Changes:
"android-key"attestation verification is more tolerant of X.509 leaf certificates with values that violate ASN.1 DER parsing rules (#277)- Dependencies have been updated, including
cbor2>=5.6.5,<6.0.0(#269, h/t @typestring; #272), andcryptography>=46.0.0andpyOpenSSL>=26.0.0(#278) - Two expired trust anchors have been retired (#279)
- A new trust anchor for
"android-key"attestation has been added (#268) - TPM manufacturer IDs are now normalized during
"tpm"attestation verification to prevent casing-related lookup issues (#275) - Registration verification will more consistently raise
webauthn.helpers.exceptions.InvalidRegistrationResponsewhen encountering bad data. Likewise, authentication verification will more consistently raisewebauthn.helpers.exceptions.InvalidAuthenticationResponsewhen encountering bad data (#271, #273, #276, #280) - A docstring typo in
verify_authentication_response()has been fixed (#266, h/t @Densaugeo)