Releasing Themis 0.12.0 #
The new version is out – please meet our encryption library Themis 0.12.0. Coincidentally, it supports 12 languages/platforms now.
In this release, we’re added WasmThemis that allows using Themis in WebAssembly apps , introduced a way to install Themis on Windows (still an experimental feature), improved packaging and platform compatibility (welcome Go Modules !), and added extra safety checks and a few tricky bug fixes.
Some are superstitious about releasing products on Fridays but this Themis 0.12.0 is so good we just couldn’t keep it to ourselves any longer! :)
The new release also features some breaking changes: #
Linux: when building from sources, the default installation path of Themis Core library has been changed from
/usr/local. We believe that this approach is more common for Linux, if you’re affected, read below how to make a clean upgrade.
Go: some of GoThemis APIs have been renamed to comply with Go naming convention (old API are marked as deprecated and will be removed in the next release). If you’re using Go – please switch to new functions.
gem has been completely removed in favour of
The main features and major changes in the new release are as follows. Read on or check Themis GitHub repo:
Core – more fast, more stable, fewer leaks #
Memory management becomes better: we‘ve improved security and code quality, implemented better handling of secrets and memory management in low-level Themis code. These changes decrease the chance of potential memory leaks.
Key generation: improved key validity checks across all Themis cryptosystems (#486). Now it’s harder to use wrong keys or misuse them.
Secure Cell: improved processing large data buffers (#496, #497) and performance of encryption/decryption (#496).
Library ABI: Themis shared libraries now have a formal ABI version. This ensures that no compatibility issues arise if we ever need to introduce breaking changes in the ABI ( #454 ). We’ve also removed private symbols from public export lists private functions not intended for public use are now hidden ( #458 , #472 ).
Installation, packaging, dependencies – platforms’ improvements #
- Themis now installs to
/usr/localby default when building from source on Linux (#448). This may be a breaking change if your system has non-standard precedence rules. If you install Themis from source code directly, please do a clean upgrade the following way:
make uninstall PREFIX=/usr make install PREFIX=/usr/local
Please consider using binary repositories to install Themis.
Themis packages now support multiarch installations (#512). Multiarch enables parallel installation of 32-bit and 64-bit versions of the library. This is particularly important on CentOS where some tools like pkg-config would fail to locate Themis due to non-standard installation path.
Install Themis on Windows using NSIS installer. First, build the NSIS installer itself using
make nsis_installercommand in MSYS2 environment. Then install Themis using the nice GUI :) (#474).
WebAssembly – full support for your Web/Electron apps #
WasmThemis brings Themis to Web using WebAssembly . It supports the full functionality (Secure Cell, Secure Message, Secure Session, and Secure Comparator) and is fully compatible with other Themis wrappers.
Install WasmThemis via npm as
Check sample code in docs/examples/js, and read the How-To guide on the documentation server.
WasmThemis is tested with current Node.js LTS versions, popular Web browsers, and Electron framework (#457 - #513).
Windows – experimenting and moving forward #
Compile and install Themis Core on Windows using MSYS2 compiler or NSIS installer. This is an experimental feature and we are still working on discovering all the possible bugs, please open an Issue if you found one.
Use MSYS2 compiler to install Themis Core, see the instructions here (#469).
Alternatively, you can use NSIS installer (#474).
It is now possible to compile JsThemis on Windows, given that Themis Core is installed (#475).
Miscellaneous compatibility fixes should make it possible to compile Themis Core with Microsoft Visual Studio. We do not support this platform officially yet, though (#470, #471).
Use latest BoringSSL module and cut all non-required files, leading to 2x build speedup ( #447 , #528 ).
ThemisPP is now available as a system package through
Cossack Labs repositories
for Debian and Ubuntu,
for CentOS (
Some APIs have been renamed to conform with the Go naming conventions (#424). The old names are now deprecated and scheduled for removal in the next release. Please migrate to using new names when you upgrade.
GoThemis is now compatible with Go 1.11 modules starting with this release. Finally, you can pin a specific version of GoThemis in your projects ( #505 ).
iOS, macOS #
Example code and projects for Objective-C and Swift are now up-to-date, cleaned up, and modernised (#463, #467)
Workarounds with OpenSSL dependency: pin exact OpenSSL version to work around compilation issues with the latest versions ( #484 ).
It becomes easier to install Themis for Java desktop apps – it does not require a separate installation of Themis Core from now on ( #450 ).
JsThemis now supports latest Node.js v12 LTS (in addition to v10 and v8) (#499, #502).
JsThemis can now be used on Windows provided that Themis Core is installed to
Themis GitHub Wiki is being deprecated. Please find the latest documentation for Themis on Cossack Labs Documentation Server . If you’re used to using the Themis Wiki or have bookmarked a few pages for further use, don’t worry - its pages and table of contents stay where they were, but each will now link to its corresponding Cossack Labs Documentation Server counterpart.
You can find the complete list of all the changes and additions in Themis 0.12.0 in the changelog .
Need help with security engineering?Consult with our engineers.