Release notes for 1.80?

[yeikel]

Hi team,

I usually fetch my release notes from https://www.bouncycastle.org/download/bouncy-castle-java/#release-notes but there are not mentions to 1.8.0 yet.

Is 1.8.0 a valid/safe release?

[jazdw]

Yeah I am wondering about this too. It is tagged - https://github.com/bcgit/bc-java/releases/tag/r1rv80

[jazdw]

@dghgit can you help us out?

[xalvarez]

Not so pretty but for now it seems they can be found here: https://github.com/bcgit/bc-java/blob/main/docs/releasenotes.html

[jazdw]

Nice, thanks for finding that. Here's the contents as markdown:

2.1.1 Version

Release: 1.80
Date:      2025, 14th January.

2.1.2 Defects Fixed

• A splitting issue for ML-KEM lead to an incorrect size for kemct in KEMRecipientInfos. This has been fixed.
• The PKCS12 KeyStore has been adjusted to prevent accidental doubling of the Oracle trusted certificate attribute (results in an IOException when used with the JVM PKCS12 implementation).
• The SignerInfoGenerator copy constructor was ignoring the certHolder field. This has been fixed.
• The getAlgorithm() method return value for a CompositePrivateKey was not consistent with the corresponding getAlgorithm() return value for the CompositePrivateKey. This has been fixed.
• The international property files were missing from the bcjmail distribution. This has been fixed.
• Issues with ElephantEngine failing on processing large/multi-block messages have been addressed.
• GCFB mode now fully resets on a reset.
• The lightweight algorithm contestants: Elephant, ISAP, PhotonBeetle, Xoodyak now support the use of the AEADParameters class and provide accurate update/doFinal output lengths.
• An unnecessary downcast in CertPathValidatorUtilities was resulting in the ignoring of URLs for FTP based CRLs. This has been fixed.
• A regression in the OpenPGP API could cause NoSuchAlgorithmException to be thrown when attempting to use SHA-256 in some contexts. This has been fixed.
• EtsiTs1029411TypesAuthorization was missing an extension field. This has been added.
• Interoperability issues with single depth LMS keys have been addressed.

2.2.3 Additional Features and Functionality

• CompositeSignatures now updated to draft-ietf-lamps-pq-composite-sigs-03.
• ML-KEM, ML-DSA, SLH-DSA, and Composite private keys now use raw encodings as per the latest drafts from IETF 121: draft-ietf-lamps-kyber-certificates-06, draft-ietf-lamps-dilithium-certificates-05, and draft-ietf-lamps-x509-slhdsa.
• Initial support has been added for RFC 9579 PBMAC1 in the PKCS API.
• Support has been added for EC-JPAKE to the lightweight API.
• Support has been added for the direct construction of S/MIME AuthEnvelopedData objects, via the SMIMEAuthEnvelopedData class.
• An override "org.bouncycastle.asn1.allow_wrong_oid_enc" property has been added to disable new OID encoding checks (use with caution).
• Support has been added for the PBEParemeterSpec.getParameterSpec() method where supported by the JVM.
• ML-DSA/SLH-DSA now return null for Signature.getParameters() if no context is provided. This allows the algorithms to be used with the existing Java key tool.
• HQC has been updated to reflect the reference implementation released on 2024-10-30.
• Support has been added to the low-level APIs for the OASIS Shamir Secret Splitting algorithms.
• BCJSSE: System property "org.bouncycastle.jsse.fips.allowGCMCiphersIn12" no longer used. FIPS TLS 1.2 GCM suites can now be enabled according to JcaTlsCrypto#getFipsGCMNonceGeneratorFactory (see JavaDoc for details) if done in alignment with FIPS requirements.
• Support has been added for OpenPGP V6 PKESK and message encryption.
• PGPSecretKey.copyWithNewPassword() now includes AEAD support.
• The ASCON family of algorithms have been updated in accordance with the published FIPS SP 800-232 draft.