CVE-2021-44033: Identity Vault Changelog - Identity Vault

[5.1.2] (2021-11-16)#****Bug Fixes#

• Android: Handle errors related to Android Keystore Operations
• iOS, Android: outdated/missing error message with a malformed config object passed
• iOS: Fixes a class name collision with DevicePlugin between IdentityVault and @capacitor/device

[5.1.1] (2021-10-27)#****Bug Fixes#

• Fixing crash while importing complex objects
• Removing built in localizations

Change Log#

[5.1.0] (2021-10-11)

Bug Fixes#

• iOS: Throw VaultError.biometricsLockedOut error when device biometrics is locked out
• Don’t unnecessarily trigger onError for MissingBiometricError
• Don’t call setIsStrongBoxBacked(true) on devices that do not have secure hardware

Features#

• Add hasSecureHardware device check

Change Log#****[5.0.5] (2021-09-30)#****Bug Fixes#

• (Android): Setting Device.isLockedOutOfBiometrics after lockout
• (iOS) Remove vault on re-install
• Allow DeviceSecurity vaults to be cleared without biometrics
• Security: Closing loophole allowing bypass of invalid unlock attempts
• Security: Implementing stronger Android KeyStore protections
• Security: Properly set setUserAuthenticationParam based on deviceSecurityType

Change Log#****[5.0.4] (2021-09-17)#****Bug Fixes#

• Properly handle invalidated or changed biometrics

[5.0.3] (2021-09-07)#****Bug Fixes#

• fixing lockOnBackgrounded regression

[5.0.2] (2021-09-01)#****Bug Fixes#

• Adding requirement for cordova-android 10.0.0
• Changing CustomPasscode vault keychain access control requirements
• Clear InMemoryVault when locked
• Don’t attempt to get values from non-existent vault
• Handle null / undefined lockAfterBackgrounded setting on Android
• replaces deprecated functions and removes swift warnings from compiler
• Unifying biometric attempt error codes between iOS and Android

[5.0.1] (2021-08-10)#****Bug Fixes#

• fixes splash screen not dismissing on iOS when hideScreenOnBackground is enabled
• fixes support for iv5 in cordova apps
• Use correct encoding for encoding vault data

[5.0.0] (2021-07-28)#****BREAKING CHANGES#

• New API Surface - See the migration guide for full migration details

Features#

• Simplified API surface
• Improved compatibility with React, Vue, and plain JS.
• Enhanced Local Development Experience
  • Non-Secure Browser Vault Implementation
• Android Class 2 Biometrics Support (See announcement blog for details)

[4.3.3] (2021-06-14)#****Bug Fixes#

• core: fixing incorrect plugin.xml version

[4.3.2] (2021-06-11)#****Bug Fixes#

• android: disable passive biometric confirmation step (to fix issue related to face unlock on Samsung devices)

[4.3.1] (2021-05-24)#****Bug Fixes#

• ios: remove the import Cordova added by Capacitor

[4.3.0] (2021-05-20)#****Bug Fixes#

• core: isBiometricsSupported should return true for devices with strong faceid on android
• core: returning appropriate error codes for disabled biometrics and canceled auth

Features#

• added setHideScreenOnBackground to allow turning on/off hiding as needed

• core: adding option to configure biometric prompt text on iOS

[4.2.8] (2021-04-29)#****Bug Fixes#

• ios Handling thrown errors in IonicNativeAuth class
• android Add null check in onBiometricActivityResult

[4.2.7] (2020-10-28)#****Bug Fixes#

• android: keyboard now displays when default passcode dialog opens

[4.2.6] (2020-09-02)#****Bug Fixes#

• android: lifecycle events moved to the main thread

[4.2.5] (2020-08-10)#****Bug Fixes#

• iOS: ensure the privacy screen image view appears as expected [CT-138]

[4.2.4] (2020-07-22)#****Bug Fixes#

• android: reset auth attempts when clearing/resetting auth [CT-83]
• iOS: ensure screen is always obscured when needed [CT-61]

[4.2.2] (2020-06-10)#****Bug Fixes#

• add lock call to clean up in-memory mode , closes [#118]
• iOS: ensuring that the screen is always hidden when backgrounded SE-202

[4.2.1] (2020-05-27)#****Bug Fixes#

• android: avoid crash on detecting gesture navigation when using hideScreen

[4.2.0] (2020-05-13)#****Bug Fixes#

• android: Added transparent theme for biometric auth activity SE-188
• android: make hideScreen work when using gesture navigation

Features#

• added method getAvailableHardware to return list of biometrics options

[4.1.0] (2020-04-29)#****Bug Fixes#

• cordova: remove full paths in config file targets

Features#

• allowSystemPinFallback, shouldClearVaultAfterTooManyFailedAttempts, and `isLockedOutOfBiometrics

[4.0.1] (2020-04-17)#****Bug Fixes#

• android: clear vault when there are too many failed bio unlock attempts
• ios: clear vault when there are too many failed bio unlock attempts
• allow install in cordova-android 9-dev

[4.0.0] (2020-04-08)#****Bug Fixes#

• ios: swift 4.2 compilation issue

Features#

• android: AndroidX upgrade, Android Face ID support

BREAKING CHANGES#

• android: AndroidX is now required in projects with IV v4.

[3.6.4] (2020-05-13)#****Bug Fixes#

• android: avoid KeyPermanentlyInvalidatedException problem on SDK 19 [SE-183]
• ios: swift 4.2 compilation issue

[3.6.3] (2020-04-01)#****Bug Fixes#

• ios: remove old vault upon reinstall

[3.6.2] (2020-02-28)#****Bug Fixes#

• ios: clear the vault on lock when using InMemoryOnly mode

[3.6.1] (2020-02-05)#****Bug Fixes#

• Android, iOS: fix an issue where if auto unlock or restore session fails the vault fails to fire the onVaultReady event

[3.6.0] (2019-12-20)#****Features#

• add getKeys to IdentityVault
• add removeValue to IdentityVault

[3.5.1] (2019-12-18)#****Bug Fixes#

• android: properly call onVaultLocked after lock
• ios: add screenProtectView on top window

[3.5.0] (2019-11-27)#****Bug Fixes#

• Android: Fix issue where vault would crash if Android device only supported FaceMatch
• vault-user: use the vault user methods to set the auth mode

Features#

• add isBiometricsSupported function

[3.4.8] (2019-11-08)#****Bug Fixes#

• vault-user: use the vault user methods to set the auth mode

[3.4.7] (2019-09-09)#****Bug Fixes#

• Android: Fix an issue where the vault would not be cleared when fingerprints were added or all fingerprints were removed on Android…

[3.4.6] (2019-08-07)#****Bug Fixes#

• Android: fix an issue where adding a fingerprint to device after the app was open would not refresh whether biometrics was available or not

[3.4.5] (2019-07-27)#****Bug Fixes#

• Android, iOS: getSession return type and default IonicIdentityVaultUser generic to DefaultSession

[3.4.4] (2019-07-25)#****Bug Fixes#

• Android: Fixes an issue on Android where getBiometricType would return none if Biometrics was not enabled even though the device had biometric hardware.

[3.4.3] (2019-06-14)#****Bug Fixes#

• Android: Fixed issue where when hideScreenInBackground feature was enabled screenshots would be disabled.

[3.4.2] (2019-06-14)#****Bug Fixes#

• iOS: Fixed an issue where the hide screen in background functionality was broken

[3.4.1] (2019-06-06)#****Bug Fixes#

• Android: fix issue where setBiometricsEnabled(false) would throw an error if biometrics was unavailable

[3.4.0] (2019-06-06)#****Bug Fixes#

• iOS: fix an issue where if a user removed fingerprints after authentication storing the session would return an error rather than default to passcode only mode
• iOS: Fix issue where getBiometricType would return none if TouchID or FaceID was present on device but the user was not enrolled.
• iOS: fix issue with getBiometricType and issue where lock event was triggered when lock was called in secure storage mode

Features#

• Added android side of Secure Storage Mode
• update Typescript/JS layer to support Secure Storage mode

[3.3.0] (2019-05-10)#****Bug Fixes#

• Android, iOS: make the setting of the auth mode fault tolerant

Features#

• Android. iOS: add Biometric or Passcode mode

[3.2.3] (2019-04-29)#****Bug Fixes#

• Android: fix bug in Android where FingerprintManager import was missing

[3.2.2] (2019-04-29)#****Bug Fixes#

• fix release configuration issue where xlmns:android was incorrectly add to manifest

[3.2.1] (2019-04-27)#****Bug Fixes#

• fix bug where plugin id was incorrect and didn’t include scope

[3.2.0] (2019-04-26)#****Features#

• Added getPlugin method which can be overridden in advanced use cases to provide custom implementations for PWA compatibility etc.

Bug Fixes#

• iOS: Fixed a bug on iOS where when using the hideScreenOnBackground flag the splashscreen may temporarily flash during biometric prompts.
• Android: Fixed a bug on Android where isBiometricsAvailable would return true is some cases if No fingerprints were enrolled or fingerprint hardware wasn’t available.
• Android, iOS: Fixed a bug where getSession may incorrectly return undefined due to failing to wait for the plugin to be ready before returning.

[3.1.0] (2019-04-19)#****Features#

• Added login method which clears the vault and stores the session passed to it.

[3.0.0] (2019-04-08)#****Features#

• Added the ability to use onPasscodeRequest to use a custom pin prompt screen.
• Made IdentityVaultUser a generic class to allow using the DefaultSession or extending it to type and store the session object.
• Added support for advanced usages such as multi-tenant vaults by using the IonicNativeAuthPlugin and IdentityVault APIs directly.