Version 5.9.0 (released 2026-01-22)

• OATH: Add support for importing credentials from PSKC files.
• OATH: Add --generate flag to "oath accounts add" command to generate random secrets.
• CLI: Include attached devices in error output when device selection fails.
• PIV: Add support for decompressing certificates using CXF.
• PIV: Correct display of PIN attempts remaining when >= 15.
• PIV: Deprecate ykman.piv.parse_rfc4514_string. Use from_rfc4514_string from cryptography instead.
• OpenPGP: Improve error handling for YubiKey NEO.
• HSM Auth: Add "hsmauth credentials change-password" command.
• Bugfix: Fix error handling in "apdu" command.
• Dependency: Add python-pskc library for PSKC support.
• Windows and MacOS installers built with Python 3.14.2

Version 5.8.0 (released 2025-09-03)

• Python 3.10 or later is now required.
• CLI: The "otp settings" command now supports --serial-usb-visible.
• CLI: List PIV "retired" key slots after normal slots.
• CLI: Add --no-update-chuid to "piv certificate" commands.
• CLI: Improve "fido" command error handing when FIDO2 is disabled/missing.
• CLI: Support "fido reset" when multiple keys are connected.
• Windows CLI: Fix issue with command line arguments starting with "~".
• Add "YkmanDevice.reinsert" method to simplify reconnecting a YubiKey.
• PIV: Add "PivSession.get_serial" method.
• Building the project now uses uv.
• Windows and MacOS installers built with Python 3.13.7

Version 5.7.2 (released 2025-06-09)
This is a Windows-only patch release.

• FIDO reset over NFC on Windows fixed
• Windows installer built with Python 3.13.4

Version 5.7.1 (released 2025-06-09)

• Bugfix: Fix OTP connections for YubiKeys with all other USB interfaces deactivated.
• Windows and MacOS installers built with Python 3.13.4

Version 5.7.0 (released 2025-05-28)

• Python 3.9 or later is now required.
• PIV: Improve error handling for the Printed data slot.
• PIV: Improve error handling when decompressing malformed certificates.
• Fix incompatibility with pyscard 2.2.2.
• Improve compatibility with NFC readers that don't support extended APDUs.
• Building the project now requires Poetry version 2.0 or later.
• Windows and MacOS installers built with Python 3.13.3

Version 5.6.1 (released 2025-03-18)

• Fix: Version 5.6.0 uses Exclusive smart card connections, which caused connections to fail if another application was accessing the YubiKey. This version adds a fallback to use non-exclusive connections in case of such a failure.
• Bugfix: APDU encoding was slightly incorrect for commands which specify Le, but no data body. This caused issued on some platforms.
• CLI: The "fido info" command now shows the YubiKey AAGUID, when available.

Version 5.6.0 (released 2025-03-12)

• SCP: Add support for specifying Le (needed in OpenPGP get_challenge).
• PIV: When writing a new CHUID, prefer to keep data from the old one if possible.
• CLI: Specifying public-key is now optional when generating a PIV certificate, if a public key can be read from the YubiKey itself.
• CLI: (YK FIPS) Disallow --protect for PIV when not in FIPS approved state.
• CLI: Support specifying Le in "apdu" command.
• CLI: Show OpenPGP key information in "openpgp info" and "openpgp keys info" commands.
• CLI: Detect OpenPGP memory corruption, and correctly factory reset OpenPGP if needed.
• CLI: Don't fail on corrupted configuration files, instead show a warning.
• Require Poetry >= 2.0 for building and packaging of the library.
• Bugfix: CLI - Don't use extended APDUs in the "apdu" command on old YubiKeys which do not support it.

Version 5.5.1 (released 2024-07-1)

• Bugfix: CLI - Don't use formatting that doesn't work on older Python versions.
  Note: As the 5.5.0 installers bundle Python 3.12, this will be a source-only release.
  Existing installers are unaffected by this issue.

Version 5.5.0 (released 2024-06-26)

• Add Secure Channel support to smartcard sessions.
• Support extended APDUs in the "apdu" command (this is now the default).
• HSMAuth: Treat management key as a PIN/password instead of a key, adding new CLI commands.
• PIV: Deprecate explicit passing of management key type when authenticating.
• CLI: Add "config nfc --restrict" command to set "NFC restricted mode".
• CLI: Display more information about PIN complexity and FIPS status for compatible YubiKeys.
• CLI: Improved error messages for illegal values of PIV PIN and PUK.
• CLI: Drop error messages for old 3.x commands.
• CLI: Removal of --upload for YubiCloud credentials. Export to CSV and upload via web instead.
• CLI: Add more detailed information to the CLI output for several commands.

Version 5.4.0 (released 2024-03-27)

• Support for YubiKey Bio Multi-protocol Edition.
• CLI: Improve error messages for several failures.
• Attempt to send SIGHUP to yubikey-agent if it is blocking the connection.
• Bugfix: Allow "fido config" to work when no PIN is set on the YubiKey.
• Bugfix: MacOS - Fix race condition resulting in unneeded delay in fido commands over USB.
• Bugfix: Linux - Fix error when listing OTP devices when no YubiKeys are attached.
• Bugfix: OpenPGP - Fix RSA key generation on YubiKey NEO.