This release includes 2 security fixes for security teams reviewing exposed deployments.
Published 3mo
MCP Security & Auth
✓ No known CVEs patched
This release patches 2 known CVEs
Topics
ai-agents
ai-security
bitcoin
cryptography
custody
ecdsa
+10 more
high-risk
java
key-management
kms
mpc
schnorr
taproot
threshold-cryptography
threshold-signatures
tss
Affected surfaces
auth
Summary
AI summaryUpdates Important Security Fixes, https://github.com/tkeeper-org/tss4j/releases/tag/v0.0.9, and https://github.com/tkeeper-org/tss4j across a mixed release.
Full changelog
Important Security Fixes
- Updated tss4j to
0.0.9. See 0.0.9 Release Changelog for details. - Implemented GG20 offline consistency check round
Features
- Added key derivation based on tweaks. See Threshold Signing and Threshold Cipher in documentation.
- Added prefix and suffix permission segment support. See Authorization & Authentication section in documentation.
- Updated docker image. Now RedHat Java 21 ubi9 image is used
- Enhanced control plane UI
Security Fixes
- tss4j updated to version 0.0.9 — see https://github.com/tkeeper-org/tss4j/releases/tag/v0.0.9 for details
- Implemented GG20 offline consistency check round — closes an abuse vector
Weekly OSS security release digest.
The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.
No spam, unsubscribe anytime.
Share this release
About TKeeper
All releases →Related context
Beta — feedback welcome: [email protected]