Themis 0.12.0 - Cossack Labs

🇺🇦 We stand with Ukraine, and we stand for Ukraine. We offer free assessment and mitigation services to improve Ukrainian companies security resilience.

Read more
List of blogposts

Themis 0.12.0

themis 0-12-0

Releasing Themis 0.12.0 #

The new version is out – please meet our encryption library Themis 0.12.0. Coincidentally, it supports 12 languages/platforms now.

In this release, we’re added WasmThemis that allows using Themis in WebAssembly apps , introduced a way to install Themis on Windows (still an experimental feature), improved packaging and platform compatibility (welcome Go Modules !), and added extra safety checks and a few tricky bug fixes.

Some are superstitious about releasing products on Fridays but this Themis 0.12.0 is so good we just couldn’t keep it to ourselves any longer! :)

The new release also features some breaking changes: #

Linux: when building from sources, the default installation path of Themis Core library has been changed from /usr to /usr/local. We believe that this approach is more common for Linux, if you’re affected, read below how to make a clean upgrade.

Go: some of GoThemis APIs have been renamed to comply with Go naming convention (old API are marked as deprecated and will be removed in the next release). If you’re using Go – please switch to new functions.

Ruby: deprecated rubythemis gem has been completely removed in favour of rbthemis .

The main features and major changes in the new release are as follows. Read on or check Themis GitHub repo:

Code: #

Core – more fast, more stable, fewer leaks #

  • Memory management becomes better: we‘ve improved security and code quality, implemented better handling of secrets and memory management in low-level Themis code. These changes decrease the chance of potential memory leaks.

  • Key generation: improved key validity checks across all Themis cryptosystems (#486). Now it’s harder to use wrong keys or misuse them.

  • Secure Cell: improved processing large data buffers (#496, #497) and performance of encryption/decryption (#496).

  • Library ABI: Themis shared libraries now have a formal ABI version. This ensures that no compatibility issues arise if we ever need to introduce breaking changes in the ABI ( #454 ). We’ve also removed private symbols from public export lists private functions not intended for public use are now hidden ( #458 , #472 ).

Installation, packaging, dependencies – platforms’ improvements #

  • Themis now installs to /usr/local by default when building from source on Linux (#448). This may be a breaking change if your system has non-standard precedence rules. If you install Themis from source code directly, please do a clean upgrade the following way:
make uninstall PREFIX=/usr
make install PREFIX=/usr/local

Please consider using binary repositories to install Themis.

  • Themis packages now support multiarch installations (#512). Multiarch enables parallel installation of 32-bit and 64-bit versions of the library. This is particularly important on CentOS where some tools like pkg-config would fail to locate Themis due to non-standard installation path.

  • Install Themis on Windows using NSIS installer. First, build the NSIS installer itself using make nsis_installer command in MSYS2 environment. Then install Themis using the nice GUI :) (#474).

WebAssembly – full support for your Web/Electron apps #

WasmThemis brings Themis to Web using WebAssembly . It supports the full functionality (Secure Cell, Secure Message, Secure Session, and Secure Comparator) and is fully compatible with other Themis wrappers.

Windows – experimenting and moving forward #

Compile and install Themis Core on Windows using MSYS2 compiler or NSIS installer. This is an experimental feature and we are still working on discovering all the possible bugs, please open an Issue if you found one.

  • Use MSYS2 compiler to install Themis Core, see the instructions here (#469).

  • Alternatively, you can use NSIS installer (#474).

  • It is now possible to compile JsThemis on Windows, given that Themis Core is installed (#475).

  • Miscellaneous compatibility fixes should make it possible to compile Themis Core with Microsoft Visual Studio. We do not support this platform officially yet, though (#470, #471).

Android #

Use latest BoringSSL module and cut all non-required files, leading to 2x build speedup ( #447 , #528 ).

C++ #

ThemisPP is now available as a system package through Cossack Labs repositories ; use libthemispp-dev for Debian and Ubuntu, libthemispp-devel for CentOS ( #506 ).

Go #

  • Some APIs have been renamed to conform with the Go naming conventions (#424). The old names are now deprecated and scheduled for removal in the next release. Please migrate to using new names when you upgrade.

  • GoThemis is now compatible with Go 1.11 modules starting with this release. Finally, you can pin a specific version of GoThemis in your projects ( #505 ).

iOS, macOS #

  • Example code and projects for Objective-C and Swift are now up-to-date, cleaned up, and modernised (#463, #467)

  • Workarounds with OpenSSL dependency: pin exact OpenSSL version to work around compilation issues with the latest versions ( #484 ).

Java #

It becomes easier to install Themis for Java desktop apps – it does not require a separate installation of Themis Core from now on ( #450 ).

Node.js #

  • JsThemis now supports latest Node.js v12 LTS (in addition to v10 and v8) (#499, #502).

  • JsThemis can now be used on Windows provided that Themis Core is installed to C:\Program Files\Themis(#475).

Docs #

Themis GitHub Wiki is being deprecated. Please find the latest documentation for Themis on Cossack Labs Documentation Server . If you’re used to using the Themis Wiki or have bookmarked a few pages for further use, don’t worry - its pages and table of contents stay where they were, but each will now link to its corresponding Cossack Labs Documentation Server counterpart.

You can find the complete list of all the changes and additions in Themis 0.12.0 in the changelog .

Need help with security engineering?Consult with our engineers.

Contact us

Get whitepaper