Fixes:

• Relaxed Guava dependency version constraint to include major version 33.

Artifacts built with openjdk version "17.0.17" 2025-10-21.

New features:

• Added JavaDoc to COSEAlgorithmIdentifier constants.
• Added support for Ed448 signatures.
• New constants COSEAlgorithmIdentifier.Ed25519, COSEAlgorithmIdentifier.Ed448 and PublicKeyCredentialParameters.Ed448
• (Experimental) Added a new suite of interfaces, starting with CredentialRepositoryV2. RelyingParty can now be configured with a CredentialRepositoryV2 in...

Changes since 2.8.0-alpha3

webauthn-server-core:

New features:

• Added JavaDoc to COSEAlgorithmIdentifier constants.
• Added support for Ed448 signatures.
• New constants COSEAlgorithmIdentifier.Ed25519, COSEAlgorithmIdentifier.Ed448 and PublicKeyCredentialParameters.Ed448

webauthn-server-attestation:

New features:

• Updated SupportedCtapOptions to version 2.2 of...

New features:

• Added overloaded setter RelyingPartyBuilder.origins(Optional<Set<String>>).
• Added support for the CTAP2 credProtect extension.
• Added support for the prf extension.
• (Experimental) Added option FinishRegistrationOptions.isConditionalCreate to allow UP=0 in registration response for registration ceremonies with mediation: "conditional".
  • NOTE: Experimental fe...

Ported changes from pre-release 2.7.0-RC3:

Fixes:

• Excluded CVE-2025-27820 vulnerable versions of Apache httpclient5 from dependency resolution. Note that this might only affect consumers using Gradle module metadata.

Artifacts built with `openjdk version "17.0.15...