v3.0.0
Highlighted Features
- Aranya Fast Channels (AFC). Enables raw channel encryption/decryption. Application can use an existing network transport to send ciphertext. This is a preview feature behind
afcandpreviewfeature flags. - AQC is now an experimental feature hidden behind
aqcandexperimentalfeature flags - Explicitly mark ephemeral actions/commands in policy
- Release artifacts for different feature sets: default, preview, experimental. See "Feature Sets" section for more info.
Feature Sets
- Production - the default set of production ready features included in every build. Future changes are guaranteed to be backward compatible. Release artifacts are appended with
*-default. - Preview - production ready features with plans for long-term support. May introduce breaking changes but are designed with API stability in mind. Release artifacts are appended with
*-preview. - Experimental - experimental features with no backward compatibility or long-term support guarantees. These features may be unstable or introduce breaking changes in the future. Release artifacts are appended with
*-experimental.
Coming Soon
- Custom roles that can be defined at runtime rather than hard-coded in the policy
- AFC: concurrent shared-memory reader support to improve performance
- Website updates with more AFC documentation
- Sync hello feature that sends graph updates to subscribed peers
- Improved error checking and reporting in the policy
Breaking Changes
- AQC is now behind an experimental flag. In order to use it,
aqc, andexperimentalfeature flags must be enabled.
Security Patches
- Transitioned from integer-based labels to cryptographically secure ID-based labels to improve security of labels. It is now impossible for two different labels to share the same ID. This means that if a label is assigned to a set of devices, authorization can be performed before allowing them to create secure AFC/AQC channels. Before this patch, it would have been possible to create two labels with the same integer representation, and potentially create a channel with another peer that should not be authorized.
What's Changed
- afc: readd afc to the client by @gknopf-aranya in #476
- afc: C API Bindings by @nikki-aranya in #489
- afc: improve rust example by @gknopf-aranya in #509
- afc: add afc policy & shm back in with label ids by @gknopf-aranya in #463
- Fix afc ctrl msg check by @jdygert-spok in #507
- AQC: Add feature flag by @jdygert-spok in #473
- Mark ephemeral actions and commands by @jdygert-spok in #486
- cargo vet python by @jdygert-spok in #459
- chore: update to
tracing-subscriber@0.3.20by @jdygert-spok in #471 - chore: update to latest aranya-core by @jdygert-spok in #481
- capi: clean up by @jdygert-spok in #500
- c-example: fix crash on errors in example by @jdygert-spok in #505
- Canonicalize uds path by @jdygert-spok in #495
- release: 3.0.0 by @gknopf-aranya in #512
Full Changelog: v2.0.0...v3.0.0
Contributors
jdygert-spok, gknopf-aranya, and nikki-aranya