v0.40.0

- Multiple improvements to libsignal-net (no client impact).
- Introduce processMinidumpBuffer for Desktop.
- Updated error handling in the bridging layer.
- Java APIs breaking changes:
  - DecryptionErrorMessage deserialization can throw InvalidKeyException
  - HsmEnclaveClient can fail at any point during the protocol
  - Aes256GcmSiv.encrypt can't fail
- Message backup validator is now available on all client platforms.
- Fix Java error handling for CDSI lookup.

v0.39.3

- zkgroup: Add GroupSendCredentialResponse::receive_with_ciphertexts,
  which is exposed as an overload of receive() for Java and Swift, and
  as receiveWithCiphertexts() for TypeScript. This is more efficient
  if the client already has ciphertexts for the group members.

- Java: Expose ServerCertificate and SenderCertificate creation APIs,
  and add them to libsignal-server as well as libsignal-client.

- Update Cargo dependencies again.

v0.39.2

- Java: Mp4Sanitizer and WebpSanitizer now support InputStreams that
  don't provide a good skip() operation.

- Java and Swift: Remove the length parameter for WebpSanitizer.
  (The old overload has been deprecated.)

- Node: Expose SealedSenderMultiRecipientMessage parsing
  (for @signalapp/mock-server).

- Rust: Update pinned nightly toolchain, as well as dependencies.

v0.39.1

Node: Pins the version of prebuildify used for releases, otherwise the
same as v0.39.0.

v0.39.0

- Add Username.from_parts() method

- Refuse to generate username hashes for nicknames over 48 chars long

- Split up BadDiscriminator username error into more specific errors:

  - Rust: UsernameError now has more cases. ProofVerificationFailure is
    also split off into its own error type, separate from structural
    username errors.

  - Java: Subclasses of BadDiscriminatorException have been added.

  - Swift: Some error codes have been renamed and others have been added.

  - TypeScript: Some error codes have been renamed and others have been
    added. Discriminator errors are now proper LibSignalErrors.

- Java: Expose non-copying method on SealedSenderMultiRecipientMessage to
  get message size for a recipient

v0.38.0

- Update to pqcrypto-kyber 0.7.9

- Rust: Allow mixed comparisons (PartialEq) between ServiceId and
  Aci/Pni. This is convenient but is also a breaking change: call
  sites that compared `service_id == aci.into()` will now be
  ambiguous; the fix is to remove the `.into()`.

- Rust: Expose ServiceId::kind as pub

- Restore compatibility with Rust 1.72 (and possibly earlier if you
  only use certain crates), and clarifies that updating this minimum
  version counts as a "breaking change" (i.e. v0.39.0 rather than
  v0.38.x).

- Belatedly note that git is a compilation dependency (via boring-sys)

- Start of libsignal-message-backup crate, which validates the backup
  files generated by the apps. Not ready for general use.

- Continued work on SVR3

v0.37.0

- Use compact device list encoding when sending SSv2 messages. This is
  a client->server format change; the receiving side was added in
  v0.35.0.

- Add support for excluded recipients for SSv2 messages.

- Add GroupSendCredential.

- Speed up SSv2 message encryption by generating key material on
  multiple threads.

- Android+iOS: Fix SenderKeyDistributionMessage.getDistributionId(),
  which was producing garbage output. (Thanks for the report,
  @imb591!)

- Rust: Move ServiceId + ProtocolAddress to new libsignal-core crate
  (but re-exported through libsignal-protocol, so this is a
  non-breaking change). zkgroup no longer depends on
  libsignal-protocol.

- Fuzz test fixes related to pre_key_id and archived sessions count
  (thanks, @moodyjon!)

v0.36.1

- Update curve25519-dalek to 4.1.1
- Fix the server push response format in libsignal-net (no client
  impact)
- Java: Take in session list for sealed sender multiRecipientEncrypt

v0.36.0

- All: Add attestation constants for new SVR2 enclaves
- Android: Expose CDSI lookup APIs
- iOS: Adopt modern SignalCoreKit logging APIs

"SVR3" work is still experimental and should not be used yet.

v0.35.0

- (Rust, Java) Expose SSv2 message parsing in libsignal-server, along
  with support for compact device lists and excluded recipients. Send
  support will come in a future release.

- (All) Consistently pad encrypted usernames to 128 bytes

- (Node) Target ES2020 instead of ES2015.

- (Java) Improve Pair's equals, hashCode, and toString

- (Rust) Continued work on the still-experimental libsignal-net.