Source code version mismatched and attestation certificate validation rule changed

[superskybird]

I clone and test locally with URL http://localhost:8000/_test/client.html , the webpage shows Copyright © 2023 . But deployed version on https://webauthn.lubu.ch/_test/client.html shows Copyright © 2026 . It seems the latest source code has not been pushed to github.com.

Additionally it seems the rule of validating the attestation certificate chain may be changed.
On https://webauthn.lubu.ch/_test/client.html , it seems the server has trust anchor database. Even though the Metadata statement of an authenticator has not been uploaded to FIDO MDS (new authenticator, AAGUID is not in FIDO MDS), the attestation certificate chain can be validated as long as the trust anchor certificate is in the database, regardless of the trust anchor certificate is uploaded by other authenticator with different AAGUID.

I think the website should match AAGUID through FIDO MDS and then validate attestation certificate against trust anchor included in the metadata statement of this AAGUID.