takes an opaque collection of bytes to compare against rather than another fingerprint object (which could only be created on the current device)
- APIs for AES-256-CTR and AES-256-GCM have been added
- The API for AES-256-GCM-SIV is now more idiomatic

Desktop

- Building for 32-bit ARM Linux should work again

v0.21.1

- attest: add INTEL-SA-00657 to acceptable advisories
- Java: Change SenderCertificate#getSender to always return UUID

v0.21.0

- attest: Reject reports, even if valid, that contain all zeros in
  report data
- zkgroup: Removed v1 presentations
- iOS: Bump minimum supported iOS version to 12.2

v0.20.0

- Fix Android 4.4 compatibility
- attest: require dcap enclaves to not be in debug mode
- zkgroup: Move AuthCredential redemption time checking down to Rust.
  Only affects the server APIs
  - Java: removes zkgroup's InvalidRedemptionTimeException
  - Swift/Node: AuthCredential redemption times were not checked before
    by the Swift/Node zkgroup server APIs; now they are.

v0.19.3

- attest: CDS2 verification now checks that the quote collateral is
  valid at some point in the future (currently 24h) rather than now,
  mainly to address clock skew on the local device.

- attest: An API has been added for libsignal-server to extract
  attestation metrics from serialized evidence and endorsements.

v0.19.2

- device-transfer: Encoded private keys once again use PKCS#8 DER.
- Node: Restored compatibility with Apple Silicon Macs on NPM.
- Node: Restored compatibility with Ubuntu 16 on NPM.

v0.19.1

Fix the Docker build, and remove the dependency on the cargo-ndk tool.
No functionality change in libsignal itself.

v0.19.0

Intel DCAP-based attestation is now fully implemented for CDS2! The
"NOT_FOR_PRODUCTION" static methods on CdsiClient have been replaced
by normal constructors in Java and Swift and a plain 'new' method in
TypeScript.

Additional changes:

- attest and device-transfer now depend on the 'boring' crate, which
  wraps BoringSSL. This may complicate cross-compilation; only
  Signal's supported platforms have been tested, plus light testing
  of Arm64 Windows and Linux.

- Node: Expose missing IdentityKeyPair.deserialize().

- zkgroup: the generate-server-params binary target allows updating
  your private server parameters in a backwards-compatible way. Only
  useful if you run your own group server.

- Rust: in libsignal-protocol, device IDs and pre-key IDs now use
  strongly-typed wrapper structs rather than plain integers.