Skip to content
This repository has been archived by the owner on Jan 24, 2024. It is now read-only.

Latest commit

 

History

History
570 lines (408 loc) · 38.2 KB

CHANGELOG.md

File metadata and controls

570 lines (408 loc) · 38.2 KB

Change Log

v2.2.1 (2019-05-24)

Full Changelog

Fixed bugs:

  • need to require 'forwardable' to use Forwardable #316
  • Add forwardable dependency for JWK RSA KeyFinder #317 (excpt)

v2.2.0 (2019-05-23)

Full Changelog

Closed issues:

  • misspelled es512 curve name #310
  • With Base64 decode i can read the hashed content #306
  • hide post-it's for graphviz views #303

Merged pull requests:

v2.2.0.pre.beta.0 (2019-03-20)

Full Changelog

Implemented enhancements:

Fixed bugs:

  • Inconsistent handling of payload claim data types #282
  • Use iat\_leeway option #273
  • Issued at validation #247
  • Fix bug and simplify segment validation #292 (anakinj)
  • Removed leeway from verify\_iat #257 (ab320012)

Closed issues:

  • RS256, public and private keys #291
  • Allow passing current time to decode #288
  • Verify exp claim without verifying jwt #281
  • Decoding JWT with ES256 and secp256k1 curve #277
  • Audience as an array - how to specify? #276
  • signature validation using decode method for JWT #271
  • JWT is easily breakable #267
  • Ruby JWT Token #265
  • ECDSA supported algorithms constant is defined as a string, not an array #264
  • NoMethodError: undefined method `group' for <xxxxx> #261
  • 'DecodeError'will replace 'ExpiredSignature' #260
  • TypeError: no implicit conversion of OpenSSL::PKey::RSA into String #259
  • NameError: uninitialized constant JWT::Algos::Eddsa::RbNaCl #258
  • Get new token if curren token expired #256
  • Infer algorithm from header #254
  • Why is the result of decode is an array? #252
  • Add support for headless token #251
  • Leeway or exp_leeway #215
  • Could you describe purpose of cert fixtures and their cryptokey lengths. #185

Merged pull requests:

v2.1.0 (2017-10-06)

Full Changelog

Implemented enhancements:

  • Ed25519 support planned? #217
  • Verify JTI Proc #207
  • Allow a list of algorithms for decode #241 (lautis)
  • verify takes 2 params, second being payload closes: #207 #238 (ab320012)
  • simplified logic for keyfinder #237 (ab320012)
  • Show backtrace if rbnacl-libsodium not loaded #231 (buzztaiki)

Fixed bugs:

  • JWT.encode failing on encode for string #235
  • The README says it uses an algorithm by default #226
  • Fix string payload issue #236 (excpt)

Closed issues:

  • Change from 1.5.6 to 2.0.0 and appears a "Completed 401 Unauthorized" #240
  • Why doesn't the decode function use a default algorithm? #227

Merged pull requests:

v2.0.0 (2017-09-03)

Full Changelog

Implemented enhancements:

Fixed bugs:

  • Support versions outside 2.1 #209
  • Verifying expiration without leeway throws exception #206
  • Ruby interpreter warning #200
  • TypeError: no implicit conversion of String into Integer #188
  • Fix JWT.encode(nil) #203 (tmm1)

Closed issues:

  • Possibility to disable claim verifications #222
  • Proper way to verify Firebase id tokens #216

Merged pull requests:

v2.0.0.beta1 (2017-02-27)

Full Changelog

Implemented enhancements:

Fixed bugs:

  • ruby-jwt::raw_to_asn1: Fails for signatures less than byte_size #155
  • The leeway parameter is applies to all time based verifications #129
  • Add options for claim-specific leeway #187 (EmilioCristalli)
  • Make algorithm option required to verify signature #184 (EmilioCristalli)
  • Validate audience when payload is a scalar and options is an array #183 (steti)

Closed issues:

  • Different encoded value between servers with same password #197
  • Signature is different at each run #190
  • Include custom headers with password #189
  • can't create token - 'NotImplementedError: Unsupported signing method' #186
  • Cannot verify JWT at all?? #177
  • verify_iss: true is raising JWT::DecodeError instead of JWT::InvalidIssuerError #170

Merged pull requests:

v1.5.6 (2016-09-19)

Full Changelog

Fixed bugs:

  • Fix missing symbol handling in aud verify code #166 (excpt)

Merged pull requests:

v1.5.5 (2016-09-16)

Full Changelog

Implemented enhancements:

  • JWT.decode always raises JWT::ExpiredSignature for tokens created with Time objects passed as the exp parameter #148

Fixed bugs:

  • expiration check does not give "Signature has expired" error for the exact time of expiration #157
  • JTI claim broken? #152
  • Audience Claim broken? #151
  • 1.5.3 breaks compatibility with 1.5.2 #133
  • Version 1.5.3 breaks 1.9.3 compatibility, but not documented as such #132
  • Fix: exp claim check #161 (excpt)

Closed issues:

  • Rendering Json Results in JWT::DecodeError #162
  • PHP Libraries #154
  • [security] Signature verified after expiration/sub/iss checks #153
  • Is ruby-jwt thread-safe? #150
  • JWT 1.5.3 #143
  • gem install v 1.5.3 returns error #141
  • Adding a CHANGELOG #140

Merged pull requests:

v1.5.4 (2016-03-24)

Full Changelog

Closed issues:

Merged pull requests:

v1.5.3 (2016-02-24)

Full Changelog

Implemented enhancements:

  • Refactor obsolete code for ruby 1.8 support #120
  • Fix "Rubocop/Metrics/CyclomaticComplexity" issue in lib/jwt.rb #106
  • Fix "Rubocop/Metrics/CyclomaticComplexity" issue in lib/jwt.rb #105
  • Allow a proc to be passed for JTI verification #126 (yahooguntu)
  • Relax restrictions on "jti" claim verification #113 (lwe)

Closed issues:

  • Verifications not functioning in latest release #128
  • Base64 is generating invalid length base64 strings - cross language interop #127
  • Digest::Digest is deprecated; use Digest #119
  • verify_rsa no method 'verify' for class String #115
  • Add a changelog #111

Merged pull requests:

jwt-1.5.2 (2015-10-27)

Full Changelog

Implemented enhancements:

  • Must we specify algorithm when calling decode to avoid vulnerabilities? #107
  • Code review: Rspec test refactoring #85 (excpt)

Fixed bugs:

  • aud verifies if aud is passed in, :sub does not #102
  • iat check does not use leeway so nbf could pass, but iat fail #83

Closed issues:

  • Test ticket from Code Climate #104
  • Test ticket from Code Climate #100
  • Is it possible to decode the payload without validating the signature? #97
  • What is audience? #96
  • Options hash uses both symbols and strings as keys. #95

Merged pull requests:

jwt-1.5.1 (2015-06-22)

Full Changelog

Implemented enhancements:

  • Fix either README or source code #78
  • Validate against draft 20 #38

Fixed bugs:

  • ECDSA signature verification fails for valid tokens #84
  • Shouldn't verification of additional claims, like iss, aud etc. be enforced when in options? #81
  • Fix either README or source code #78
  • decode fails with 'none' algorithm and verify #75

Closed issues:

  • Doc mismatch: uninitialized constant JWT::ExpiredSignature #79
  • TypeError when specifying a wrong algorithm #77
  • jti verification doesn't prevent replays #73

Merged pull requests:

  • Correctly sign ECDSA JWTs #87 (jurriaan)
  • fixed results of decoded tokens in readme #86 (piscolomo)
  • Force verification of "iss" and "aud" claims #82 (lwe)

jwt-1.5.0 (2015-05-09)

Full Changelog

Implemented enhancements:

  • Needs to support asymmetric key signatures over shared secrets #46
  • Implement Elliptic Curve Crypto Signatures #74 (jtdowney)
  • Add an option to verify the signature on decode #71 (javawizard)

Closed issues:

  • Check JWT vulnerability #76

Merged pull requests:

  • Fixed some examples to make them copy-pastable #72 (jer)

jwt-1.4.1 (2015-03-12)

Full Changelog

Fixed bugs:

  • jti verification not working per the spec #68
  • Verify ISS should be off by default #66

Merged pull requests:

  • Fix #66 #68 #69 (excpt)
  • When throwing errors, mention expected/received values #65 (rolodato)

jwt-1.4.0 (2015-03-10)

Full Changelog

Closed issues:

  • The behavior using 'json' differs from 'multi_json' #41

Merged pull requests:

jwt-1.3.0 (2015-02-24)

Full Changelog

Closed issues:

  • Signature Verification to Return Verification Error rather than decode error #57
  • Incorrect readme for leeway #55
  • What is the reason behind stripping the = in base64 encoding? #54
  • Preperations for version 2.x #50
  • Release a new version #47
  • Catch up for ActiveWhatever 4.1.1 series #40

Merged pull requests:

  • raise verification error for signiture verification #58 (punkle)
  • Added support for not before claim verification #56 (punkle)
  • Preperations for version 2.x #49 (excpt)

jwt-1.2.1 (2015-01-22)

Full Changelog

Closed issues:

  • JWT.encode({"exp": 10}, "secret") #52
  • JWT.encode({"exp": 10}, "secret") #51

Merged pull requests:

  • Accept expiration claims as string #53 (yarmand)

jwt-1.2.0 (2014-11-24)

Full Changelog

Closed issues:

  • set token to expire #42

Merged pull requests:

jwt-0.1.13 (2014-05-08)

Full Changelog

Closed issues:

  • yanking of version 0.1.12 causes issues #39
  • Semantic versioning #37
  • Update gem to get latest changes #36

jwt-1.0.0 (2014-05-07)

Full Changelog

Closed issues:

  • API request - JWT::decoded_header() #26

Merged pull requests:

jwt-0.1.11 (2014-01-17)

Full Changelog

Closed issues:

  • url safe encode and decode #28
  • Release #27

Merged pull requests:

jwt-0.1.10 (2014-01-10)

Full Changelog

Closed issues:

  • change to signature of JWT.decode method #14

Merged pull requests:

jwt-0.1.8 (2013-03-14)

Full Changelog

Merged pull requests:

jwt-0.1.7 (2013-03-07)

Full Changelog

Merged pull requests:

  • Catch MultiJson::LoadError and reraise as JWT::DecodeError #16 (rwygand)

jwt-0.1.6 (2013-03-05)

Full Changelog

Merged pull requests:

  • Fixes a theoretical timing attack #15 (mgates)
  • Use StandardError as parent for DecodeError #13 (Oscil8)

jwt-0.1.5 (2012-07-20)

Full Changelog

Closed issues:

  • Unable to specify signature header fields #7

Merged pull requests:

jwt-0.1.4 (2011-11-11)

Full Changelog

Merged pull requests:

jwt-0.1.3 (2011-06-30)

Closed issues:

  • signatures calculated incorrectly (hexdigest instead of digest) #1

Merged pull requests:

* This Change Log was automatically generated by github_changelog_generator