Releases: glassless-security/glassless
Releases · glassless-security/glassless
GlaSSLess 0.13.0
Installation
Maven
<dependency>
<groupId>net.glassless</groupId>
<artifactId>glassless-provider</artifactId>
<version>0.13.0</version>
</dependency>Gradle
implementation 'net.glassless:glassless-provider:0.13.0'Highlights
FIPS SSLContext wrapper and Argon2 benchmark
Add FIPS SSLContext wrapper and Argon2 benchmark
What's Changed
New Features
- Add FIPS SSLContext wrapper and Argon2 benchmark
Full Changelog: v0.12.0...v0.13.0
GlaSSLess 0.12.0
Installation
Maven
<dependency>
<groupId>net.glassless</groupId>
<artifactId>glassless-provider</artifactId>
<version>0.12.0</version>
</dependency>Gradle
implementation 'net.glassless:glassless-provider:0.12.0'Highlights
FIPS mode container testing with fabric8 docker-maven-plugin
Add FIPS mode container testing with fabric8 docker-maven-plugin
What's Changed
New Features
- Add FIPS mode container testing with fabric8 docker-maven-plugin
- Add System.Logger-based tracing across all JCA service types
- Add ByteBuffer engineUpdate override to AbstractCipher
- Add secp256k1 OID to ECParameters
- Add OpenJDK jtreg test infrastructure for TLS/JSSE compliance
Bug Fixes
- Fix EVP_CIPHER_CTX_set_padding to call the actual OpenSSL function
- Fix PKCS12 keystore interop with PBE cipher and key factory improvements
Documentation
- Document TLS/JSSE compliance testing
Other Changes
- Remove unused parameters, constants, and fix minor code warnings
Full Changelog: v0.11.0...v0.12.0
GlaSSLess 0.11.0
Installation
Maven
<dependency>
<groupId>net.glassless</groupId>
<artifactId>glassless-provider</artifactId>
<version>0.11.0</version>
</dependency>Gradle
implementation 'net.glassless:glassless-provider:0.11.0'Highlights
What's Changed
Bug Fixes
- Fix JAR timestamps, add build revision to manifest, bump CI actions to Node.js 24
Full Changelog: v0.10.0...v0.11.0
GlaSSLess 0.10.0
Installation
Maven
<dependency>
<groupId>net.glassless</groupId>
<artifactId>glassless-provider</artifactId>
<version>0.10.0</version>
</dependency>Gradle
implementation 'net.glassless:glassless-provider:0.10.0'Highlights
Dependabot auto-merge workflow
Add Dependabot auto-merge workflow
What's Changed
New Features
- Add Dependabot auto-merge workflow
Bug Fixes
- Fix OSSL_PARAM byte order for BigInteger and EVP_PKEY_fromdata_init signature
- Fix all Error Prone warnings across source and test code
Security
- Harden FIPS compliance: key zeroization, Destroyable interface, and runtime enforcement
- Make all KeyFactory/KeyPairGenerator implementations self-contained for FIPS compliance
Other Changes
- Use OpenSSL OSSL_PARAM_BLD API for correct cross-version parameter building
- Replace SpotBugs with Error Prone for compile-time static analysis
Full Changelog: v0.9.0...v0.10.0
GlaSSLess 0.9.0
Installation
Maven
<dependency>
<groupId>net.glassless</groupId>
<artifactId>glassless-provider</artifactId>
<version>0.9.0</version>
</dependency>Gradle
implementation 'net.glassless:glassless-provider:0.9.0'Highlights
multi-version OpenSSL testing to CI matrix
Add multi-version OpenSSL testing to CI matrix
What's Changed
New Features
- Add multi-version OpenSSL support. Tested with 3.0, 3.6, 4.0
- Add ML-DSA to hybrid mode delegation based on JDK 27 benchmarks
- Add FindSecBugs plugin and use Locale.ROOT for all case conversions
- Add SpotBugs static analysis and fix all P1/URF_UNREAD_FIELD findings
- Add deterministic ECDSA (RFC 6979) and update documentation
- Add AES-GCM-SIV (RFC 8452) nonce-misuse-resistant AEAD cipher support
- Add LMS/HSS verification support and refactor key factories
- Refactorings
- Implement GlaSSLessProvider.toString()
- Add automated release notes generation
- Improve release workflow with longer timeout and resume support
Bug Fixes
- Fix SpotBugs findings and improve code quality
Performance
- Document JDK 27 JEP 527 integration and hybrid KEM benchmarks
Documentation
- deps: bump org.asciidoctor:asciidoctor-maven-plugin from 3.1.1 to 3.2.0
Other Changes
- deps: bump the junit group with 3 updates
- deps: bump the maven-plugins group across 1 directory with 3 updates
- deps: bump io.github.git-commit-id:git-commit-id-maven-plugin
- Skip LMS on OpenSSL 3.6.x due to incompatible SPKI encoding
- Spotless fix
- deps: bump com.diffplug.spotless:spotless-maven-plugin
- Replace JDK 26-ea with 27-ea in CI matrix
- Guard deterministic ECDSA (RFC 6979) behind OpenSSL 3.2+ version check
- ci: bump actions/upload-artifact from 4 to 7
- Register standard JCA cipher names (AES/GCM/NoPadding, etc.)
- Deduplicate key pair generators via shared generateKeyPair helper
- Extract shared base classes for PQC keys and single-shot signatures
Full Changelog: v0.8.0...v0.9.0
GlaSSLess 0.8.0
Highlights
Hybrid Mode for Optimal Performance
This release introduces hybrid mode, which automatically uses the best provider for each operation:
- JDK for SHA-256/SHA-512, HMAC-SHA256/SHA512, SecureRandom, ML-KEM (where HotSpot intrinsics excel)
- OpenSSL for ECDH, EdDSA, EC key generation (where native code excels)
Enable with:
glassless.hybrid.enabled=trueBenchmark results show hybrid mode delivers optimal performance:
- SHA-256: JDK is 5.7x faster
- HMAC-SHA256: JDK is 9.8x faster
- ECDH: GlaSSLess is 5.2x faster
- Ed25519: GlaSSLess is 7.9x faster
- Mixed workload: Hybrid is 8.4x faster than pure JDK
Hybrid mode is automatically disabled when FIPS mode is active to ensure compliance.
What's Changed
- Add hybrid mode for optimal performance across operation types
- Add HybridModeBenchmark for performance comparison
- Update documentation with hybrid mode configuration and benchmark results
Full Changelog: v0.7.0...v0.8.0
GlaSSLess 0.7.0
Highlights
FIPS Compliance Documentation
This release adds comprehensive FIPS compliance documentation covering:
- FIPS 140-3 compliance via OpenSSL's validated cryptographic module
- Supported FIPS standards: FIPS 180, 186, 197, 198, 202, 203, 204, 205
- Automatic FIPS mode detection and non-approved algorithm exclusion
- Configuration guidance for FIPS-compliant deployments
What's Changed
- Add FIPS compliance documentation with detailed standards coverage
- Document FIPS mode behavior and algorithm restrictions
Full Changelog: v0.6.0...v0.7.0
GlaSSLess 0.6.0
Highlights
DH Key Agreement Interoperability Fix
Fixed Diffie-Hellman key agreement to properly interoperate with SunJCE provider, ensuring cross-provider compatibility.
AsciiDoc Sources Distribution
AsciiDoc documentation sources are now included as a separate JAR artifact (-asciidoc classifier) for integration into documentation pipelines.
What's Changed
- Fix DH key agreement interoperability with SunJCE provider
- Add AsciiDoc sources JAR to release artifacts
- Remove unused AssertJ dependency
- Add wide logo image for documentation
Full Changelog: v0.4.0...v0.6.0
GlaSSLess 0.4.0
Highlights
Memory Safety & Stability
This release focuses on memory safety and platform stability:
- Memory Leak Fix: Fixed memory leak in MessageDigest implementations by adding proper Cleaner-based resource management
- Native Resource Management: Added NativeResourceCleaner utility for consistent cleanup of OpenSSL resources
- Platform Safety: Reject 32-bit platforms to prevent size_t mapping issues
- Overflow Protection: Added safe size_t to int conversion to prevent integer overflow
Memory Soak Tests
Added comprehensive native memory soak tests to verify no memory leaks occur during sustained cryptographic operations.
What's Changed
- Fix memory leak in AbstractDigest by adding Cleaner
- Add NativeResourceCleaner utility for consistent cleanup
- Add native memory soak tests to verify no memory leaks
- Add safe size_t to int conversion to prevent overflow
- Reject 32-bit platforms to prevent size_t mapping issues
- Fix MemorySegment null checks to use equals(MemorySegment.NULL)
Full Changelog: v0.3.0...v0.4.0
GlaSSLess 0.3.0
Highlights
TLS 1.3 KDF Support
Added TLS 1.3 Key Derivation Function (RFC 8446) implementation, enabling use of GlaSSLess for TLS 1.3 key derivation operations.
AsciiDoc Documentation
Comprehensive AsciiDoc documentation is now available, packaged as a separate JAR with docs classifier:
- Installation guide
- Usage examples
- Complete algorithm listing (370+ algorithms)
- Post-quantum cryptography guide
- Performance benchmarks
- Development guide
Documentation for Hybrid KEM Limitations
Documented OpenSSL 3.5 limitation preventing EC-based hybrid KEMs (SecP256r1MLKEM768, SecP384r1MLKEM1024) due to missing key serialization support.
What's Changed
- Add TLS 1.3 KDF implementation (RFC 8446)
- Add AsciiDoc documentation with docs JAR classifier
- Update algorithm listing to 370+ algorithms
- Document OpenSSL limitation for EC-based hybrid KEMs
- Get provider version from package implementation version
Full Changelog: v0.2.0...v0.3.0