v1.6.0 - Security Audit Remediation & Production Readiness

What's New

This release addresses all findings from a comprehensive platform security audit and penetration test, adds PyPI publishing infrastructure, and resolves multiple bugs discovered during deep QA.

Security

• Platform audit remediation — All 23 findings resolved: startup validation hardening, Docker multi-stage non-root build, auth consolidation, dependency pinning, payload size limits, audit integrity hashes, tenant isolation enforcement
• Penetration test remediation — 11 of 13 findings fixed, 2 accepted as standard engineering tradeoffs (GCM nonce birthday bound, policy engine DotDict pattern)
• Token revocation — Now database-backed and persistent across restarts, with user ownership verification
• OAuth hardening — HMAC-SHA256 state signatures upgraded from 64-bit to 128-bit with constant-time comparison

Features

• String usage hints — SDK encrypt methods now accept string usage hints for algorithm selection
• PyPI OIDC publishing — CI workflow for SDK publishing via trusted publishers (no stored API tokens)
• Trust & transparency docs — Enterprise evaluation guide and full security transparency report with remediation evidence

Bug Fixes

• Fix CLI crashes from removed crypto singleton and missing yaml dependency
• Fix invalid hex key defaults in docker-compose for dev mode
• Correct AESGCMCipher API signature in docs and docstrings
• Resolve 7 server bugs found during deep QA (SDK field mismatches, broken endpoints)
• Resolve all CI failures (lint, security, SDK, frontend)
• Align sub-package metadata and exports for PyPI publish

Documentation

• Update all platform documentation to reflect current state
• Update SDK install instructions for PyPI
• Add LICENSE files to SDK packages

Infrastructure

• Production readiness hardening (security, QA, CI/CD)
• Remove legacy docs-site/ in favor of cryptoserve-website

Full Changelog: v1.5.0...v1.6.0

v1.5.0 - Post-Quantum Cryptography Enhancements

What's New

This release adds Post-Quantum Cryptography (PQC) support following NIST recommendations for the quantum transition period.

Features

• Hybrid Key Exchange API - New /api/v1/kex endpoints for X25519 + ML-KEM hybrid key exchange
• Algorithm Suite Resolution - Intelligent algorithm selection based on security level preferences
• PQC Capability Detection - Runtime detection of available post-quantum algorithms
• Graceful Degradation - Automatic fallback to classical cryptography when liboqs is unavailable

Technical Details

• Implements hybrid key encapsulation per NIST SP 800-227 draft guidelines
• Supports ML-KEM-768 and ML-KEM-1024 parameter sets
• Optional liboqs-python dependency for PQC operations
• Full backward compatibility with existing classical crypto APIs

Installation

# Standard installation (classical crypto only)
pip install -r requirements.txt

# With PQC support
pip install -r requirements.txt liboqs-python

Full Changelog: v1.4.0...v1.5.0