Themis Versions Save

React Native Support

• Added React Native Themis with Typescript support (#902, #903, #905, #906).

  react-native-themis is now available on npm! 🎉

  npm install react-native-themis
  

  Read more about React Native support.

0.14.1, March 18th 2022

Hotfix for JsThemis on Apple M1

Code:

• Node.js

  • JsThemis now works with libthemis installed from Homebrew on Apple M1 (#907).

0.14.0, December 24th 2021

TL;DR:

• JavaThemis for Android has moved to Maven Central (read more).
• JavaThemis for Java is available on Maven Central (read more).
• Themis is now available via Swift Package Manager (read more)
• Themis for iOS and macOS is also available as XCFramework, attached to the release.
• TypeScript definitions and ES6 module are now available for WasmThemis (read more).
• Node.js v16 is now supported.
• Overhaul of documentation once again.
• New Themis Core packages with BoringSSL – libthemis-boringssl.
• OpenSSL 3.0 support is work-in-progress, but not ready yet (read more).
• And as usual: more security hardening, fewer known bugs.

Breaking changes and deprecations:

• Themis Core: private C header files are no longer installed.
• GoThemis: ErrOverflow is now deprecated.
• Rust: themis now requires Rust 1.47 or newer.
• Rust: libthemis-src is no longer supported.
• Installing Themis via Carthage now requires Carthage 0.38 or newer (read more).
• Deprecated CocoaPods subspecs themis/themis-openssl and themis/themis-boringssl have been removed (read more)
• Themis Server (Themis Interactive Simulator) is no longer supported (read more.

Code:

• Core

  • Include embedded BoringSSL into Soter for convenience (#681, #702).

  • make deb and make rpm with ENGINE=boringssl will now produce libthemis-boringssl packages with embedded BoringSSL (#683, #686).

  • secure_session_create() now allows only EC keys, returning an error for RSA (#693).

  • Cleaned up unused private API. Thanks to @luismerino for pointing this out (#714).

  • Cleaned up public header files and API of Themis and Soter (#759).

    Private header files are no longer installed. Private APIs which have been unintentially exported are no longer available. This might be a breaking change for those who have used them. Please refrain from using private API and include only public API:

    #include <themis/themis.h>
    

    Users of official high-level wrappers are not affected. However, this might affect developers of third-party wrappers. Refer to the detailed description below for a list of removed headers.

    The following Soter headers are no longer available:

    • <soter/soter_container.h>
    • <soter/soter_crc32.h>
    • <soter/soter_ec_key.h>
    • <soter/soter_portable_endian.h>
    • <soter/soter_rsa_key.h>
    • <soter/soter_sign_ecdsa.h>
    • <soter/soter_sign_rsa.h>
    • <soter/soter_t.h>

    All APIs previously exported by them are no longer available as well.

    The following Themis headers are no longer available:

    • <themis/secure_cell_alg.h>
    • <themis/secure_cell_seal_passphrase.h>
    • <themis/secure_comparator_t.h>
    • <themis/secure_message_wrapper.h>
    • <themis/secure_session_peer.h>
    • <themis/secure_session_t.h>
    • <themis/secure_session_utils.h>
    • <themis/sym_enc_message.h>
    • <themis/themis_portable_endian.h>

    All APIs previously exported by them are no longer available as well.

    In addition to that, the following private symbols and definitions previously exported by <themis/secure_session.h> have been hidden:

    • THEMIS_SESSION_ID_TAG
    • THEMIS_SESSION_PROTO_TAG
    • SESSION_MASTER_KEY_LENGTH
    • SESSION_MESSAGE_KEY_LENGTH
    • struct secure_session_peer_type
    • typedef secure_session_peer_t
    • typedef secure_session_handler
    • secure_session_peer_init()
    • secure_session_peer_cleanup()

  • Fixed multiple buffer overflows in Secure Message (#763).

  • Fixed cross-compilation on macOS by setting ARCH and SDK variables (#849).

  • Updated embedded BoringSSL to the latest version (#812).

  • Builds with OpenSSL 3.0 will result in a compilation error for the time being (#872).

  • Hardened EC/RSA key generation and handling in Secure Message and Secure Session (#875, #876)

• Android

  • Example project moved to the main repository – docs/examples/android (#813).
  • Example project is now written in Kotlin (#813).
  • Updated embedded BoringSSL to the latest version (#812).

• C++

  • themispp::secure_message_t::sign() output is a bit smaller now (#775).

• Go

  • Error ErrOverflow is now deprecated in favor of ErrOutOfMemory, new error types were added (#711).
  • SecureMessage.Sign() output is a bit smaller now (#775).

• Java / Kotlin

  • SecureMessage#sign() output is a bit smaller now (#777).

  • JavaThemis for Android and desktop Java is now published in the Maven Central repository (#786, #788).

    Add the Maven Central repository to your build.gradle:

    repositories {
        mavenCentral()
    }
    

    For Android, use this dependency:

    dependencies {
        implementation 'com.cossacklabs.com:themis:0.14.0'
    }
    

    For desktop systems use this one:

    dependencies {
        implementation 'com.cossacklabs.com:java-themis:0.14.0'
    }
    

  • Example project for desktop Java moved to the main repository – docs/examples/java (#816).

• Objective-C

  • Updated Objective-C examples (iOS and macOS, Carthage and CocoaPods) to showcase usage of the newest Secure Cell API: generating symmetric keys and using Secure Cell with Passphrase (#688) and to use latest Themis 0.13.4 (#701, #703, #706, #723, #724, #726, #740).
  • TSSession initializer now returns an error (nil) when given incorrect key type (#710).
  • Improved compatibility with Xcode 12 (#742).
  • Updated CocoaPods examples to the latest Themis version 0.13.10 (#834).
  • Removed deprecated CocoaPods subspecs: themis/themis-openssl and themis/themis-boringssl (#884, #885).

• PHP

  • libphpthemis packages for Debian/Ubuntu now have accurate dependencies (#683).
  • PHP Composer 2.0 is now supported by PHPThemis unit tests (#730).

• Node.js

  • SecureSession constructor now throws an exception when given incorrect key type (#698).
  • Node.js v16 is now supported (#801).

• Python

  • SSession constructor now throws an exception when given incorrect key type (#710).

• Ruby

  • Ssession constructor now throws an exception when given incorrect key type (#710).

• Rust

  • Dropped libthemis-src crate support and removed the vendored feature. RustThemis wrapper now requires Themis Core to be installed in the system (#691).
  • Updated zeroize depedency to 1.x version. Rust 1.47 or newer is now required (#799).

• Swift

  • Updated Swift examples (iOS and macOS, Carthage and CocoaPods) to showcase usage of the newest Secure Cell API: generating symmetric keys and using Secure Cell with Passphrase (#688) and to use latest Themis 0.13.4 (#701, #703, #706, #740).
  • TSSession initializer now returns an error (nil) when given incorrect key type (#710).
  • Improved compatibility with Xcode 12 (#742).
  • Updated CocoaPods examples to the latest Themis version 0.13.10 (#834).
  • Removed deprecated CocoaPods subspecs: themis/themis-openssl and themis/themis-boringssl (#884, #885).

• WebAssembly

  • Updated Emscripten toolchain to the latest version (#760, #880).
  • Node.js v16 is now supported (#801).
  • TypeScript type definitions and ES6 module are now available, thanks to @maxammann (#792).

    import {SecureCell, SecureMessage, SecureSession, SecureComparator} from 'wasm-themis';
    

  • New initialization API: initialize(), allowing to specify custom URL for libthemis.wasm (#792, #854, #857).
  • Updated embedded BoringSSL to the latest version (#812).
  • make wasmthemis now fails with unsupported Emscripten toolchains (#879).

Infrastructure:

• Improved package split making libthemis thinner (#678).
• Optimized dependencies of libthemis DEB and RPM packages (#682, #686).
• make deb and make rpm with ENGINE=boringssl will now produce libthemis-boringssl packages with embedded BoringSSL (#683, #686).
• Build system and tests now respect the PATH settings (#685).
• Rename embedded BoringSSL symbols by default to avoid conflicts with system OpenSSL (#702).
• Started phasing out CircleCI in favour of GitHub Actions (#709, #755).
• Themis is now fuzzed with afl++ (#766).
• Secure Message is now covered with fuzz testing (#762).
• JavaThemis for Android and desktop Java is now published in the Maven Central repository (#786, #788).
• MSYS2 builds for Windows are now checked by CI (#791).
• Added automated tests for Android example project (#813).
• Added automated tests for desktop Java example project (#816).
• Embedded BoringSSL now builds faster if Ninja is available (#837).
• Embedded BoringSSL can now be cross-compiled on macOS by setting ARCH and SDK variables (#849).
• Builds on macOS use OpenSSL 1.1 from Homebrew by default (#871).
• Builds with OpenSSL 3.0 are currently not supported (#872).

Hotfix for Apple arm64 simulators for M1

• Fixed issue 864: Themis XCFramework now includes arm64 slice for simulators (865).

Code:

• Fixed Themis.xcodeproj build settings: removed arm64 from exluded architectures (865).

Hotfix for WasmThemis, resolving issues with deploying web applications for browers.

• Fixed issue when bundling WasmThemis with webpack (#779).

Code:

• WebAssembly

  • Fixed issue with TypeError: TextEncoder is not a constructor when bundling WasmThemis with webpack (#779).

Deprecation Notice for CocoaPods users:

• themis/themis-openssl subspec based on GRKOpenSSLFramework is deprecated and will be removed in Themis version 0.14.
• themis/themis-boringssl subspec based on BoringSSL is deprecated and will be removed in Themis version 0.14.

Please, switch to the default option in your Podfile: pod 'themis'

Hotfix for Apple platforms:

• themis for CocoaPods now uses XCFrameworks, supports Apple Silicon, and OpenSSL 1.1.1k (#828).
• Updated Carthage examples to use Themis XCFramework (#823).

Code:

• Objective-C / Swift

  • themis for CocoaPods now uses XCFrameworks, supports Apple Silicon, and OpenSSL 1.1.1k (#828).

• themis for Carthage switched to using XCFrameworks (#817). So, the minimum required Carthage version is now 0.38.0. You can continue using previous Themis version with previous Carthage versions.
• Updated OpenSSL to the latest 1.1.1k for Carthage (#817).

Code:

• Objective-C / Swift

  • themis for Carthage now pulls OpenSSL dependency as XCFramework, and Carthage builds themis as XCFramework as well. Themis.xcodeproj now uses openssl.xcframwork and themis.xcframework. Carthage dependencies should be built with --use-xcframeworks flag (#817).
  • Updated OpenSSL to the latest 1.1.1k for Carthage (#817).
  • Tests (Github Actions) are updated to use the latest Carthage version (0.38.0 and up) and --use-xcframeworks flag (#817).

OpenSSL 1.1.1k for iOS/macOS SPM

• Updated OpenSSL to the latest 1.1.1k for SMP and attached themis.xcframework. (iOS and macOS).
• New Swift and Objective-C example projects: SPM for iOS and macOS.

Code:

• Objective-C / Swift

  • Updated OpenSSL to the latest 1.1.1k for SMP and attached themis.xcframework. It is openssl-apple version 1.1.11101.
  • New Swift and Objective-C example projects: SPM for iOS and macOS.
  • Updated SPM examples source code to remove deprecated calls.

SPM support with XCF.

• themis is now packaged as xcframework. It is available in the release attached files section.
• themis now supports SPM.

Code:

• Added script to generate xcframework for iOS, iOS Simulator and macOS (#789).
• Added Package.swift file for SPM (#789).

This is a hotfix for Apple platforms: ObjCThemis and SwiftThemis, running on iOS and macOS, when installed via Carthage or CocoaPods.

• themis pod is now restored to use dynamic linkage again
• Resolved errors related to @rpath when using CocoaPods
• Removed arm64e architecture slice from Carthage builds for iOS which prevented CocoaPods from functioning correctly

Code:

• Objective-C / Swift

  • CocoaPods will now again link ObjCThemis dynamically into application (#750).
  • Carthage no longer builds arm64e architecture slice (#750).
  • Updated OpenSSL to the latest 1.1.1h-2 (#750).