Releases: web-eid/web-eid.js
v2.0.2
v2.0.2 is a minor maintenance release that mostly updates build dependencies.
Changes
Full changelog: v2.0.1...v2.0.2.
Packages
The v2.0.2 NPM package is available in Web eID GitLab NPM package registry and a ZIP file with pre-built IIFE, ES and UMD bundles is attached as an asset.
v2.0.1
v2.0.1 is a minor maintenance release that mostly updates dependencies.
Changes
See the list of changes in the v2.0.1 milestone.
Packages
The v2.0.1 NPM package is available in Web eID GitLab NPM package registry and a ZIP file with pre-built IIFE, ES and UMD bundles is attached as an asset.
v2.0.0
v2.0.0 is a major backwards incompatible release.
In web-eid.js API version 1, the authenticate() and sign() functions took URLs as parameters and the network requests to the website back end were performed inside the extension. This had many benefits, including reduced surface for XSS attacks, additional internal security checks and control over the interaction flow with the user. However, the network requests indirectly caused a Cross-Origin Resource Sharing (CORS) vulnerability in Firefox.
To mitigate the CORS vulnerability in Firefox, the web-eid.js API version 2 no longer handles network requests internally; the website developer is expected to perform the requests instead.
Upgrade instructions are available here.
Changes
See the list of changes in the v2.0.0 milestone.
Backwards incompatible changes
All API function signatures have changed in v2.0.0, see upgrade instructions.
Packages
The v2.0.0 NPM package is available in the Web eID GitLab NPM package registry.
v2.0.0-rc1
feat: version checking removed from library Version checking will be implemented on the extension side for greater flexibility Signed-off-by: Tanel Metsar <[email protected]>