Weekly github digest (WebAuthn) from W3C Webmaster via GitHub API on 2023-12-05 (public-webauthn@w3.org from December 2023)

From: W3C Webmaster via GitHub API <sysbot+gh@w3.org>
Date: Tue, 05 Dec 2023 17:00:49 +0000
To: public-webauthn@w3.org
Message-Id: <E1rAYmv-005KVs-EK@uranus.w3.org>

Issues
------
* w3c/webauthn (+0/-4/💬17)
  6 issues received 17 new comments:
  - #1965 Code Injection vulnerability from client side (1 by nicksteele)
    https://github.com/w3c/webauthn/issues/1965 [type:technical] 
  - #1915 username and display name should not be mandatory (rp, challange either) and OS UX should be simplified if not present (7 by Firstyear, arianvp, r-jo, ragnarbull)
    https://github.com/w3c/webauthn/issues/1915 [stat:Discuss] [subtype:FeatureProposal] 
  - #1749 How to know if a user has already registered a device? (5 by andreujuanc, dagnelies, mitar, ragnarbull)
    https://github.com/w3c/webauthn/issues/1749 
  - #1743 Spec abstract is out of date on the eve of multi-device credentials and cross-device auth (1 by nicksteele)
    https://github.com/w3c/webauthn/issues/1743 [type:editorial] [@Risk] 
  - #1635 reference CTAP2.1 PS spec and fix broken link (1 by agl)
    https://github.com/w3c/webauthn/issues/1635 [type:editorial] [@Risk] 
  - #1372 Consider allowing cross-domain credential use (2 by alfonso-paella, timcappalli)
    https://github.com/w3c/webauthn/issues/1372 [stat:Discuss] [@Risk] 

  4 issues closed:
  - Code Injection vulnerability from client side https://github.com/w3c/webauthn/issues/1965 [type:technical] 
  - Spec abstract is out of date on the eve of multi-device credentials and cross-device auth https://github.com/w3c/webauthn/issues/1743 [type:editorial] [@Risk] 
  - Spec is not specific enough about order of conditional UI autofill tokens https://github.com/w3c/webauthn/issues/1982 [type:editorial] 
  - How is an RP to know if a packed attestation root certificate is used for multiple authenticator models? https://github.com/w3c/webauthn/issues/1998 [type:technical] 



Pull requests
-------------
* w3c/webauthn (+2/-3/💬0)
  2 pull requests submitted:
  - Disambiguate "this value" in authenticatorDisplayName description (by emlun)
    https://github.com/w3c/webauthn/pull/2005 [type:editorial] 
  - Reference CTAP 2.1 errata spec (by selfissued)
    https://github.com/w3c/webauthn/pull/2004 

  3 pull requests merged:
  - Allow use of credProps extension during auth
    https://github.com/w3c/webauthn/pull/1988 
  - Add note about typical autocomplete combos for conditional UI
    https://github.com/w3c/webauthn/pull/1992 
  - Clarify validation step for packed attestation certificate for RPs. 
    https://github.com/w3c/webauthn/pull/2000 [type:editorial] 


Repositories tracked by this digest:
-----------------------------------
* https://github.com/w3c/webauthn


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Tuesday, 5 December 2023 17:00:53 UTC