CHANGELOG.md in webauthn-2.0.0 vs CHANGELOG.md in webauthn-2.1.0

@@ -1,7 +1,19 @@
 # Changelog
 
+## [v2.1.0] - 2019-12-30
+
+### Added
+
+- Ability to convert stored credential public key back to a ruby object with `WebAuthn::PublicKey.deserialize(stored_public_key)`, included the validation during de-serialization ([@ssuttner], [@padulafacundo])
+- Improved TPM attestation validation by checking "Subject Alternative Name" ([@bdewater])
+- Improved SafetyNet attestation validation by checking timestamp ([@padulafacundo])
+- [EXPERIMENTAL] Ability to optionally "Assess the attestation trustworthiness" during registration by setting `acceptable_attestation_types` and `attestation_root_certificates_finders` configuration values ([@padulafacundo])
+- Ruby 2.7 support without warnings
+
+Note: Expect possible breaking changes for "EXPERIMENTAL" features.
+
 ## [v2.0.0] - 2019-10-03
 
 ### Added
 
 - Smarter new public API methods:
@@ -11,11 +23,11 @@
   - `WebAuthn::Credential.from_create`
   - `WebAuthn::Credential.from_get`
   - All the above automatically handle encoding/decoding for necessary values. The specific encoding scheme can
     be set (or even turned off) in `WebAutnn.configuration.encoding=`. Defaults to `:base64url`.
 - `WebAuthn::FakeClient#get` better fakes a real client by including `userHandle` in the returned hash.
-- Expose AAGUID and attestationCertificateKey for MDS lookup during attestation (@bdwater)
+- Expose AAGUID and attestationCertificateKey for MDS lookup during attestation ([@bdewater])
 
 ### Changed
 
 - `WebAuthn::AuthenticatorAssertionResponse#verify` no longer accepts `allowed_credentials:` keyword argument.
 Please replace with `public_key:` and `sign_count:` keyword arguments. If you're not performing sign count
@@ -54,35 +66,35 @@
 
 ## [v1.18.0] - 2019-07-27
 
 ### Added
 
-- Ability to migrate U2F credentials to WebAuthn ([#211](https://github.com/cedarcode/webauthn-ruby/pull/211)) (@bdewater + @jdongelmans)
-- Ability to skip attestation statement verification ([#219](https://github.com/cedarcode/webauthn-ruby/pull/219)) (@MaximeNdutiye)
-- Ability to configure default credential options timeout ([#243](https://github.com/cedarcode/webauthn-ruby/pull/243)) (@MaximeNdutiye)
+- Ability to migrate U2F credentials to WebAuthn ([#211](https://github.com/cedarcode/webauthn-ruby/pull/211)) ([@bdewater] + [@jdongelmans])
+- Ability to skip attestation statement verification ([#219](https://github.com/cedarcode/webauthn-ruby/pull/219)) ([@MaximeNdutiye])
+- Ability to configure default credential options timeout ([#243](https://github.com/cedarcode/webauthn-ruby/pull/243)) ([@MaximeNdutiye])
 - AttestedCredentialData presence verification ([#237](https://github.com/cedarcode/webauthn-ruby/pull/237))
 - FakeClient learns how to increment sign count ([#225](https://github.com/cedarcode/webauthn-ruby/pull/225))
 
 ### Fixed
 
-- Properly verify SafetyNet certificates from input ([#233](https://github.com/cedarcode/webauthn-ruby/pull/233)) (@bdewater)
-- FakeClient default origin URL ([#242](https://github.com/cedarcode/webauthn-ruby/pull/242)) (@kalebtesfay)
+- Properly verify SafetyNet certificates from input ([#233](https://github.com/cedarcode/webauthn-ruby/pull/233)) ([@bdewater])
+- FakeClient default origin URL ([#242](https://github.com/cedarcode/webauthn-ruby/pull/242)) ([@kalebtesfay])
 
 ## [v1.17.0] - 2019-06-18
 
 ### Added
 
-- Support ES384, ES512, PS384, PS512, RS384 and RS512 credentials. Off by default. Enable by adding any of them to `WebAuthn.configuration.algorithms` array. Thank you @bdewater.
-- Support [Signature Counter](https://www.w3.org/TR/webauthn/#signature-counter) verification. Thank you @bdewater.
+- Support ES384, ES512, PS384, PS512, RS384 and RS512 credentials. Off by default. Enable by adding any of them to `WebAuthn.configuration.algorithms` array ([@bdewater])
+- Support [Signature Counter](https://www.w3.org/TR/webauthn/#signature-counter) verification ([@bdewater])
 
 ## [v1.16.0] - 2019-06-13
 
 ### Added
 
 - Ability to enforce [user verification](https://www.w3.org/TR/webauthn/#user-verification) with extra argument in the `#verify` method.
 - Support RS1 (RSA w/ SHA-1) credentials. Off by default. Enable by adding `"RS1"` to `WebAuthn.configuration.algorithms` array.
-- Support PS256 (RSA Probabilistic Signature Scheme w/ SHA-256) credentials. On by default. Thank you @bdewater.
+- Support PS256 (RSA Probabilistic Signature Scheme w/ SHA-256) credentials. On by default ([@bdewater])
 
 ## [v1.15.0] - 2019-05-16
 
 ### Added
 
@@ -100,15 +112,15 @@
 ### Added
 
 - Verify 'none' attestation statement is really empty.
 - Verify 'packed' attestation statement certificates start/end dates.
 - Verify 'packed' attestation statement signature algorithm.
-- Verify 'fiod-u2f attestation statement AAGUID is zeroed out. Thank you @bdewater.
+- Verify 'fiod-u2f attestation statement AAGUID is zeroed out ([@bdewater])
 - Verify 'android-key' attestation statement signature algorithm.
 - Verify assertion response signature algorithm.
 - Verify collectedClientData.tokenBinding format.
-- `WebAuthn.credential_creation_options` now accept `rp_name`, `user_id`, `user_name` and `display_name` as keyword arguments. Thank you @bdewater.
+- `WebAuthn.credential_creation_options` now accept `rp_name`, `user_id`, `user_name` and `display_name` as keyword arguments ([@bdewater])
 
 ## [v1.12.0] - 2019-04-03
 
 ### Added
 
@@ -126,15 +138,15 @@
 
 ## [v1.11.0] - 2019-03-15
 
 ### Added
 
-- `WebAuthn::AuthenticatorAttestationResponse#verify` supports `android-key` attestation statements. Thank you @bdewater!
+- `WebAuthn::AuthenticatorAttestationResponse#verify` supports `android-key` attestation statements ([@bdewater])
 
 ### Fixed
 
-- Verify matching AAGUID if needed when verifying `packed` attestation statements. Thank you @bdewater!
+- Verify matching AAGUID if needed when verifying `packed` attestation statements ([@bdewater])
 
 ## [v1.10.0] - 2019-03-05
 
 ### Added
 
@@ -148,11 +160,11 @@
 
 ## [v1.8.0] - 2019-01-17
 
 ### Added
 
-- Make challenge validation inside `#valid?` method resistant to timing attacks. Thank you @tomek-bt!
+- Make challenge validation inside `#valid?` method resistant to timing attacks (@tomek-bt)
 - Support for ruby 2.6
 
 ### Changed
 
 - Make current raised exception errors a bit more meaningful to aid debugging
@@ -160,11 +172,11 @@
 ## [v1.7.0] - 2018-11-08
 
 ### Added
 
 - _Registration_ ceremony
-  - `WebAuthn::AuthenticatorAttestationResponse` exposes attestation type and trust path via `#attestation_type` and `#attestation_trust_path` methods. Thank you @bdewater!
+  - `WebAuthn::AuthenticatorAttestationResponse` exposes attestation type and trust path via `#attestation_type` and `#attestation_trust_path` methods ([@bdewater])
 
 ## [v1.6.0] - 2018-11-01
 
 ### Added
 
@@ -172,25 +184,25 @@
 
 ## [v1.5.0] - 2018-10-23
 
 ### Added
 
-- Works with ruby 2.3. Thank you @bdewater!
+- Works with ruby 2.3 ([@bdewater])
 
 ## [v1.4.0] - 2018-10-11
 
 ### Added
 
 - _Registration_ ceremony
-  - `WebAuthn::AuthenticatorAttestationResponse.valid?` supports `android-safetynet` attestation statements. Thank you @bdewater!
+  - `WebAuthn::AuthenticatorAttestationResponse.valid?` supports `android-safetynet` attestation statements ([@bdewater])
 
 ## [v1.3.0] - 2018-10-11
 
 ### Added
 
 - _Registration_ ceremony
-  - `WebAuthn::AuthenticatorAttestationResponse.valid?` supports `packed` attestation statements. Thank you @sorah!
+  - `WebAuthn::AuthenticatorAttestationResponse.valid?` supports `packed` attestation statements ([@sorah])
 
 ## [v1.2.0] - 2018-10-08
 
 ### Added
 
@@ -204,11 +216,11 @@
 ## [v1.1.0] - 2018-10-04
 
 ### Added
 
 - _Registration_ ceremony
-  - `WebAuthn::AuthenticatorAttestationResponse.valid?` optionally accepts rp_id. Thank you @sorah!
+  - `WebAuthn::AuthenticatorAttestationResponse.valid?` optionally accepts rp_id ([@sorah])
 - _Authentication_ ceremony
   - `WebAuthn::AuthenticatorAssertionResponse.valid?` optionally accepts rp_id.
 
 ## [v1.0.0] - 2018-09-07
 
@@ -259,10 +271,11 @@
 - _Registration_ ceremony:
   - `WebAuthn.credential_creation_options` returns default options for you to initiate the _Registration_
   - `WebAuthn::AuthenticatorAttestationResponse.valid?` can be used to validate fido-u2f attestations returned by the browser
 - Works with ruby 2.5
 
+[v2.1.0]: https://github.com/cedarcode/webauthn-ruby/compare/v2.0.0...v2.1.0/
 [v2.0.0]: https://github.com/cedarcode/webauthn-ruby/compare/v1.18.0...v2.0.0/
 [v1.18.0]: https://github.com/cedarcode/webauthn-ruby/compare/v1.17.0...v1.18.0/
 [v1.17.0]: https://github.com/cedarcode/webauthn-ruby/compare/v1.16.0...v1.17.0/
 [v1.16.0]: https://github.com/cedarcode/webauthn-ruby/compare/v1.15.0...v1.16.0/
 [v1.15.0]: https://github.com/cedarcode/webauthn-ruby/compare/v1.14.0...v1.15.0/
@@ -281,5 +294,13 @@
 [v1.2.0]: https://github.com/cedarcode/webauthn-ruby/compare/v1.1.0...v1.2.0/
 [v1.1.0]: https://github.com/cedarcode/webauthn-ruby/compare/v1.0.0...v1.1.0/
 [v1.0.0]: https://github.com/cedarcode/webauthn-ruby/compare/v0.2.0...v1.0.0/
 [v0.2.0]: https://github.com/cedarcode/webauthn-ruby/compare/v0.1.0...v0.2.0/
 [v0.1.0]: https://github.com/cedarcode/webauthn-ruby/compare/v0.0.0...v0.1.0/
+
+[@bdewater]: https://github.com/bdewater
+[@jdongelmans]: https://github.com/jdongelmans
+[@kalebtesfay]: https://github.com/kalebtesfay
+[@MaximeNdutiye]: https://github.com/MaximeNdutiye
+[@sorah]: https://github.com/sorah
+[@ssuttner]: https://github.com/ssuttner
+[@padulafacundo]: https://github.com/padulafacundo