v0.45.0

- BackupAuthCredential now uses an enum for its level; credentials
  containing unknown levels will fail to deserialize. Receiving a
  BackupAuthCredentialResponse no longer requires an expected level,
  but now requires a timestamp; this timestamp should be the one
  provided by the server as the key in the JSON object containing the
  response.

- The backup validator has been updated; in particular, it now expects
  the IV to be in the file, and allows padding after the compressed
  backup frames.

- Support for issuing AuthCredentials with the PNI reinterpreted as
  an ACI has been removed.

- The connectionReused field from ChatService's DebugInfo has been
  removed.

- SVR3 now supports TPM2SNP on GCP, and no longer supports it on
  Azure.

- Node: Exposed Net.setIpv6Enabled(). IPv6 remains on by default.

- Java: libsignal's CompletableFuture now supports whenComplete.

- Java: A number of ClassNotFound issues have been quashed.

- Swift: PreKeyBundle.preKeyId no longer returns the *signed* pre-key
  ID, and the Kyber key info, if any, is available as well.

- Swift: Add missing invalidAttestationData and connectionFailed
  error cases.

- Rust: More zkcredential and zkgroup types implement Debug and
  PartialEq. More types in several crates implement Error.

- Changes for upstream boring v4.6.0 have been merged.

v0.44.0

- All platforms: TLS proxy support added
- Node: ChatService extracted in a separate class
- GroupSendEndorsement: refine issuance proof
- Internal changes to the reconnect logic in libsignal-net

v0.43.0

- Exposed API for unauthenticated chat service communication in Swift and Java.
  This closely follows the existing TypeScript API.
- Disabled chat connection auto-reconnect on disconnect().
- Added cleanup code to close chat server connections more promptly.
- Removed timeout parameters for SVR3 and CDSI operations.
- Improved CDSI error handling. More granular error types are returned and
  additional server errors are now handled correctly.
- Updated message backup protobuf definition.
- Removed ProfileKeyCredentialPresentationV1 which is no longer used.

v0.42.0

- GroupSendEndorsement has been added, and GroupSendCredential has
  been removed. Endorsements are similar to credentials but have some
  different characteristics; see endorsements.rs in the zkcredential
  crate for more information.

  THIS REQUIRES UPDATED SERVER ZKPARAMS.

- AuthCredentialZkc has been added as a variant of
  AuthCredentialWithPni that's built on top of zkcredential rather
  than bespoke poksho proofs. The PNI-less AuthCredential has been
  removed in favor of AuthCredentialWithPni and AuthCredentialZkc.

- SVR3 now supports enclaves based on AMD SEV SNP with TPM2
  attestation. The default configuration in libsignal-net is now
  3-of-3 secret sharing. (Note that this is still only supported in
  staging at this time.)

- cpufeatures is no longer an unconditional requirement for
  libsignal-ffi. (Thanks, @Kladki!)

- The Java code now uses Java 17; the Android build additionally
  requires SDK 34 to desugar `record` classes.

- Rust dependencies have been updated.

v0.41.2

- Reverted a breaking change (zkgroup: Implement GroupSendEndorsements)

v0.41.1

- protocol: Flip SSv2 encryption to the "new" key derivation (no client-visible impact)
- Update message backup proto definition
- Fix a configuration issue for libsignal-net

v0.41.0

- SVR3 bridge, all clients
- CDSI bridge for FFI
- libsignal-net bridge for Node
- Retire old SVR2 enclaves
- Message backup:
	- Expose message backup purpose as an argument
	- Disallow messages that are expiring soon
- Usernames: Fix missing Cargo feature for curve25519-dalek
- Implement 3HashSDHI-based "passes" in zkcredential
- Java bridging layer changes:
	- Mark all bridge_fns that return Result as `throws Exception`
	- Add the FilterExceptions helper
- Node bridging layer changes:
	- Use JsBigInt for u64 bridging instead of a Buffer
	- Update to Neon 1.0
- General bridging layer changes:
	- Filter out log messages that aren't from libsignal
	- Make ProtocolAddress's getters infallible
	- Improve error messages

v0.40.1

- Android: run tests that rely on test-only library code
- Java: internal changes to fix Java object construction on Android
- Fixed message backup validation bug, added tests

v0.40.0

- Multiple improvements to libsignal-net (no client impact).
- Introduce processMinidumpBuffer for Desktop.
- Updated error handling in the bridging layer.
- Java APIs breaking changes:
  - DecryptionErrorMessage deserialization can throw InvalidKeyException
  - HsmEnclaveClient can fail at any point during the protocol
  - Aes256GcmSiv.encrypt can't fail
- Message backup validator is now available on all client platforms.
- Fix Java error handling for CDSI lookup.

v0.39.3

- zkgroup: Add GroupSendCredentialResponse::receive_with_ciphertexts,
  which is exposed as an overload of receive() for Java and Swift, and
  as receiveWithCiphertexts() for TypeScript. This is more efficient
  if the client already has ciphertexts for the group members.

- Java: Expose ServerCertificate and SenderCertificate creation APIs,
  and add them to libsignal-server as well as libsignal-client.

- Update Cargo dependencies again.