- From: Emil Lundberg via GitHub <noreply@w3.org>
- Date: Wed, 08 Apr 2026 18:46:10 +0000
- To: public-webauthn@w3.org
emlun has just merged emlun's pull request 2372 for https://github.com/w3c/webauthn:
== Forbid authenticator data from containing cleartext PRF outputs ==
Closes #2359.
<!-- Remove the following for non-normative changes -->
The following tasks have been completed:
- ~~[ ] Modified Web platform tests ([link](https://github.com/web-platform-tests/wpt/))~~ N/A - abstract requirement
Implementation commitment:
- ~~[ ] WebKit ([link to issue](https://bugs.webkit.org/))~~ N/A - abstract requirement
- ~~[ ] Chromium ([link to issue](https://issues.chromium.org/issues/new?component=1456855&template=0))~~ N/A - abstract requirement
- ~~[ ] Gecko ([link to issue](https://bugzilla.mozilla.org/home))~~ N/A - abstract requirement
Documentation and checks
- [x] Affects privacy
- [x] Affects security
- ~~[ ] Updated explainer ([link](https://github.com/w3c/webauthn/wiki))~~ N/A - abstract requirement
<!--
This comment and the below content is programmatically generated.
You may add a comma-separated list of anchors you'd like a
direct link to below (e.g. #idl-serializers, #idl-sequence):
Don't remove this comment or modify anything below this line.
If you don't want a preview generated for this pull request,
just replace the whole of this comment's content by "no preview"
and remove what's below.
-->
***
<a href="https://pr-preview.s3.amazonaws.com/w3c/webauthn/pull/2372.html" title="Last updated on Dec 10, 2025, 8:52 PM UTC (5481e3b)">Preview</a> | <a href="https://pr-preview.s3.amazonaws.com/w3c/webauthn/2372/33f5b27...5481e3b.html" title="Last updated on Dec 10, 2025, 8:52 PM UTC (5481e3b)">Diff</a>
See https://github.com/w3c/webauthn/pull/2372
--
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Wednesday, 8 April 2026 18:46:11 UTC