Release Notes Version 4.36.0

With the current release, we have removed the pdf files with the user documentation from the package. Instead, all user documents for supported versions of the SDK are available exclusively online at our Documentation Portal. A readme file is available in the root folder of the product package providing the link to the documentation of this SDK specifically as well as instructions for locating product version-specific documentation.

Beginning with Android 15, Android supports devices that are configured to use a page size of 16 KB (i.e., 16 KB devices). The SDK has been updated to work on these 16 KB devices. However, if your app uses any native libraries, you must ensure that these libraries are ready for 16 KB page sizes. For more information, refer to the Android Developer documentation.

The SDK is now built with Xcode 16.

Swift version 6 is now available. The main changes are related to a stricter concurrency model. As the SDK has not been implemented in Swift, it cannot be guaranteed that the SDK operates as designed with version 6. If you wish to use the SDK in Swift 6 projects, ensure to include the @preconcurrency attribute. For more information, see the Swift Migration Guide and The Swift Programming Language: Concurrency.

The SDK continues to support Swift 5.

The minimum supported version of the SDK has been increased to iOS 15.

Description: If a password contained special characters, the Digipass SDK classified it as weak, even though it complied with weak password rules. This issue was caused by a specific limitation in the isWeakPassword method.

Status: This issue has been fixed. The limitation has been removed.

Description: When the authenticator was set to use hashcode as PIN check level and generate an invalid password as PIN penalty, the static vector PIN became vulnerable when using the Digipass SDK. The reason for this was that the Digipass authenticator started validating the one-time password (OTP) again after the user had provided the correct PIN.

Status: This issue has been fixed. The hashcode is now erased after a configured number of failed attempts to enter the PIN, and status and password fatal counter are not reset anymore if a hash security level is set. With this, the user can continue to use the app and generate OTPs or signatures, but must remember their PIN as they will no longer receive a notification that their PIN is incorrect/invalid. If the Digipass authenticator uses an event counter, this counter could exceed the allowed limit after too many failed attempts to enter the PIN and consequently, it is no longer possible to generate a valid OTP or signature.

To avoid this situation, we recommend to re-activate the authenticator whenever the user enters the PIN penalty mode.

Also, it is now mandatory to combine the PIN hash check togehter with the PIN penalty Reset. The combination with hashcode as PIN check level and generate invalid password as PIN penalty is no longer allowed in the parameter definition. We advise to use the reset dynamic vector penalty if you opt for a hash-level password check.