Changelog

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.

As of December 2025 and until the 1.0.0 version is released, the CAI team will only make minor version changes (incrementing the x in 0.x.0) if breaking changes are made. Features will now result in a patch version change (incrementing the y in 0.x.y). This brings us into closer compliance with typical SemVer practice (and follows the default behavior of release-plz.

[Unreleased]

0.75.21

12 February 2026

No-op re-release to address previous build failure.

0.75.20

12 February 2026

Added

Use ephemeral self-signed cert to sign working store / archive (#1839)

0.75.19

09 February 2026

Fixed

Support QT style 'meta' boxes (#1844)
Settings.builder.created_assertion_lables was not being applied. (#1828)

0.75.18

06 February 2026

Fixed

Wrong size being written out for XMP box (#1835)

0.75.17

06 February 2026

Fixed

Capture default values in schema generation (#1824)

0.75.13

03 February 2026

Fixed

Force Cargo to use sparse crates.io index

0.75.12

03 February 2026

(Re-release since the 0.75.11 release failed.)

0.75.11

03 February 2026

Added

Adds thread safe Settings and Context support to c_ffi_api (#1783)

Other

Only use reqwest for c2pa-c-ffi networking (#1807)

Updated dependencies

Bump jumbf from 0.5.0 to 0.7.0 (#1806)

0.75.10

02 February 2026

Fixed

Updates to c2pa_cbor 0.77.2 (#1804)

Updated dependencies

Bump jumbf from 0.4.1 to 0.5.0 (#1794)

0.75.9

30 January 2026

Added

Public API for timestamp assertions (#1603)
Add support for arbitrary key/value pairs in assertion metadata (#1782)

Updated dependencies

Bump c2pa-cbor from 0.77.0 to 0.77.1 (#1800)

0.75.8

28 January 2026

Fixed

MP3's GEOB MIME type (#1790)
Removed dependency on unmaintained serde_cbor crate (#1739)

0.75.7

27 January 2026

Fixed

Retrigger release-plz release workflow (#1781)

0.75.6

22 January 2026

Added

Trigger a new release to allow generated binaries to be published

0.75.5

21 January 2026

Fixed

Use patched version of typed-path for zip (#1761)
Work around compilation issues introduced by typed_path crate (#1757)
Update tiff support to latest standard (#1736)

Updated dependencies

Bump quick-xml from 0.38.4 to 0.39.0 (#1754)
Bump lopdf from 0.38.0 to 0.39.0 (#1753)

0.75.4

16 January 2026

Fixed

Context propagation for Reader to support legacy behavior (#1743)

0.75.3

16 January 2026

Documented

Describe what parameter is missing in c2pa.opened/placed/removed validation (#1737)

Fixed

Disable verify after sign temporarily (due to bug) (#1746)

0.75.2

15 January 2026

Fixed

Fix streams handling for TIFF (#1728)

0.75.1

15 January 2026

Added

Report claim version in manifest report (#1722)

Fixed

Verify after sign not executing (#1638)

Updated dependencies

Bump img-parts from 0.3.3 to 0.4.0 (#1733)
Bump range-set from 0.0.11 to 0.1.0 (#1726)
Bump nonempty-collections from 0.3.1 to 1.2.1 (#1724)
Bump extfmt from 0.1.1 to 0.2.0 (#1725)
Bump zip from 6.0.0 to 7.0.0 (#1723)

0.75.0

14 January 2026

Added

Deeper integration of Context into the SDK (#1710)
Multi RIFF AVI (AVIX) support (#1656)
Add Manifest::signature to get Cose_Sign1 signature (#1699)

Fixed

CAI-10286 - path traversal, zip-slip in from_archive (#1721)
1716 fix deeply nested bmff box issue (#1717)
Fix vulnerability with user supplied exclusions. (#1715)
Make parameters optional for transcoded and repackaged actions (#1701)
Allow actions assertions to be created assertions (#1703)

Updated dependencies

Bump non-empty-string from 0.2.4 to 0.2.6 (#1720)
Bump id3 from 1.16.1 to 1.16.3 (#1718)
Bump asn1-rs from 0.6.2 to 0.7.1 (#1505)
Bump toml from 0.8.23 to 0.9.10+spec-1.1.0 (#1713)
Bump env_logger from 0.10.2 to 0.11.8 (#1711)
Bump rasn from 0.26.6 to 0.28.1 (#1621)
Bump rand_chacha from 0.3.1 to 0.9.0 (#1619)
Bump mockall from 0.13.1 to 0.14.0 (#1708)

0.74.0

07 January 2026

Added

[breaking] Store Context as Arc for shared context and threading support (#1680)
Add CAWG roles support to SignerSettings (#1700)
Adds Context to contain settings, HTTPS resolvers, and signers (#1631)

Fixed

Hard binding recursive search for nested update manifests (#1693)

Other

Update codspeed-criterion-compat to 4.2.1 (#1702)

Updated dependencies

Bump rsa from 0.9.9 to 0.9.10 (#1698)

0.73.2

22 December 2025

Fixed

Nested ingredient serializing-deserializing (fix for #1685) (#1686)
Flush stream to finish write operations before rewind for FFI layer improvements (#1672)

0.73.1

19 December 2025

Fixed

Fix case where UUID boxes and BMFF layout confused the insertion (#1676)
Remove extra hash binding verification for update manifests (#1659)
Add maybeSync (#1664)
Address new warnings with Rust 1.92.0 (#1661)

Other

Replace once_cell Lazy with std LazyLock (#1666)

0.73.0

04 December 2025

Added

Restricted HTTP resolvers (#1630)

0.72.1

04 December 2025

Added

Check if stream matches input format via file signature/structure (#1528)
Use MaybeSend to simplify code (#1639)

Documented

Add doc for CLI settings, misc copy edits (#1636)

Fixed

Set wasm-bindgen-cli version in CI (#1644)
Fix the timestamp cert chain validation to be independent of the order (#1600)
RFC 3161 fractional seconds (#1640)
Stack overflow and hang due to cyclic ingredients (#1576)
Allow untrusted failure code to be a Valid validation state (#1623)
Remove unmaintained json5 dependency and other unused config crate sub-dependencies (#1611)

Other

Remove direct dependency on windows-core (#1616)

Updated dependencies

Bump lopdf from 0.31.0 to 0.38.0 (#1359)
Bump quick-xml from 0.37.5 to 0.38.3 (#1575)

0.72.0

17 November 2025

Added

Remove x509_certificate (#1547)

Fixed

Remove ring altogether (#1606)

0.71.3

17 November 2025

Documented

Fix and update Builder examples (#1484)

0.71.2

13 November 2025

Fixed

Remove a dbg statement (#1594)

0.71.1

12 November 2025

Fixed

Use Digitalsourcetype with Builder intents (#1586)
Restore recursive ingredient checks (#1582)

0.71.0

07 November 2025

Fixed

Disallow ureq and reqwest_blocking for WASM and WASI (#1579)

0.70.0

06 November 2025

Added

Sync/async HTTP resolvers API (#1355)

Fixed

Better support for remote-only manifests of non-BMFF assets (#1569)

Updated dependencies

Bump thiserror from 1.0.69 to 2.0.17 (#1562)

0.69.0

04 November 2025

Added

Refine validation state logic (#1541)
Adds support and documentation for JSON formatted Settings (#1533)
Allow reading a manifest store as a Builder to continue editing (#1476)

Fixed

Allow C2PA archives to be unsigned (#1560)
Add JsonSchema to Action (#1550)
Update to avoid deprecation warning for Command::cargo_bin (#1548)

Updated dependencies

Bump zip from 3.0.0 to 6.0.0 (#1540)
Bump coset from 0.3.8 to 0.4.0 (#1539)
Bump hex-literal from 0.4.1 to 1.0.0 (#1527)

0.68.0

24 October 2025

Added

Add settings structs to the public API (#1447)
Enables generating created assertions and getting the created state (#1432)
Make settings not thread-local (#1444)
Add CAWG validation to Reader (#1370)

Documented

Document features in Rust docs and clarify features (#1491)
Say to use v2 claims. Update support statement (#1496)
Update README.md to add CAI membership & Discord links (#1482)
Fix docs.rs build by removing removed features (#1480)

Fixed

Change MSRV to 1.88.0 (#1520)
Timestamp grace for legacy manifests (#1502)
Skip test_reader_to_folder in github workflow for WASI (#1498)
Remove serialize_thumbnails feature (#1492)
Don't log OCSP status if the result cannot be validated. (#1489)
Expose underlying timestamp assertion support (#1371)
Turn on trust by default (#1483)
Empty actions array should be allowed for v1 claim compatibility [CAI-9573] (#1477)
Add support for new data hash exclusions when update manifests are pr… (#1478)

Other

Update httpmock to 0.8.0 (#1472)

Updated dependencies

Bump memchr from 2.7.5 to 2.7.6 (#1516)
Bump schemars from 0.8.22 to 1.0.4 (#1247)
Bump pem from 3.0.5 to 3.0.6 (#1511)
Bump serde_with from 3.14.0 to 3.15.1 (#1503)
Bump httpmock from 0.8.1 to 0.8.2 (#1504)

0.67.1

02 October 2025

Fixed

Mark DigitalSourceType fields as deprecated without warning (new serde update) (#1427)
Correct the payload of claim signature box when calculating the hash. (#1466)

0.67.0

30 September 2025

Fixed

Do not generate multiple c2pa.placed actions with settings (#1458)
AllActionsIncluded defaults to None (#1459)

Other

Fix pdf benchmarks (#1452)

0.66.0

24 September 2025

Fixed

We lost the ability to read the deprecated instanceId actions parameters field. (#1443)
Remove no_interleaved_io feature (#1437)

0.65.1

23 September 2025

Fixed

Add support for iso6 boxes (tfra, tfhd and saio) (#1442)
[CAI-9586] Some validation errors are thrown as exceptions (#1441)
Only enable "asm" feature on aarch64 macos (#1440)

0.65.0

19 September 2025

Added

Expose add_action from the Builder at the C level (#1425)
Add Redaction and Update manifest support to Builder (#1180)
Add ParametersMap to Actions (#1274)
(sdk) Introduce new API to retrieve detailed manifest JSON (#1406)

0.64.0

15 September 2025

Added

Fetch OCSP wasm (#1402)

Fixed

Allow v1 claim c2pa.manifest cbor assertions without full valid… (#1412)

0.63.0

10 September 2025

Added

Add cawg_trust.verify_trust_list setting (#1356)
Remove the v1_api feature and all associated code (#1387)

Fixed

Fix/trust list check (#1398)
Remove unmaintained dependencies conv and custom_derive (#1393)

0.62.0

06 September 2025

Added

Implement CAWG X.509 signing via settings (#1388)

Fixed

Assertion metadata localizations support was missing. CAI-9444 (#1390)
Make openssl and rust_native_crypto features additive (#1379)
Make OpenSSL code path enforce COSE specified salt length (#1376)

0.61.0

03 September 2025

Added

Add benchmarking (#1311)

Fixed

Rewind output stream after adding dynamic assertions (#1358)
Fix label handling for custom metadata (#1354)
Gif global color table size (#1348)
Fix overly agressive metata collection (#1345)

0.60.1

27 August 2025

Fixed

Removes asm feature for sha2 (#1343)
Reset settings after test_stream_thumbnail (#1339)

0.60.0

26 August 2025

Added

(sdk) Falls back to fs for large intermediate streams (#1341)
Add ability to set/get the description for an action. (#1276)

Fixed

Ingredient thumbnail generation respect settings (#1332)
Fix a regression for invalid manifest handling and reader creation (#1312)
Fix test

Other

Fix docs and dead code lint (#1340)

0.59.1

15 August 2025

Fixed

Add common name to manifest dump (#1319)
Support box hash exclusions (#1317)

Changelog

All notable changes to this project will be documented in this file.

This project adheres to Semantic Versioning, except that – as is typical in the Rust community – the minimum supported Rust version may be increased without a major version increase.

Since version 0.36.2, the format of this changelog is based on Keep a Changelog.

0.59.0

14 August 2025

Added

Add option for configuring trust when validating identity assertions (CAI-7980) (#1239)
Add new soft binding fields to the ingredient assertion structure (#1306)
Add cawg.metadata label and test. (#1305)
Certificate status assertion (#1236)
Browser wasm fetch remote manifests (#1259)
Define DigitalSourceType as enum (#1260)
Impl Soft Binding assertion definition (#1147)
Add metadata assertion and support for validation (#1258)
Remove Send trait for CAIRead on Wasm (#1264)
[breaking] Change Verifier to hold a Cow<'a, CertificateTrustPolicy rather than a reference (#1238)
V2 Claims are now generated by default (#1266)
Bump MSRV to 1.86.0 (#1269)
Expand settings API (#1192)

Fixed

Fix broken ingredient recursion (#1309)
Mark the CreativeWork assertion as deprecated (#1304)
Make common name available to manifest_store (#1300)
V2 redactions were reporting validation error if the assertion was redacted (#1282)
Bmff update manifest support (#1284)
Report correct identity assertion JUMBF URI when reporting validation status (#1292)
Support for BMFF V3 hashing options (#1253)
Remove "other" field in Metadata assertion (#1251)
Add support for m4v (#1254)

Other

Rename Metadata to AssertionMetadata (#1261)
Feature flag test_reader_remote_url with feature fetch_remote_manifests (#1252)

0.58.0

18 July 2025

Added

Add C binding for setting the base path (#1237)
Asset reference assertion (#1203)
Add Reader::remote_url and Reader::is_embedded (#1150)
Store icon references into c2pa.icon assertions for v2 instead of using data_boxes. (#1235)
Remove file type from thumbnail names (#1187)
Update MSRV to 1.85 (#1208)

Documented

Fix spec link for EmbeddedData (#1226)
API doc clean up and improvement (#1178)
Fix formatting of top level example. (#1161)

Fixed

Panic when adding empty actions assertion (#1227)
Generated JPEG thumbnail incorrectly rotated (#1233)
Unfreeze dependency on base64ct crate now that we're up to MSRV 1.85 (#1228)
Clean up logs (#1181)
Change timestamp validation to return new required info fields (#1191)
Xmp jpeg write (#1156)
Clippy warnings for Rust 1.88 (#1204)

Other

Move uri_to_path into utils (#1186)

0.57.0

19 June 2025

Fixed

No-op change to trigger c2pa core crate publish

0.56.2

18 June 2025

Fixed

No-op change to trigger rebuild

0.56.1

18 June 2025

Fixed

To_archive does not store resources associated with ingredients (#1151)

0.56.0

17 June 2025

Added

(sdk) Introduces get_supported_types api (#1138)
Update Validation for 2.2 spec compliance (#1144)

Documented

Doc cleanup (#1143)

Fixed

Freeze base64ct crate at 1.7.3 for now (#1163)
C2patool reports cawg.ica.credential_valid for valid CAWG X.509 signature (CAI-8751) (#1155)
Docs.rs build using openssl and rust_native_crypto simulatenously (#1139)

0.55.0

27 May 2025

Added

Es512 support without new dependencies (#1130)

0.54.0

27 May 2025

Added

Make OpenSSL a default feature (#1118)

Fixed

Add CAWG support for fragmented BMFF (#1114)

Other

Integrates prebuilt library release workflow (#1126)

0.53.0

20 May 2025

Added

[breaking] Merge c2pa-status-tracker crate into c2pa (#1115)

Fixed

Avoid yanked version of windows-core crate (#1116)

0.52.0

16 May 2025

Added

[breaking] Merge c2pa-crypto crate into core c2pa crate (#1099)

0.51.1

16 May 2025

Fixed

Switch zip dependency to a non-yanked version (#1101)
Fix Clippy warnings for Rust 1.87 (#1103)

0.51.0

14 May 2025

Added

[breaking] Merge CAWG identity SDK into main C2PA crate (#1089)

Fixed

Trigger re-publish of c2pa crate

0.50.0

14 May 2025

Added

Adds c_api for dynamic library releases (#1047)
SVG thumbnails with a fix to the ingredient thumbnail format detection (#722)
(sdk) Support setting the Ingredient manifest_data field for remote manifests using Builder (#1091)

Fixed

Ingredient from_stream/memory not loading remote manifests (#1061)

0.49.5

25 April 2025

Fixed

Return an error if a manifest cannot be read (#1051)

0.49.4

24 April 2025

Fixed

Fix missing Action fields (#1050)

0.49.3

16 April 2025

Fixed

Dynamic assertions should be gathered assertions (#1005)

0.49.2

07 April 2025

Fixed

Populates claim signature field in ingredient v3. (#1027)
Adjust dependencies to avoid security warnings and yanked versions (#1031)
Enable trust checks for all unit tests (#1022)

0.49.1

04 April 2025

Fixed

Update openssl to address a recently-announced vulnerability (#1024)

0.49.0

03 April 2025

Added

(cawg_identity) Add BuiltInSignatureVerifier (#978)

Fixed

Thread safe version of settings.rs (#1018)
Fix support for user supplied labels (#1017)
Sig check fix (#1016)

0.48.2

26 March 2025

Fixed

Make sure manifests are signed with end-entity certs (#997)

Other

Revert "chore: publish c2patool and cawg_identity updates (#992)"

0.48.1

20 March 2025

Fixed

(c2patool) Fixes crash and improves cawg support (#989)

0.48.0

19 March 2025

Added

Adds allActionsIncluded flag to Actions Assertion (#986)

Fixed

Generate gathered assertions for v2 claims (#985)

0.47.0

18 March 2025

Added

Adds reader.post_validate method for CAWG validation support (#976)
Add StatusTracker to IdentityAssertion parsing and validation APIs (#943)
Add Sync to AsyncDynamicAssertion (#953)
Simplify StatusTracker interface (#937)
Add WASI to c2patool (#945)
Add WASI support to cawg_identity (#942)
Add ES256 and ES384 Rust native signing (#941)
Adds validation_state to the json reports from the Reader (#930)
Wasm32 wasi 0.41.0 (#888)

Fixed

Remove circular dependency between C2PA and CAWG crates (#982)
ISSUE-967: Remove the RST0..=RST7 check from the has_length method for the JPEG asset handler. (#968)
Fix broken c2patool fragment feature (#960)
Feature flag v1_api without file_io didn't compile (#944)
Use older version of x509-certificate for wasm32-unknown (#934)
Fix new Clippy warnings for Rust 1.85.0 (#933)

Other

Remove openssl feature flag (#940)

Updated dependencies

Bump zip crate to 2.4.1 (#981)
Bump x509-certificate to 0.24.0 (#957)

0.46.0

15 February 2025

Added

Add support for DynamicAssertions in JSON format (#924)

Fixed

Panic in decoding of GIF chunks (#873)
Use correct byte label for GIF Plain Text Extension (#864)
Panic in slicing of empty XMP data (#872)

Other

Use AsRef<Path> in jumbf_io functions (#910)

0.45.3

11 February 2025

Fixed

Restore support for claim_generator_hints (#915)

0.45.2

06 February 2025

Documented

Fix reported errors for docs (#903)

Fixed

Update error reporting (#906)
Repair cargo test (#898)

0.45.1

31 January 2025

Fixed

Remove dependency on SubtleCrypto (#881)

0.45.0

30 January 2025

Added

(cawg_identity) Split CredentialHolder into sync and async versions (#891)

0.44.0

29 January 2025

Added

Allow synchronous DynamicAssertion (#889)
Claim v2 (#707)

0.43.0

24 January 2025

Added

(crypto) Make box_size parameter on c2pa_crypto::cose::sign an Option (#879)

Fixed

Bump coset requirement to 0.3.8 (#883)
Update id3 crate (#875)
Remove Debug supertrait from DynamicAssertion and CredentialHolder traits (#876)

0.42.0

22 January 2025

Added

Change the definition of Signer.raw_signer() to return an Option defaulting to None (#869)

0.41.1

22 January 2025

Fixed

Make alg enum exhaustive (#866)

0.41.0

16 January 2025

Added

(crypto) Add rsa crate support to rust_native_crypto feature (#853)
(cawg_identity) Implement identity assertion validation (#843)
Remove writing of native camera RAW formats from SDK (#814)
Review c2pa-crypto crate API (#813)
Add new function c2pa_crypto::cose::signing_time_from_sign1 (#812)
Move COSE signing into c2pa_crypto crate (#807)
Move COSE timestamp generation into c2pa_crypto (#803)
Move COSE signature verification into c2pa_crypto (#801)
Introduce c2pa_crypto::Verifier::verify_trust (#798)
Introduce c2pa_crypto::cose::Verifier (#797)
Consolidate implementations of cert_chain_from_sign1 in c2pa_crypto (#796)
Move signing_alg_from_sign1 into c2pa-crypto (#795)
Move get_cose_sign1 into c2pa-crypto crate (#794)
Move COSE OCSP support into c2pa-crypto (#793)
Move verify_trust into c2pa_crypto (#784)
Introduce c2pa_crypto::CertificateAcceptancePolicy (#779)
Bump MSRV to 1.81.0 (#781)

Fixed

Make sure DynamicAssertion::content gets a properly populated PartialClaim (#842)
Switch to from fast_xml to quick_xml (#805)
Update img-parts for jpeg segment underflow fix (#806)
Bring claim_v2 changes from #707 into c2pa_crypto (#811)
Improve usage of #[cfg] directives (#783)
OOB read attempt in jpeg_io asset handler in get_cai_segments function (#719)
Prevent negative length value for SVG object locations (#766)
JPEG write_cai OOB insertion (#762)
Add support XMP in SVG (#771)
Possible overflow for TIFF (#760)
Resolve new Clippy issues (#776)

Updated dependencies

Bump jfifdump from 0.5.1 to 0.6.0 (#785)
Bump serde-wasm-bindgen from 0.5.0 to 0.6.5 (#786)
Bump thiserror from 2.0.6 to 2.0.8 (#787)
Bump rasn from 0.18.0 to 0.22.0 (#727)
Bump thiserror from 1.0.69 to 2.0.6 (#770)

0.40.0

12 December 2024

Added

Add RawSigner trait to c2pa-crypto (derived from c2pa::Signer) (#716)
Move time stamp code into c2pa-crypto (#696)
Adds ValidationState support (#701)
Introduce DynamicAssertion trait (#566)

Fixed

Compile c2pa-crypto with cargo check (#768)
Verbose assertions for is_none() (#704)
Remove c2pa::Signer dependency on c2pa_crypto::TimeStampProvider (#718)
Add support for MP3 without ID3 header (#652)
Treat Unicode-3.0 license as approved; unpin related dependencies (#693)
Remote manifest fetch test was not using full path (#675)
Fix #624 (edge cases when combining the box hashes) (#625)
Fix #672, Callback is unsound (#674)
Support "remote_manifest_fetch" verify setting (#667)

Updated dependencies

Bump chrono from 0.4.38 to 0.4.39 (#763)
Bump asn1-rs from 0.5.2 to 0.6.2 (#724)
Bump mockall requirement from 0.11.2 to 0.13.1 in /sdk (#685)
Update zip requirement from 0.6.6 to 2.2.1 in /sdk (#698)

0.39.0

13 November 2024

Added

Factor status tracking infrastructure into its own crate (#665)

Fixed

Fixed a typo in ManifestDefinition docstring (#639)

0.38.0

06 November 2024

Added

Add fragmented mp4 Builder and Reader support (#649)
Associate ingredients with actions using parameters.org.cai.ingredientsIds array (#627)

Fixed

Stay on url version 2.5.2 until Unicode-3.0 license can be approved (#654)

0.37.1

24 October 2024

Documented

Update API documentation (#621)

0.37.0

17 October 2024

Fixed

Adds identified RangeType to region of interest (#631)

0.36.4

15 October 2024

Fixed

Harden SDK against attempting buffers that are too large (#628)

0.36.3

07 October 2024

Fixed

Changelog contained duplicate entries for 0.16.1 (#618)

0.36.2

07 October 2024

No-op change to start using release-plz to manage releases

0.36.1

04 October 2024

fix: Make sure algorithm is being respected in data_hash.rs (#613)
fix: Make sure RSTn segment names are included in the data box hashes list (#612)
Update mp4 requirement from 0.13.0 to 0.14.0 in /sdk (#595)
chore: Add m4a test (#606)
fix: Write absolute urls to manifest store resource references. (#603)
doc: Removes xmp_write feature from README.md.
chore: Remove deprecated actions-rs/clippy-check action (#601)
chore: bump stefanzweifel/git-auto-commit-action from 4 to 5 (#600)
chore: bump actions/github-script from 3 to 7 (#599)
chore: bump paulhatch/semantic-version from 5.2.1 to 5.4.0 (#598)
chore: Use Dependabot to upgrade GitHub Actions steps (#597)
chore: Fix dependabot issues (#594)
Fixes issue where nested assertion-uri-hash errors were being reported at the active manifest level. (#593)
Feature/add content length to tsa request (#587)

0.36.0

23 September 2024

(MINOR) ensures release bumps minor version (#592)
fix: requires "StatusTracker" to implement "Send" (#589)

0.35.1

17 September 2024

Fix error when trying to sign BMFF content with Builder. (#582)

0.35.0

12 September 2024

upgrades to riff@2.0.0, preventing panic on invalid riff files (#579)
EC signature DER support (#581)
Update base64 requirement from 0.21.2 to 0.22.1 in /sdk (#519)
(MINOR) Rust API enhancements and fixes. (#575)
Fix GIF off by one with XMP (#562)

0.34.0

30 August 2024

(MINOR) Fragmented BMFF media (#572)

0.33.4

29 August 2024

Depend on url crate version 2.5.2 or newer (#573)

0.33.3

17 August 2024

Inline certs for wasm test signer (#564)

0.33.2

15 August 2024

Bmff write fix (#552)
Fix remote embedding RIFF when specifying mime type (#551)
Fix data hash out of bounds when using placeholder beyond stream length (#546)
Adds embeddable apis and remote_url/no_embed options (#537)
export_schema: add unstable_api feature (#542)
Ingredient checks (#529)
Add base_path field to Builder (#539)
Export AssertionDefinition and ActionTemplate in public API (#522)

0.33.1

30 July 2024

Use timestamp with OpenSSL validation to prevent check chain check er… (#531)
Fix GIF remove_cai_store_from_stream behavior (#524)

0.33.0

26 July 2024

Update crate to fix bad certificate dump content (#525)
Introduce a mutex around the FFI calls to OpenSSL (#516)
Bump bcder minimum version to 0.7.3 (#526)
(MINOR) Updates needed for v2 JavaScript SDK (#521)
Add region of interest assertion definition (#506)
Fix CI tests (#520)
Builder Archive update (#507)
Update range-set requirement from 0.0.9 to 0.0.11 in /sdk (#442)
Make sure reading past end of JUMBF box is an error (#518)
added final details (#517)

0.32.7

18 July 2024

Ensure Ingredient data_types make it to the store and back. (#514)
draft security md (#508)
Make data_types field optional when serializing data-box-map (#512)
Fix box hash placeholder len (set to 1) (#511)
Set data box placeholder len to at least 1 for GIF (#510)
Rewind mp3 streams when reading/writing (#509)
Update README.md (#351)
Add GIF support (#489)
Update image requirement from 0.24.7 to 0.25.1 in /make_test_images (#445)
Upgrade uuid to 1.7.0 & fix removed wasm-bindgen feature (#450)
Expose SignatureInfo publicly (#501)
Cleanup empty/unused files + lints (#500)

0.32.6

15 July 2024

Fetching of databoxes must always use HashedURI to enforce hash checks. (#505)
Temporarily allow unused JsonAssertionData to fix unused error in CI (#498)
Add remote manifest support to MP3 (#496)

0.32.5

28 June 2024

(PATCH) ensures temp files are removed (#494)
Update async_generic to 1.1 (#493)

0.32.4

25 June 2024

Add data_type (future) to Ingredient_V2 (#490)
Let's not assume that third-party assertions are using serde_cbor (#491)

0.32.3

24 June 2024

External placed manifest (#472)
Support metadata field in claims. (#488)

0.32.2

19 June 2024

Add iterators over manifests and resources in unstable API (#482)
OCSP certificate should be valid at signing time (#481)
url crate version 2.5.1 introduces new license "Unicode-3.0" (#483)
Implement Debug w/ detailed manifest for Reader (#473)
Bump MSRV to 1.74 (#478)
Allow empty Merkle proof for last leaf node. (#470)

0.32.1

10 May 2024

Steps toward removing RemoteSigner APIs. (#466)

0.32.0

07 May 2024

(Minor) Additional unit tests and fixes for injection (or previously untested) issues. (#464)
Expose authoring support in WASM (#369)
Move signer to first parameter on Builder.sign (#457)
Gpeacock/embed_remote_settings (#460)
(MINOR) Removes xmp_write feature and xmp_toolkit (#461)
Async Signer: add support for async OCSP call (#458)
Use cargo test in CI (#459)
(MINOR) Initial V2 API work (#437)

0.31.3

05 April 2024

Add video/quicktime to the list of BMFF MIME types (#441)
Streaming XMP write support for PNG (#439)

0.31.2

03 April 2024

Fixed temp file auto delete (#438)
Add Sync trait to TrustHandlerConfig (#440)
remove file_io dependency on fetch_remote_manifests (#434)
Remove verify after signing when compiling without openssl (#404)
Streaming write support for BMFF (#435)
Added support for XMP streaming writes for TIFF/DNG (#433)
Implements embed_reference_to_stream for jpeg (#430)

0.31.1

25 March 2024

Adds Action changes field as option vec of serde_json value (#431)

0.31.0

13 March 2024

(MINOR) Adds Send trait to TrustHandlerConfig (#426)

0.30.3

12 March 2024

Roll back rasn-* version requirements since 0.12.6 was yanked (#425)

0.30.2

12 March 2024

Adds a Manifest::composed manifest method (#424)
Allow cert dump to work in WASM (#420)
Update minimum dependency of rasn-* crates (#423)

0.30.1

08 March 2024

Fix include_byte references that were not available in external crate builds

0.30.0

08 March 2024

(MINOR) Remove testing function that was inadvertently public (#421)

0.29.3

08 March 2024

Trust support (#415)

0.29.2

08 March 2024

add a thumb resource when referencing an embedded uri (#419)

0.29.1

07 March 2024

Adds Manifest.remote_manifest_url() (CAI-5437) (#418)
Fix use of deprecated method chrono::NaiveDateTime::timestamp (#417)
Fix up some random typos. (#353)

0.29.0

26 February 2024

SDK configuration settings support (infrastructure) (#408)
Support streaming writes for TIFF (#410)
Fixed typo in comment (#409)
(MINOR) Update xmp_toolkit to v1.7.1, remove Ring dependency, fix build errors (#407)
Crate udate to fix jpeg parsing error (#402)
allows builds to pass (#403)
Ocsp support (#371)

0.28.5

06 February 2024

Finish async signing implementation for cose_sign (#370)
adds read_cai test for PDF with content credentials (#366)
[IGNORE] README edits (#356)
Update ci.yml
Remove deprecated twoway crate (#361)
Fix response strings for BMFF and Box hash statuses (#360)
Restore correct 1.3 CoseSign1 headers (#359)
Openssl update to version 3.x (#357)
Add support for ARW and NEF (#355)

0.28.4

04 December 2023

CAI-5041 Clear Windows temp attribute (#352)

0.28.3

22 November 2023

Remove Blake3 dependency from c2pa-rs (#348)

0.28.2

21 November 2023

Fix PDF reading of manifest from wrong key (#346)

0.28.1

17 November 2023

readme update (#345)
Add support for embeddable manifests with RemoteSigner (#344)
Blake build fix (#343)
Update image crate dependency and limit features (#341)
Bump xmp_toolkit requirement to 1.6 (#339)
Disable Windows builds with latest Rust version (#342)

0.28.0

01 November 2023

(PATCH) switches af relationship for a reference to the c2pa data to an array of references, one of which is the c2pa spec (#333)
Restore async versions of embed functions (#327)
(MINOR) Support databox thumbnails CAI-4142 (#325)
(MINOR) Reuse claim thumbnail as ingredient thumbnail if the store is valid (#322)
(MINOR) Use JUMBF URIs for ManifestStore identifiers (#323)
Add ManifestStore::from_stream (#319)
Adds embed_to_stream (#313)

0.27.1

04 October 2023

Support for validating JPEGs that contain MPF (multi-picture format). (#317)
Add ability to customize HTTP headers on timestamp request to Signer and AsyncSigner traits (#315)
Add all of the MIME types that are associated with WAV files (#316)
Allow MS_C2PA_SIGNING OID to pass (#314)

0.27.0

29 September 2023

supports removal of manifests from pdf (#312)
Support for MP3 (#295)
(MINOR) Signer can call timestamp authority directly (#311)
implements pdf read support (#309)

0.26.0

13 September 2023

Add support for default SVG MIME type (#305)
Support for writing and reading manifest data from simple PDFs (without incremental updates or signatures) (#249)
Increase actix requirement to 0.13.1 (#304)
(MINOR) Expose HashRange (#300)
Lock openssl-sys version to 0.9.92 (#302)
Update links to C2PA spec to 1.3 (#292)
Error saving stream writes (#290)
Fix for overly harsh checks when checking Merkle trees. (#289)

0.25.2

02 August 2023

Adds a way to force no claim thumbnail generation (#288)
adds ManifestStoreReport::cert_chain_from_bytes (#286)

0.25.1

14 July 2023

Expose DataHash and BoxHash to public SDK (#284)
Remove debug statement (#283)

0.25.0

14 July 2023

(MINOR) User, UserCbor and Uuid assertions removed from SDK (#141)
Fix for #195 make_test_images missing ingredient references (#254)
Return ResourceNotFound instead of NotFound for resource get (#279)
(MINOR) Minor improvements for Wasm and Node.js interoperability (#276)
Fix iloc extent_offsets when offset_size is 0 (#277)
(MINOR) Converts DataHash and BoxHash methods to use RemoteSigner instead of AsyncSigner (#280)
(MINOR) Embeddable manifest support (#266)
Repair CI tests (#278)

0.24.0

21 June 2023

(MINOR) force minor version change (#273)

0.23.3

21 June 2023

Bump minor version and update README.md (#272)
Updates (#270)
Add Send to CAIRead trait so that it can be used across threads (#271)
Generate old COSE headers for temporary backwards support (#269)

0.23.2

19 June 2023

Fix for returning input stream data when using embed_from_memory (#268)

0.23.1

13 June 2023

Remove no-default ci test (#259)
includes the cert serial number in the ValidationInfo output (#263)
adds ManifestStoreReport::cert_chain (#265)
Update Timestamp message imprint to include entire protected header (#264)

0.23.0

09 June 2023

Box hash support (#261)
Fix timestamp Accuracy decoding (#262)
Make remote manifest handling consistent across input types (#260)
(MINOR) Support for Ingredients V2 and Actions V2 (#258)
Generate and validate 1.3 Cose signatures (#256)
Add type exports via JSON Schema (#255)
Bmff v2 (#251)

0.22.0

18 May 2023

(MINOR) Improved Remote Manifest handling (#250)
Riff streaming support (#248)

0.21.0

04 May 2023

(MINOR) Added ResourceNotFound error (#244)

0.20.3

03 May 2023

backed out calls to set_memory_thumbnail (#243)
Revert "backed out calls to set_memory_thumbnail"
backed out calls to set_memory_thumbnail This was causing thumbnail files to not be generated.

0.20.2

24 April 2023

Fixes bug in Ingredient_from_stream_info (#241)

0.20.1

20 April 2023

Ingredient async and thumbnail support (#240)
Update actix requirement from 0.11.0 to 0.13.0 in /sdk (#209)
Update uuid requirement from 0.8.1 to 1.3.1 in /sdk (#237)
Upgrade x509-parser to 0.15.0 (#229)
Add support for ARM on Linux (#233)

0.20.0

05 April 2023

(MINOR) SVG support (#226)
(MINOR) Update several X509-related crate dependencies (#225)
Update thiserror to 1.0.40 in /sdk (#223)
Avoid chrono's transitive dependency on time crate (#222)
Require openssl >0.10.48 to address multiple RUSTSEC warnings (#221)
Apply code format to doc comments (#220)

0.19.1

28 March 2023

Update README (#215)

0.19.0

23 March 2023

Makefile update (#213)
Streaming enhancement (#212)
Adds base_path_take to ResourceStore (#205)
Add write support for HEIC, HEIF, AVIF (#210)
(MINOR) Riff support with refactored AssetIO (#203)
(MINOR) Resource format and is_parent / relationship changes (#202)
Fix hash algo warning in Wasm and hashing for RSA-PSS SHA-384/512 (#206)
Derive impl of Default for Relationship enum (#204)

0.18.1

07 March 2023

Update Validation Status codes (#200)
Fix async path to support ingredient box hashing (#201)

0.18.0

02 March 2023

Fix issue where value was inadvertently included in Exclusion structure (#197)
(MINOR) Bump MSRV to 1.63.0 (#198)
Fixed unit test failure (invalid unique name generation). (#190)

0.17.0

22 February 2023

Disable mdat exclusion (#187)
Bmff v2 (#186)
Fix for using non-c2pa segment when add required segments (#185)
Update Ingredient and VC hashes to 1.2 spec (#184)
(MINOR) Create a ResourceStore for binary assets (#180)
Fix Clippy warnings from new Rust 1.67 (#182)
Visualizations (#163)

0.16.1

19 December 2022

Update xmp-toolkit from 0.6.0 to 1.0.0 (#165)
Address new Clippy warnings for Rust 1.66 (#164)
Create external manifests for unknown types (#162)

0.16.0

03 December 2022

Updates some cargo dependencies (#159)
makes manifest#add_redaction public; adds test (#156)
Fixes support for instanceId on action and generate parameters.ingredient field when possible (#158)
Support digitalSourceType field in Action (#154)
(MINOR) Add sign feature for signing manifests without file I/O (#125)
TIFF/DNG support (#152)

0.15.0

09 November 2022

Fix bad error response when manifest is stripped (#153)
(MINOR) Bump MSRV to 1.61 (#142)
Fix new Clippy warnings generated by Rust 1.65 (#151)
Build infrastructure improvements (#150)
Fix manifest.set_thumbnail when add_thumbnails is enabled (#148)
Fix for XMP links being mistaken for remote URLs (#147)
Upgrade xmp_toolkit to 0.6.0 (#146)
create jpeg thumbnails for pngs without alpha (#145)
Add test_embed_with_ingredient_err (#134)

0.14.1

04 October 2022

Add homepage and repository links to crates.io (#132)
Add Exif Assertion support (#140)

0.14.0

23 September 2022

(MINOR) Remove previously embedded manifests for remote manifests (#136)
(MINOR) Add support for manifest removal (#123)

0.13.2

21 September 2022

manifest_data was missing for remote manifests (#135)

0.13.1

13 September 2022

Add ManifestStore::from_manifest_and_asset_bytes_async (#130)

0.13.0

26 August 2022

Add RemoteManifestUrl Error, returning url (#120)
Convert status_log error val to a string so that we can return full errors (#121)
Report failures from remote manifest fetch (#116)
Fast XMP extraction from PNG (#117)
Bump MSRV to 1.59.0 (#118)
Make sure there is a single manifest store in the asset (#114)
(MINOR) Switch to "lib" for crate-type (#113)

0.12.0

16 August 2022

Update C2PA manifest store mime type (#112)
Updates Manifest API to support remote and external manifests (#107)
Support validating remote and external manifest stores (#108)
Fix build error when xmp_write is not defined (#105)
Fix box order for BMFF (#104)
Added support for external manifests (#101)

0.11.3

03 August 2022

Remove inadvertent 1.0.0 release from changelog (#97)
Treat 'meta' box as standard container (#95)
Fix for sign_claim masking error (#96)

0.11.1

01 August 2022

Bug fix: Ingredients with valid claims not reporting correct thumbnails (#94)
Update make_test_images to use timestamp authority (#90)
Fix bad response for case when there is no timestamp (#89)

0.11.0

21 July 2022

(MINOR) Add support for remotely generated CoseSign1 signatures (#87)
Optimize performance of large assets (#84)

0.10.0

20 July 2022

Add Unicode license to allow-list (#85)
(MINOR) IngredientOptions allow override of hash and thumbnail generation; image library is now a default feature (#79)

0.9.1

19 July 2022

Fix publish workflow (#82)

0.9.0

19 July 2022

(MINOR) Introduce a new SigningAlg enum (#76)
Support for asynchronous signing of claims (#57)
Adds an add_validation_status method to Ingredient (#68)

0.8.1

15 July 2022

Use rsa crate for RSA-PSS verification in Wasm (#77)

0.8.0

15 July 2022

Add a new API to provide access to COSE signing logic for external signers (#75)
(MINOR) Move crate-level functions for creating signers to new public create_signer mod (#72)

0.7.2

14 July 2022

Fix broken documentation build (#74)

0.7.1

14 July 2022

Configure docs.rs to include feature-gated items (#73)
Update XMP Toolkit to 0.5.0 (#71)
Refactor code to limit memory usage and remove data copies during hash generation (#67)

0.7.0

29 June 2022

(MINOR) Return specific errors for FileNotFound and UnsupportedType (#62)

0.6.1

28 June 2022

Fix up changelog noise
Fix bug with multiple ingredients in Manifest::from_store (#61)

0.6.0

28 June 2022

(MINOR) Initial BMFF support (#39)

0.5.2

23 June 2022

Return assertion instance values starting at 1 instead of 2 (#60)

0.5.1

22 June 2022

Update thumbnail to be Vec<u8>, add serialization feature (#59)
Adds xmp_write feature to make xmp-toolkit inclusion optional (#53)

0.5.0

20 June 2022

(MINOR) Add asset attribute getters for manifest (#56)
(MINOR) Remove temp_signer from sdk; update docs and examples to use get_signer_from_files (#52)
(MINOR) Clean up client example; update actions and schema (#51)

0.4.2

16 June 2022

Fix bug in updating crate reference in README (#50)

0.4.1

16 June 2022

Fix bug in Cargo.toml updates (#49)

0.4.0

16 June 2022

Add status badges for CI validation, crates.io, and code coverage (#46)
Remove self-signed end-entity cert support (#48)
Add rustfmt toml to get edition 2018 formatting (#36)
(MINOR) Update from_bytes(_async) to return a Result (#43)
Adjust temp signer reserved sizes to account for large timestamps (#45)
Fix bug in verify_from_buffer (#44)
Remove cargo edit from publish workflow (#42)
Apply fix from c2patool publish workflow (#40)
Remove need for using OpenSSL to generate certs by using pre-generated certs (#41)
Update README and pull request template with formatting changes (#38)

0.3.0

08 June 2022

Make most jumbf_io functions crate private and move Store dependencies to Store (#37)
Remove c2patool source now that it's in its own repo (#35)
(MINOR) Update ManifestAssertion supporting instances (#34)
Export top level signing functions, hide other signature details (#32)
Add documentation for the Actions and Metadata assertions (#30)
Rework how c2patool is configured (#28)
Convert make_tests into a scriptable engine; rename to make_test_images (#29)
Update thiserror requirement from >= 1.0.20, < 1.0.26 to >= 1.0.20, < 1.0.32 in /sdk (#9)
Update base64 requirement from 0.12.2 to 0.13.0 in /sdk (#10)
Update range-set requirement from 0.0.7 to 0.0.9 in /sdk (#13)
Make Assertions opaque in the public SDK (#22)
Update c2pa requirement from 0.1 to 0.2 in /c2patool (#23)

0.2.0

26 May 2022

Fix dependency reference from c2patool crate to c2pa crate (#21)
(MINOR) Detailed API review for Ingredient struct (#17)

0.1.3

26 May 2022

Publish c2patool crate (#20)
Improve documentation (#14)

0.1.2

26 May 2022

No-op change to verify correct handling of PR numbers (#19)
Fix error in formatting changelog
Fix missing links in changelog

0.1.1

26 May 2022

Add Makefile for local testing (#18)
Add workflow for automatically releasing c2pa crate (#16)
Reduce fixtures size (#15)
Add codecov.io integration (#4)
Configure dependabot (#8)
Configure dependabot (#7)
Remove unnecessary steps from cargo-deny job (#6)
Update to latest GH Actions checkout action (#5)
Change ring license hash to decimal (#3)

0.1.0

23 May 2022

Initial public release

FilesExpand file tree

CHANGELOG.md

Latest commit

History

CHANGELOG.md

File metadata and controls

Changelog

[Unreleased]

Added

Fixed

Fixed

Fixed

Fixed

Added

Other

Updated dependencies

Fixed

Updated dependencies

Added

Updated dependencies

Fixed

Fixed

Added

Fixed

Updated dependencies

Fixed

Documented

Fixed

Fixed

Added

Fixed

Updated dependencies

Added

Fixed

Updated dependencies

Added

Fixed

Other

Updated dependencies

Fixed

Fixed

Other

Added

Added

Documented

Fixed

Other

Updated dependencies

Added

Fixed

Documented

Fixed

Fixed

Fixed

Added

Fixed

Updated dependencies

Added

Fixed

Updated dependencies

Added

Documented

Fixed

Other

Updated dependencies

Fixed

Fixed

Other

Fixed

Fixed

Added

Added

Fixed

Added

Fixed

Added

Fixed

Added

Fixed

Fixed