Skip to content

v0.5.0 (Important Security Fix)

Pre-release
Pre-release
Compare
Choose a tag to compare
@patrickfav patrickfav released this 11 Jul 13:15
v0.5.0
This tag was signed with the committer’s verified signature. The key has expired.
patrickfav Patrick Favre
GPG key ID: 4FDF85343912A3AB
Expired
Verified
Learn about vigilant mode.
ae5fbd2
This commit was signed with the committer’s verified signature. The key has expired.
patrickfav Patrick Favre
GPG key ID: 4FDF85343912A3AB
Expired
Verified
Learn about vigilant mode.

Changes

  • [Security] a user provided password was NOT used for the creation of the secret key #11 (thx @davidmigloz)
  • various small fixes cleaning memory from security relevant data (internal keys, salts, etc.)
  • fix minSdk to be 19 instead of 21
  • new logo (thx @iqbalhood)

Known Issues

  • currently the AES mode GCM does not work correctly on Kitkat, working on a fix
  • currently migration is needed if user password was used (will add a migration guide later)

NOTE: If you are using 0.4.- of armadillo, the user pw will not encrypt the data. Please update ASAP, but mind that this might make data inaccessible. I will be working on a workaround/migration guide. (see #11)

Special thx to @davidmigloz who is responsible for most of the fixes in this release and for finding the issue.

Assets 4
Loading