Changelog
App Login
Back to All

TSM Release 66.0.0

October 30th, 2024 by Torben Lauritzen

Changelog

	Client API:  
	- mTLS authentication with limited access based on certificate fields, specified in the configuration file.  
	- SDKv2 (Go, Node.js, Java, C): Added WithRootCAFile, WithPublicKeyPinning, WithOCSPValidation to the configuration builder  
	- SDKv2 (Go, Node.js, Java, C): Removed public key pinning from the mTLS authenticator, and added support for OCSP stapling of the client certificate  
	Node Configuration:  
	- Added OCSP configuration to the SDK server and the TLS authenticator  
	Patch changes (no effect on compatibility):  
	- Passing a negative UID or GID value to the tsm-node will now disable privilege dropping  
	- Updated required Go version to 1.22.0 (no need to specify a higher version than we need), but always build with the latest version
Mobile frameworks have been built using golang.org/x/mobile v0.0.0-20241016134751-7ff83004ec2c

Versions

Client API: 56.0 (!)  
Client Communication: 29.0  
Database: 7.10.0  
Node Communication: 32.0  
Node Configuration: 21.1

Upgrade Instructions

OCSP Configuration (Node Configuration: 21.1)

OCSP validation has been added

Filtering on certificate fields for mTLS authentication has been added.

Client API changes (Client API 55.0)

WithPublicKeyPinning is now an option on the client configuration, whereas it was part of the mTLS configuration before.
This means that public key pinning is now also possible for API key and OIDC authentication.

When using mTLS you can now choose to OCSP staple the client certificate. If this is not used, just pass nil as the
ocspStapling value when configuring mTLS authentication.

Finally, all the builder steps in the configuration can no longer return an error. The error will instead be reported
when instantiating the client.