Skip to content

v1.4.0

Choose a tag to compare

View all tags
@github-actions github-actions released this 27 May 21:01
v1.4.0
3a89dd0
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

1.5.0 (2026-05-27)

Features

  • 15-01: create connection list, detail components and normalize risk flag names (0bdf7b1)
  • 15-02: extract connection form and preset picker components (e133380)
  • 15-02: wire URL-driven presets to the form (50640b8)
  • 15-03: embed risk panel across relevant views (4916649)
  • 15-03: wire lifecycle events to Ecto boundaries and add status badges (0a16b0a)
  • 16-01: establish metadata liveview skeleton and route (and missing 15-01 files) (c52a008)
  • 16-02: add active highlighting to metadata history stream (8ee6076)
  • 16-03: finalize Phase 16 execution and verification (43ce682)
  • 16-03: implement async manual metadata refresh (50a0ebd)
  • 17-01: handle optimistic locking conflicts on certificate updates (8400944)
  • 17-01: implement semantic slot-based timeline UI for certificates (cf7f016)
  • 17-02: implement 3-step staged rollover with typed verification (0399604)
  • 18-01: implement typed mapping forms in live admin (15bb5f4)
  • 18-02: implement audit timeline filtering and expandable details (7ced8fc)
  • 19-01: implement allow_idp_initiated flag for connections (26e822c)
  • 19-02: implement safe local redirect utility (4fab9cf)
  • 19: implement IdP-initiated SSO support and result normalization (101e2a6)
  • 20-01: implement BulkActions coordinator (69be2d9)
  • 20-02: add multi-select UI to ConnectionList (4c3bf15)
  • 20: implement bulk operations for connections and UI multi-selection (6e75525)
  • 21-01: add migration extending relyra_metadata_sources with auto-refresh (7dcf2ea)
  • 21-01: extend MetadataSource schema with auto-refresh fields and changesets (d8eb04b)
  • 21-02: pure cadence + backoff helpers with property-style jitter envelopes (7cfbf02)
  • 21-02: pure failure classifier with one clause per Phase-21 error code (f8620bf)
  • 21-03: add TrustAnchor + DriftDetector pure helpers (1c02e38)
  • 21-03: relocate security corpus + add CorpusGate runtime gate (9400a0d)
  • 21-04: add MetadataApply.resume_auto_refresh/3 single-tx Resume seam (b94ce16)
  • 21-04: add Signature.verify_metadata_root/4 metadata-root shim (35a3da4)
  • 21-04: wrap record_attempt in transact and co-commit health state (2de8899)
  • 21-05: add OptionalDeps.Oban gateway and Workers.MetadataRefresh (ff88242)
  • 21-05: add Scheduler.run_due/2 and AutoRefresh.refresh/2 wrapper (3b60a04)
  • 21-06: add Auto-refresh health card + Resume now to ConnectionMetadataLive (35a4cc7)
  • 21-06: surface auto_refresh_health on the connection list (D-29) (67da767)
  • 21-07: add Metadata.pin_trust_fingerprint/3 + two operator Mix tasks (aa25260)
  • 21-07: add optional Oban dep, ci.oban_smoke alias, README operations (f4bf983)
  • 21-07: document auto_refresh telemetry catalog + LogAlerts handler (06ca068)
  • 21.1-01: forward audit context from Refresh.refresh/2 into apply_revision and record_attempt (closes CFG-07) (80d9001)
  • 22-01: implement certificate expiry traversal engine (13bf7f8)
  • 22-01: implement telemetry for expiring certificates (eef99d4)
  • 23-01: build diagnostic bundle orchestration service (9b4250c)
  • 23-01: implement explicit redaction AllowList for diagnostic exports (74a6efb)
  • 23-02: add download diagnostic bundle UI button to admin UI (fe394bf)
  • 23-02: create mix task for CLI diagnostic bundle export (1f074ba)
  • 23-02: implement HTTP download endpoint for diagnostic bundle (7ce0184)
  • 24-01: implement request store type injection (aff2a30)
  • 24-01: implement session revocation adapter support (f425c18)
  • 24-02: implement LogoutRequest builder (9bfd22c)
  • 24-03: implement logout bindings parser for redirect (d4654ee)
  • 25-01: add shared conformance fixture loader (1f98ee5)
  • 25-01: harden PureBeam seam behavior (e8cfab9)
  • 25-02: expand pinned security regression corpus (c80b6ab)
  • 25-02: implement SP conformance lane (9c3e79a)
  • 25-03: generate conformance report from manifest state (a9a7d58)
  • 27-03: add batteries included proof artifact (0b1ffc9)
  • 28-01: implement SaxyTree handler with ns stack + 3 normalizations (8738532)
  • 28-02: enveloped-sig transform pruning + PrefixList forced render + transform allowlist (ae9f16f)
  • 28-02: implement exclusive C14N 1.0 serialization core (b666926)
  • 28-03: bind exact tree node + delegate canonicalize/2 to the C14N engine (5565df5)
  • 28-03: route parse_safely onto the saxy tree, retire regex extractors (915d460)
  • 29-01: add ordered content field to SaxyTree.Node (D-09) (4411f91)
  • 29-02: add AlgorithmPolicy.digest_atom_for_signature_method/1 (RSA→atom, ECDSA fail-closed) (e63216e)
  • 29-02: surface D-02 fields (SignedInfo node, base64 Digest/SignatureValue) per candidate (5d1cfc9)
  • 29-03: wire real XMLDSig crypto into the [candidate] arm (D-01) (2e45689)
  • 29-04: build genuine XMLDSig test-signer (D-11) (c45864f)
  • 29-05: add metadata-root signed-candidates producer in pure_beam (502417f)
  • 29-05: rewire metadata pre-parse onto tree builder + prove SIGV-04 (6d4931e)
  • 30-01: delegate FakeIdP.sign to genuine signer + expose trust cert (D-01/D-03) (18f5bd8)
  • 30-03: add c14n-differential rejection row to security corpus (c7ec6a2)
  • 32-01: add enforce_content_encryption_algorithm/3 with auth tag guard and AES-CBC hatch; extend proof tests (88ea124)
  • 32-01: extend AlgorithmPolicy struct with key-transport fields and enforce_key_transport_algorithm/2 (94d14a9)
  • 32-02: add party and use columns to cert table with Ecto.Enum schema fields (bf830c8)
  • 32-02: add sign_authn_requests column to connections table with Connection schema field (ed07372)
  • 33-01: KeyResolver behaviour module with dispatch function (d52b461)
  • 33-01: KeyResolver.Default implementation + key_resolver_test.exs unit corpus (515570b)
  • 33-02: implement XMLEnc.decrypt/3 — RSA-OAEP + AES-GCM decryption (95803a8)
  • 33-02: register xml_enc_test.exs in ci.security and ci_gate_integrity (81f302c)
  • 34-01: emit signing + encryption KeyDescriptors in SP metadata (b562482)
  • 34-02: add FakeIdP.encrypt/2 + encrypted_response/2 canonical generators (8d0c560)
  • 34-03: wire :decrypt_assertion pre-stage into do_run/4 (ENC-01) (ba86699)
  • 38-01: add verify_redirect_signature for raw URL octet math (f8954ac)
  • 38-01: extend SessionAdapter for SLO indexing and termination (eecacbb)
  • 38-02: implement LogoutRequest protocol model (c12dea0)
  • 38-02: implement LogoutResponse protocol model (97a19f4)
  • 38-03: implement LogoutValidator with strict pipelines (95e83c6)
  • 38-04: expose SLO flows via Relyra facade (f8c9c98)
  • 41-01: add public XML attribute escaper module (0f14c35)
  • 41-01: escape dynamic metadata attribute values (e9e1675)
  • 41-03: add wire-format byte spans to SaxyTree nodes (57ffdea)
  • 42-01: add LoginTrace telemetry handler for consume spans (43a1a4d)
  • 42-01: extend audit domain and actions for login traces (8e8a7f7)
  • 42-01: populate validation_trace and add login trace tests (44f089c)
  • 42-02: add login trace query and exclude login from trust audit (fa2ec93)
  • 42-02: add LoginTrace.Export shared redaction module (cae579d)
  • 42-03: add ConnectionTraceLive route, page, and nav link (6cc786e)
  • 42-04: add headless mix relyra.trace login trace CLI (36ee5d9)
  • implement Phase 35 signed AuthnRequests and Phase 37 UI tests (1c79056)

Bug Fixes

  • 21.2: revise plans based on checker feedback (5030090)
  • 28-03: correct prot-unsigned-001 expectation to missing_protocol_field (63c5ca5)
  • 29-01: walk content in document order in C14N.render_element/3 (D-09) (8052658)
  • 29: close metadata trust bypass (CR-01) and pin over DER (CR-02) (8910200)
  • 29: thread cert_chain in plan 03 + add existing-test triage task to plan 04 (13094ef)
  • 29: tolerate line-wrapped base64 in Signature/DigestValue (WR-01) (ef44482)
  • 30-01: reconcile FakeIdP response_xml shape for genuine signing (D-02) (f9047fe)
  • 30-04: make ci.security honestly gate every security suite (cmd mix test per line) (8a144ed)
  • 30: harden ci.security meta-gate (AST parse, tag anchor, corpus_gate coverage) (07f4727)
  • 32: CR-01 derive error label from method_type in enforce_legacy_override (a8a4d9a)
  • 32: WR-01 add Elixir-side defaults for party and use fields (495796e)
  • 32: WR-02 add party: :idp to @active_signing_cert_filters (8f2cc3e)
  • 32: WR-03 project sign_authn_requests into Relyra.Connection runtime struct (9c66a88)
  • 32: WR-04 remove dead validate_method/3 and validate_digest/3 (708e519)
  • 33: correct depth-first CipherData extraction bug in XMLEnc.decrypt/3 (c32b72e)
  • 38-04: harden test adapters and corpus payload alignment (82ba79f)
  • 40.1: scope drift gate to fenced elixir blocks (WR-01) (35417db)
  • 41-02: exclude test_support from prod compile and Hex package (7315513)
  • 41: close verification gaps for TD-04 and TD-05 (4e143a4)
  • deps: bump postgrex/plug/phoenix for CVEs; ignore unreachable decimal advisory (520d713)
  • test: ensure MetadataRefresh is loaded before function_exported? check (abc24fa)
Assets 2
Loading