v3.0.0

Version v2.30.0 introduced forward compatibility for padded encryption scheme. Make sure your end users use at least v2.30.0 before upgrading to v3.0.0.

Padded Encryption

Tanker now uses a padded symmetric encryption scheme by default. Adding padding to encrypted data aims at hiding the length of the clear message, see the dedicated guide.

Remove UMD build

We no longer ship the fully bundled UMD build of the JS SDK for @tanker/client-browser.

Remove device APIs

• Remove the deviceId() function
• Remove the getDeviceList() function
• Remove DeviceRevoked error

v2.32.2

Fix a browser compatibility issue introduced in v2.32.0 that triggers a TypeError: arrayBuffer is not a function on some platforms, specifically Safari < 14.1 and Chrome < 76.

v2.32.1

Fix an issue where encrypting and sharing a resource while including the same group multiple times in the recipient list would result in an InternalError being thrown.

v2.32.0

• The client-node SDK package now supports Node.js 18
• The client-node SDK package now requires Node.js >= 14. Node.js 12 is no longer supported

End-to-end passphrase verification

A new end-to-end passphrase verification method is now available for users who need strict end-to-end security guarantees.

See the guide for more information.

Performance improvements

Reduce the number of group key lookups by sharing results from in-progress lookups between calls.

This makes concurrent operations involving groups faster, as fewer round trips to the network and/or local storage are made.

For example, parallel decryption of multiple resources shared with the same group now requires only one lookup to recover the last group key instead of one lookup per resource.

v2.31.0

There is no new feature or externally visible change in this version of the SDK.

v2.30.0

• Add forward compatibility for the decryption of padded data.
• Phone number verification method can now be used with session token.
• setOidcTestNonce() is available to test the new verification flow without requiring any end-user action.

Bug Fix

• Correctly await Libsodium's initialization in createOidcNonce().

v2.29.1

OpenID Connect

Pro Santé Connect is now a supported OpenID Provider.
Select the OpenID Provider from the dashboard:

• pro-sante: for the production environment
• pro-sante-bas: for the sandbox

v2.29.0

OpenID Connect

The identity verification using the OIDC has been revamped to improve security and isolation between Tanker servers and an application server using Tanker:

• A new mandatory nonce, created through createOidcNonce(), should be used in OIDC authorization code flow. It allows:
  • Application server to deny any request using an IdToken already seen. Preventing Tanker from impersonating end-users
  • Tanker to perform an additional challenge with end-users before accepting an IdToken. Preventing an Application server from impersonating end-users
• OIDC for provisional identity verification is not available anymore

The OIDC verification guide has been updated accordingly.

v2.28.0

Internet Explorer is not supported anymore.

v2.27.0

API breakages

• Removed the deprecated Tanker.revokeDevice method and deviceRevoked event
• Removed the deprecated TankerCoreOptions.trustchainId, use TankerCoreOptions.appId instead
• Deprecated the statusChanged event, the deviceId property and the getDeviceList method