v0.65.0

- Added a validity-checking function to AccountEntropyPool.

- Rust: The EC key types have been moved to libsignal_core::curve.
  They are still exported through libsignal_protocol as before, but a
  few of the signatures have changed.

- The libsignal-net ChatConnection APIs have been exposed to Swift.
  These will eventually replace the ChatService APIs.

- libsignal-net: enabled support for Ed25519 TLS certificates

- Fixed username printing for discriminators under 10

- Many backup validator improvements
  - Require a Self recipient
  - Disallow IDs of 0
  - Disallow timestamps not representable by JS Date
    (more than 100,000,000 days from the epoch)
  - Chat.pinnedOrder of 0 is no longer treated as "unpinned"
  - Stricter checking of many messages

- Key transparency: the "monitor" API has been exposed to Java.

- Removed support for the old AuthCredential versions

- Removed SVR3 from all app bridges

- Changed the representation of pointers in the Swift (ffi) bridge
  layer. This has always been considered an unstable interface, but if
  you're using it anyway, you'll need to adjust for the new types that
  are more Swift-friendly.

v0.64.1

- Backups: Support BackupInfo.currentAppVersion and firstAppVersion fields

v0.64.0

- Improve the performance of both the online and whole-file backup validation
  methods.

- Add a CLI utility to "scramble" backups by removing the most obvious
  identifying information.

- Import various backup validation proto changes, and tighten validation of
  distribution lists to disallow duplicate entries.

- Java: the key transparency Store abstraction has been reworked.

- The version of our `boring` dependency is now v4.13.0, which incorporates the
  changes of the upstream project through the same version.

v0.63.0

- Introduce OnlineBackupValidator, while accepts serialized protobuf
  frames rather than processing an entire file at once.

- Swift: SignalError.backupValidation was **removed** in favor of
  MessageBackupValidationError, which it was essentially redundant
  with.

- ChatService will soon be replaced by ChatConnection, currently
  experimentally available in Node. (All of the networking-related
  APIs are still even more subject to change than the rest of
  libsignal.

- The Node library now requires ES2021.

- Methods issuing older AuthCredential formats were deprecated and
  will be removed in a future release.

- Support for the CDSI option 'return_acis_without_uaks' was removed;
  it was already ignored by the service.

- Further backup validator proto updates and performance improvements,
  including use of an extra worker thread for pipelining entire-file
  processing. ChatItem errors will now include the dateSent timestamp.

- Further work on both key transparency and libsignal-net.

v0.62.0

- Android: AuthenticatedChatService can now receive messages via the
  ChatListener interface. (This is a breaking change if you were
  previously constructing AuthenticatedChatService.)

- Further backup validator updates:
  - Allow PNI-only contacts
  - Allow Chat.muteUntilMs of INT64_MAX ("mute forever")
  - Update Backup.proto (several fields now use `optional`)
  - Suppress repeated warnings about the same timestamp field
  - Buffer the input stream for all app languages

- SHA-2 performance improved on 64-bit Android, iOS, macOS, and Linux

- Rust: Add ServiceId::to_protocol_address (thanks, @rubdos!)

Note: though some key transparency APIs have been exposed to Android,
they are not yet finalized.

v0.61.0

- Net: Chat now throws RateLimitedError/RetryLaterException when the server requests a retry
- Node: Switched from yarn to npm to align with other Signal projects
- Android: Split ChatService into Unauthenticated.. and AuthenticatedChatService for platform consistency
- Attest: Removed unused IAS attestation code and tests
- Backup: Made timestamps optional for AttachmentLocator:uploadTimestamp and ChatItem:dateServerSent

v0.60.2

- Add BackupKey.deriveThumbnailTransitEncryptionKey
- Backup validator: Allow "unknown" restrictions for call links

v0.60.1

- Expose more key derivations to apps via new BackupKey class, as well
  as additional APIs on MessageBackupKey and AccountEntropyPool.

- Adjust backup ID derivation from a BackupKey once more (hopefully
  the last time).

- iOS: Make incremental MAC chunk size value accessible

- Node: Properly re-export BackupCredentialType through zkgroup module

- Internal change: Use new websocket event handler for attested
  connections. This should not produce any difference in behavior,
  but if any is observed this might be the cause.

v0.60.0

- Add BackupCredentialType to BackupAuthCredential, and rename the
  members of BackupLevel. This is a **breaking change**: old
  credentials will no longer work, and client and server have to
  agree on the credentials being used. BackupAuthCredential also
  now uses the "new" key derivation for the backup ID.

- MessageBackupKey now supports the "new" key derivations using an
  "account entropy pool" string, as well as from a backup key and ID.
  The "old" derivation from a "master key" has been deprecated in all
  languages and will be removed in a future release.

- The backup validator now requires a mediaRootBackupKey in the
  BackupInfo proto.

- Provide additional information on CDSI errors.

- swift: Initial audit for Sendable.

- Rust: Update boring to signal-v4.9.0b to fix build with newer
  LLVM/libclang.

v0.59.0

- Rename "pin" crate to "account-keys", to reflect expanding functionality
- Backup: Be more precise about when expiration should have started
- Node: Change Net constructor to accomodate localhost testing.