v0.8.0

Summary

MDK 0.8.0 is a protocol, security, and mobile-bindings release.

This release adds the first MIP-05 notification building blocks, moves MIP-00 key packages to addressable events, improves mixed-version group compatibility, expands UniFFI coverage, and tightens several security-sensitive validation paths around admins, commits, storage, encryption bounds, and replay handling.

Changes

Protocol and group behavior

• Added MIP-05 primitives and leaf-index helpers. (#235 by @erskingardner)
• Added a MIP-05 notification request builder. (#238 by @erskingardner)
• Updated MIP-05 push tokens to opaque variable-length data with larger token support. (#254 by @erskingardner)
• Migrated MIP-00 KeyPackage events to addressable kind:30443 events. (#233 by @dannym-arx)
• Added SelfRemove proposal support for voluntary group departure in MIP-03. (#236 by @jgmontoya)
• Converged the self-update wire format. (#264 by @jgmontoya)
• Added a group context extensions upgrade path. (#266 by @jgmontoya)
• Computed group required capabilities from invitee capabilities to support mixed-version invites. (#261 by @jgmontoya)
• Added a group_required_proposals accessor. (#265 by @jgmontoya)
• Allowed custom tags on the outer kind:445 wrapper. (#248 by @mehmetefeumit)

Security and correctness

• Pruned invalid admins before group validation and updates. (#223 by @jgmontoya)
• Stripped admin status atomically when removing members. (#225 by @mubarakcoded)
• Added migration compatibility fallbacks for 0.6.x to 0.7.x upgrades. (#222 by @erskingardner)
• Tightened encrypted content minimum length checks from 12 bytes to 28 bytes. (#230 by @erskingardner)
• Added ciphertext deduplication to reject re-wrapped event replay during commit ordering. (#246 by @erskingardner)
• Fixed memory storage message payload bounds. (#257 by @erskingardner)
• Prevented memory storage eviction of security-critical state. (#259 by @mubarakcoded)
• Fixed receiver-side admin depletion validation. (#256 by @erskingardner)
• Parsed invitee key packages before persisting creator signer data. (#262 by @jgmontoya)
• Added a typed error variant for add-members proposal rejection. (#263 by @jgmontoya)
• Encoded SQLite keys before keyring storage. (#270 by @erskingardner)

APIs, bindings, and media

• Added missing UniFFI bindings for 10 existing methods. (#249 by @erskingardner)
• Auto-initialized the platform keyring store in new_mdk(). (#252 by @sjmcnamara)
• Added public delete_messages_for_group and delete_group methods for local cleanup. (#250 by @jgmontoya)
• Added thumbhash support alongside blurhash compatibility. (#244 by @erskingardner)
• Gated new_unencrypted() behind the test-utils feature flag. (#245 by @erskingardner)
• Exposed the test_util module behind a test-utils Cargo feature. (#269 by @jgmontoya)
• Reduced release binary size for Android and iOS bindings. (#221 by @dannym-arx)

Tooling, CI, docs, and maintenance

• Refreshed the README for Marmot. (#211 by @dannym-arx)
• Added cargo audit to CI and precommit checks. (#229 by @erskingardner)
• Updated hpke-rs to 0.6.1 to address RUSTSEC-2026-0073 and RUSTSEC-2026-0074. (#234 by @dannym-arx)
• Fixed CI binding builds on Linux and Swift package publishing. (#267 by @erskingardner)
• Removed redundant builds and restored the release profile in CI. (#232 by @dannym-arx)
• Removed the trees subdirectory and updated .gitignore. (#237 by @erskingardner)
• Refactored internal code to reduce duplication. (#239 by @dannym-arx)
• Prepared the 0.8.0 release. (#271 by @erskingardner)

New contributors

Thanks to the contributors who landed their first MDK PR in this release:

• @mehmetefeumit in #248
• @sjmcnamara in #252

Full changelog

Compare v0.7.1...v0.8.0

v0.7.1

What's Changed

• [Fixes #209] feat: expose MIP-04 encrypted media in UniFFI bindings by @dannym-arx in #215
• fix(mip04): derive file key with HKDF-Expand PRK by @erskingardner in #217
• chore: prepare 0.7.1 release by @erskingardner in #218

Full Changelog: v0.7.0...v0.7.1

v0.7.0

What's Changed

• chore(Cargo): bump openmls and other dependencies by @jgmontoya in #204
• Methods to expose ratchet tree with pubkeys by @dannym-arx in #206
• fix: wire max_past_epochs into OpenMLS group config and bump to 0.8.1 by @erskingardner in #207
• ci: split jobs, add path filters and concurrency cancellation [skip-changelog] by @dannym-arx in #210
• feat: replace NIP-44 with ChaCha20-Poly1305 for kind:445 (MIP-03) and update MIP-04 exporter label by @erskingardner in #208
• ci: add UniFFI bindings coverage checker by @dannym-arx in #212
• fix(ios): set IPHONEOS_DEPLOYMENT_TARGET=15.0 to fix ___chkstk_darwin link error by @dannym-arx in #214
• chore: prepare 0.7.0 release by @erskingardner in #213

Full Changelog: v0.6.0...v0.7.0

v0.6.0

What's Changed

• Add github CI workflow by @erskingardner in #1
• Add encrypted media support (MIP-04) by @erskingardner in #2
• Update openmls, cleanup deps, improve checks/actions by @erskingardner in #3
• Fix key package metdata and extension version. Add tests. by @erskingardner in #6
• fix(mdk-sqlite-storage/migrations): rename migration table to _refinery_schema_history_nostr_mls by @jgmontoya in #5
• Remove complex sanitization code and simply strip by @erskingardner in #7
• Refactor of common image validations and metadata functions for MIP-01 and MIP-04 by @erskingardner in #9
• feat(mdk_core/messages groups): add mls_group_id to MessageProcessingResult variants by @jgmontoya in #10
• Fix blurhash generation by @erskingardner in #11
• Create credentials with correct identity encoding by @erskingardner in #13
• feat: add test coverage reporting with regression prevention by @mubarakcoded in #14
• fix: resolve baseline artifact download in coverage workflow by @mubarakcoded in #18
• Improve test coverage and add edge case tests by @mubarakcoded in #21
• Add key package validation by @erskingardner in #17
• Add comprehensive edge case tests for encrypted media, groups, and messages by @mubarakcoded in #22
• ci: remove redundant test execution from CI workflow by @mubarakcoded in #28
• Skip comment on PRs from fork repos by @erskingardner in #31
• Improve image key handling: migrate to HKDF seed derivation (MIP-01 v2) by @dannym-arx in #30
• Implement hex-to-base64 encoding migration for KeyPackage and Welcome by @mubarakcoded in #29
• refactor: Always include encoding tag for KeyPackage and Welcome events by @mubarakcoded in #32
• Rubygems and PyPI publishing by @erskingardner in #34
• separate accept_welcome and accept_welcome_json by @dannym-arx in #36
• Image key separation by @dannym-arx in #33
• fix minor clippy warning by @dannym-arx in #37
• Update README by @kuba-04 in #39
• chore: Update dependencies and refactor imports in mdk-core by @erskingardner in #43
• Implement admin update validation in group management by @erskingardner in #42
• Add identity binding verification for KeyPackage events by @erskingardner in #41
• Enhance message processing with author verification by @erskingardner in #40
• fix: add input validation to prevent unbounded storage writes by @mubarakcoded in #94
• check for changelog.md in PRs by @dannym-arx in #99
• Add AGENTS.md and update changelog for previous PRs by @erskingardner in #101
• add changelog entry for issue #71 by @mubarakcoded in #103
• bindings should also have a changelog by @dannym-arx in #100
• minor kotlin binding cleanup by @dannym-arx in #38
• (Fixes #58) Issue O: Missing Hash Verification in decrypt_group_image Allows Storage-Level Blob Substitution by @dannym-arx in #97
• fix: correct error type in admins() when group not found by @erskingardner in #104
• fix(sqlite): propagate last_message_id parse errors in row_to_group by @erskingardner in #105
• Mdk issue 91 fix by @erskingardner in #107
• Enhance admin authorization logic in group management by @erskingardner in #108
• (Fixes #84) Issue AO: MLS Group ID Leakage in Error Messages by @dannym-arx in #112
• 51 issue h missing mip 02 validation for welcome events by @mubarakcoded in #96
• (Fixes #76) Issue AG: Function all_groups Aborts on First Deserialization Error by @dannym-arx in #115
• fix: add pagination to prevent memory exhaustion in pending_welcomes by @mubarakcoded in #110
• (fixes #61) Issue R: Refactor encoding handling to enforce base64 usage for key packages and welcomes by @dannym-arx in #98
• FIX: Unify UniFFI welcomes pagination API by @mubarakcoded in #119
• fix(mdk-core/groups): remove the correct member on remove_members when the tree has holes by @jgmontoya in #120
• fix: add pagination and validation to messages query to prevent memory exhaustion by @mubarakcoded in #111
• (Fixes #64) Issue U: Deterministic Nonce Derivation Causes Nonce Reuse and Message Linkability by @dannym-arx in #114
• Fix/self update requires cached exporter secret by @jgmontoya in #121
• feat(mdk-core/src/groups): add nostr_group_id field to NostrGroupDataUpdate as Optional by @jgmontoya in #127
• Fix: Propagate mandatory group-data extension parse failures in sync_group_metadata_from_mls by @mubarakcoded in #125
• Fix: Persist failed message processing state to prevent DoS via repeated reprocessing by @mubarakcoded in #116
• Add claude code base permissions and slash commands by @erskingardner in #129
• fix(mdk-core): add identity validation in proposal and commit processing (Fixes #55) by @erskingardner in #126
• fix(mdk-core): allow proposals from non-admin members (Audit Issue I) by @erskingardner in #122
• docs(mdk-core): document privacy-preserving group creation behavior by @erskingardner in #133
• Encrypted & Secure Storage by @erskingardner in #102
• Fix: Add admin authorization check for MLS commit messages by @erskingardner in #130
• fix: address CodeRabbit nitpicks from PR #130 by @erskingardner in #135
• fix(mdk-memory-storage): improve save_message performance from O(n) to O(1) (Audit Issue 6) by @erskingardner in #134
• fix(mdk-core): improve error message for failed welcome retry attempts by @erskingardner in #136
• feat: Add a coverage helper script for development by @dannym-arx in #123
• Fix: Add comprehensive Nostr-based validations for message processing (Issue AE #74) by @mubarakcoded in #128
• (Fixes #68) Fix Issue Y: Missing Zeroization for secrets, and introduce Secret type by @dannym-arx in #109
• (Fixes #62) Issue S: Missing Validation of Mandatory Relays Tag in MLS KeyPackage Events by @dannym-arx in #118
• feat(mdk-core): allow creating single-member groups by @erskingardner in #138
• fix: improve Android cross-compilation with OpenSSL support by @erskingardner in #140
• fix(mdk-core): handle removed member commit processing gracefully (Fixes #80) by @erskingardner in #137
• fix(mdk-core): remove legacy 64-byte credential identity format support by @erskingardner in #141
• fix: install OpenSSL on Windows for UniFFI bindings build by @erskingardner in #144
• (fixes #83) Issue AN: Unvalidated Group ID Allows LRU Cache Pollution in save_message by @dannym-arx in #113
• (Fixes #56): Fixed messages being overwritten across groups by @dannym-arx in #124
• (Fixes #63 and #66) Fix Mime Related Security Issues by @dannym-arx in #95
• (Fixes #65) labels no longer set in stone, now just set in bytes, bytes that can be updated in the future by @dannym-arx in #145
• (Fixes #117) refactor(legacy): RIP legacy code, you will not be missed (2025-2026) by @dannym-arx in #146
• chore(mdk-core/src/encryp...