31 KiB
Change Log
2.1.0 (2017-10-06)
Implemented enhancements:
- Ed25519 support planned? #217
- Verify JTI Proc #207
- Allow a list of algorithms for decode #241 (lautis)
- verify takes 2 params, second being payload closes: #207 #238 (ab320012)
- simplified logic for keyfinder #237 (ab320012)
- Show backtrace if rbnacl-libsodium not loaded #231 (buzztaiki)
- Support for ED25519 #229 (ab320012)
Fixed bugs:
- JWT.encode failing on encode for string #235
- The README says it uses an algorithm by default #226
- Fix string payload issue #236 (excpt)
Closed issues:
- Change from 1.5.6 to 2.0.0 and appears a "Completed 401 Unauthorized" #240
- Why doesn't the decode function use a default algorithm? #227
Merged pull requests:
- Update README.md #242 (excpt)
- Update ebert configuration #232 (excpt)
- added algos/strategy classes + structs for inputs #230 (ab320012)
- Add HS256 algorithm to decode default options #228 (madkin10)
v2.0.0 (2017-09-03)
Fixed bugs:
- Support versions outside 2.1 #209
- Verifying expiration without leeway throws exception #206
- Ruby interpreter warning #200
- TypeError: no implicit conversion of String into Integer #188
- Fix JWT.encode(nil) #203 (tmm1)
Closed issues:
Merged pull requests:
- Release 2.0.0 preparations :) #225 (excpt)
- Skip 'exp' claim validation for array payloads #224 (excpt)
- Use a default leeway of 0 #223 (travisofthenorth)
- Fix reported codesmells #221 (excpt)
- Add fancy gem version badge #220 (excpt)
- Add missing dist option to .travis.yml #219 (excpt)
- Fix ruby version requirements in gemspec file #218 (excpt)
- Fix a little typo in the readme #214 (RyanBrushett)
- Update README.md #212 (zuzannast)
- Fix typo in HS512256 algorithm description #211 (ojab)
- Allow configuration of multiple acceptable issuers #210 (ojab)
- Enforce
exp
to be anInteger
#205 (lucasmazza) - ruby 1.9.3 support message upd #204 (maokomioko)
- Guard against partially loaded RbNaCl when failing to load libsodium #202 (Dorian)
v2.0.0.beta1 (2017-02-27)
Implemented enhancements:
- Error with method sign for String #171
- Refactor the encondig code #121
- Refactor #196 (EmilioCristalli)
- Move signature logic to its own module #195 (EmilioCristalli)
- Add options for claim-specific leeway #187 (EmilioCristalli)
- Add user friendly encode error if private key is a String, #171 #176 (xamenrax)
- Return empty string if signature less than byte_size #155 #175 (xamenrax)
- Remove 'typ' optional parameter #174 (xamenrax)
- Pass payload to keyfinder #172 (CodeMonkeySteve)
- Use RbNaCl for HMAC if available with fallback to OpenSSL #149 (mwpastore)
Fixed bugs:
- ruby-jwt::raw_to_asn1: Fails for signatures less than byte_size #155
- The leeway parameter is applies to all time based verifications #129
- Add options for claim-specific leeway #187 (EmilioCristalli)
- Make algorithm option required to verify signature #184 (EmilioCristalli)
- Validate audience when payload is a scalar and options is an array #183 (steti)
Closed issues:
- Different encoded value between servers with same password #197
- Signature is different at each run #190
- Include custom headers with password #189
- can't create token - 'NotImplementedError: Unsupported signing method' #186
- Why jwt depends on json < 2.0 ? #179
- Cannot verify JWT at all?? #177
- verify_iss: true is raising JWT::DecodeError instead of JWT::InvalidIssuerError #170
Merged pull requests:
- Version bump 2.0.0.beta1 #199 (excpt)
- Update CHANGELOG.md and minor fixes #198 (excpt)
- Add Codacy coverage reporter #194 (excpt)
- Add minimum required ruby version to gemspec #193 (excpt)
- Code smell fixes #192 (excpt)
- Version bump to 2.0.0.dev #191 (excpt)
- Basic encode module refactoring #121 #182 (xamenrax)
- Fix travis ci build configuration #181 (excpt)
- Fix travis ci build configuration #180 (excpt)
- Fix typo in README #178 (tomeduarte)
- Fix code style #173 (excpt)
- Fixed a typo in a spec name #169 (Mingan)
v1.5.6 (2016-09-19)
Fixed bugs:
Merged pull requests:
v1.5.5 (2016-09-16)
Implemented enhancements:
- JWT.decode always raises JWT::ExpiredSignature for tokens created with Time objects passed as the
exp
parameter #148
Fixed bugs:
- expiration check does not give "Signature has expired" error for the exact time of expiration #157
- JTI claim broken? #152
- Audience Claim broken? #151
- 1.5.3 breaks compatibility with 1.5.2 #133
- Version 1.5.3 breaks 1.9.3 compatibility, but not documented as such #132
- Fix: exp claim check #161 (excpt)
Closed issues:
- Rendering Json Results in JWT::DecodeError #162
- PHP Libraries #154
- [security] Signature verified after expiration/sub/iss checks #153
- Is ruby-jwt thread-safe? #150
- JWT 1.5.3 #143
- gem install v 1.5.3 returns error #141
- Adding a CHANGELOG #140
Merged pull requests:
- Bump version #165 (excpt)
- Improve error message for exp claim in payload #164 (excpt)
- Fix #151 and code refactoring #163 (excpt)
- Signature validation before claim verification #160 (excpt)
- Create specs for README.md examples #159 (excpt)
- Tiny Readme Improvement #156 (b264)
- Added test execution to Rakefile #147 (jabbrwcky)
- Add more bling bling to the site #146 (excpt)
- Bump version #145 (excpt)
- Add first content and basic layout #144 (excpt)
- Add a changelog file #142 (excpt)
- Return decoded_segments #139 (akostrikov)
v1.5.4 (2016-03-24)
Closed issues:
Merged pull requests:
- Update README.md #138 (excpt)
- Fix base64url_decode #136 (excpt)
- Fix ruby 1.9.3 compatibility #135 (excpt)
- iat can be a float value #134 (llimllib)
v1.5.3 (2016-02-24)
Implemented enhancements:
- Refactor obsolete code for ruby 1.8 support #120
- Fix "Rubocop/Metrics/CyclomaticComplexity" issue in lib/jwt.rb #106
- Fix "Rubocop/Metrics/CyclomaticComplexity" issue in lib/jwt.rb #105
- Allow a proc to be passed for JTI verification #126 (yahooguntu)
- Relax restrictions on "jti" claim verification #113 (lwe)
Closed issues:
- Verifications not functioning in latest release #128
- Base64 is generating invalid length base64 strings - cross language interop #127
- Digest::Digest is deprecated; use Digest #119
- verify_rsa no method 'verify' for class String #115
- Add a changelog #111
Merged pull requests:
- Drop ruby 1.9.3 support #131 (excpt)
- Allow string hash keys in validation configurations #130 (tpickett66)
- Add ruby 2.3.0 for travis ci testing #123 (excpt)
- Remove obsolete json code #122 (excpt)
- Add fancy badges to README.md #118 (excpt)
- Refactor decode and verify functionality #117 (excpt)
- Drop echoe dependency for gem releases #116 (excpt)
- Updated readme for iss/aud options #114 (ryanmcilmoyl)
- Fix error misspelling #112 (kat3kasper)
jwt-1.5.2 (2015-10-27)
Implemented enhancements:
- Must we specify algorithm when calling decode to avoid vulnerabilities? #107
- Code review: Rspec test refactoring #85 (excpt)
Fixed bugs:
- aud verifies if aud is passed in, :sub does not #102
- iat check does not use leeway so nbf could pass, but iat fail #83
Closed issues:
- Test ticket from Code Climate #104
- Test ticket from Code Climate #100
- Is it possible to decode the payload without validating the signature? #97
- What is audience? #96
- Options hash uses both symbols and strings as keys. #95
Merged pull requests:
- Fix incorrect
iat
examples #109 (kjwierenga) - Update docs to include instructions for the algorithm parameter. #108 (aarongray)
- make sure :sub check behaves like :aud check #103 (skippy)
- Change hash syntax #101 (excpt)
- Include LICENSE and README.md in gem #99 (bkeepers)
- Remove unused variable in the sample code. #98 (hypermkt)
- Fix iat claim example #94 (larrylv)
- Fix wrong description in README.md #93 (larrylv)
- JWT and JWA are now RFC. #92 (aj-michael)
- Update README.md #91 (nsarno)
- Fix missing verify parameter in docs #90 (ernie)
- Iat check uses leeway. #89 (aj-michael)
- nbf check allows exact time matches. #88 (aj-michael)
jwt-1.5.1 (2015-06-22)
Implemented enhancements:
Fixed bugs:
- ECDSA signature verification fails for valid tokens #84
- Shouldn't verification of additional claims, like iss, aud etc. be enforced when in options? #81
- Fix either README or source code #78
- decode fails with 'none' algorithm and verify #75
Closed issues:
- Doc mismatch: uninitialized constant JWT::ExpiredSignature #79
- TypeError when specifying a wrong algorithm #77
- jti verification doesn't prevent replays #73
Merged pull requests:
- Correctly sign ECDSA JWTs #87 (jurriaan)
- fixed results of decoded tokens in readme #86 (piscolomo)
- Force verification of "iss" and "aud" claims #82 (lwe)
jwt-1.5.0 (2015-05-09)
Implemented enhancements:
- Needs to support asymmetric key signatures over shared secrets #46
- Implement Elliptic Curve Crypto Signatures #74 (jtdowney)
- Add an option to verify the signature on decode #71 (javawizard)
Closed issues:
- Check JWT vulnerability #76
Merged pull requests:
jwt-1.4.1 (2015-03-12)
Fixed bugs:
Merged pull requests:
jwt-1.4.0 (2015-03-10)
Closed issues:
- The behavior using 'json' differs from 'multi_json' #41
Merged pull requests:
- Release 1.4.0 #64 (excpt)
- Update README.md and remove dead code #63 (excpt)
- Add 'iat/ aud/ sub/ jti' support for ruby-jwt #62 (ZhangHanDong)
- Add 'iss' support for ruby-jwt #61 (ZhangHanDong)
- Clarify .encode API in README #60 (jbodah)
jwt-1.3.0 (2015-02-24)
Closed issues:
- Signature Verification to Return Verification Error rather than decode error #57
- Incorrect readme for leeway #55
- What is the reason behind stripping the = in base64 encoding? #54
- Preperations for version 2.x #50
- Release a new version #47
- Catch up for ActiveWhatever 4.1.1 series #40
Merged pull requests:
- raise verification error for signiture verification #58 (punkle)
- Added support for not before claim verification #56 (punkle)
- Preperations for version 2.x #49 (excpt)
jwt-1.2.1 (2015-01-22)
Closed issues:
Merged pull requests:
jwt-1.2.0 (2014-11-24)
Closed issues:
- set token to expire #42
Merged pull requests:
jwt-0.1.13 (2014-05-08)
Closed issues:
jwt-1.0.0 (2014-05-07)
Closed issues:
- API request - JWT::decoded_header() #26
Merged pull requests:
- return header along with playload after decoding #35 (sawyerzhang)
- Raise JWT::DecodeError on nil token #34 (tjmw)
- Make MultiJson optional for Ruby 1.9+ #33 (petergoldstein)
- Allow access to header and payload without signature verification #32 (petergoldstein)
- Update specs to use RSpec 3.0.x syntax #31 (petergoldstein)
- Travis - Add Ruby 2.0.0, 2.1.0, Rubinius #30 (petergoldstein)
jwt-0.1.11 (2014-01-17)
Closed issues:
Merged pull requests:
jwt-0.1.10 (2014-01-10)
Closed issues:
- change to signature of JWT.decode method #14
Merged pull requests:
- Fix warning: assigned but unused variable - e #25 (sferik)
- Echoe doesn't define a license= method #24 (sferik)
- Use OpenSSL::Digest instead of deprecated OpenSSL::Digest::Digest #23 (JuanitoFatas)
- Handle some invalid JWTs #22 (steved)
- Add MIT license to gemspec #21 (nycvotes-dev)
- Tweaks and improvements #20 (threedaymonk)
- Don't leave errors in OpenSSL.errors when there is a decoding error. #19 (lowellk)
jwt-0.1.8 (2013-03-14)
Merged pull requests:
- Contrib and update #18 (threedaymonk)
- Verify if verify is truthy
not just true
#17 (threedaymonk)
jwt-0.1.7 (2013-03-07)
Merged pull requests:
jwt-0.1.6 (2013-03-05)
Merged pull requests:
- Fixes a theoretical timing attack #15 (mgates)
- Use StandardError as parent for DecodeError #13 (Oscil8)
jwt-0.1.5 (2012-07-20)
Closed issues:
- Unable to specify signature header fields #7
Merged pull requests:
- MultiJson dependency uses ~> but should be >= #12 (sporkmonger)
- Oops. :-) #11 (sporkmonger)
- Fix issue with signature verification in JRuby #10 (sporkmonger)
- Depend on MultiJson #9 (lautis)
- Allow for custom headers on encode and decode #8 (dgrijalva)
- Missing development dependency for echoe gem. #6 (sporkmonger)
jwt-0.1.4 (2011-11-11)
Merged pull requests:
- Fix for RSA verification #5 (jordan-brough)
jwt-0.1.3 (2011-06-30)
Closed issues:
- signatures calculated incorrectly
hexdigest instead of digest
#1
Merged pull requests:
- Bumped a version and added a .gemspec using rake build_gemspec #3 (zhitomirskiyi)
- Added RSA support #2 (zhitomirskiyi)
* This Change Log was automatically generated by github_changelog_generator