Releases · 99designs/http-signatures-php

Fixes a potential timing attack vulnerability in our HMAC signature comparison using a double HMAC approach. This fix has already been applied to v3.1.1, this is a backport for 2.x. Thanks to @afk11 for submitting this.

Assets 2

18 Jan 22:02

rbone

3.1.1

fd2d274

Fix potential time attack vulnerability in HMAC signature comparison

Fixes a potential timing attack vulnerability in our HMAC signature comparison using a double HMAC approach. Thanks to @afk11 for submitting this.

Assets 2

17 Oct 03:27

navitronic

3.1

1d64ff6

Use RequestInterface

This release:

Replaces usages of MessageInterface with RequestInterface
Removes type hinting for PSR-7 interfaces in methods

Assets 2

20 Sep 00:31

navitronic

3.0

4836b46

PSR-7 support

This release updates the library to expect PSR-7 messages for signing and verification.

Note: This change means that this library is not backwards compatible with previous versions. Please understand what PSR-7 is and how it applies to your application before upgrading.

Assets 2

02 Jul 14:13

navitronic

2.0.4

c47fc57

Widen Symfony version constraints

This version further widens the installable Symfony versions

Assets 2

04 May 02:56

navitronic

v2.0.3

4c6c7c1

Widen Symfony version constraints

Merge pull request #23 from 99designs/symfony-constraint-update

Widen installable versions of Symfony component

Assets 2

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Removed

Fixed

Releases: 99designs/http-signatures-php

4.0.0

Removed

3.1.2

Fixed

Fix potential time attack vulnerability in HMAC signature comparison for 2.x

Fix potential time attack vulnerability in HMAC signature comparison

Use RequestInterface

PSR-7 support

Widen Symfony version constraints

Widen Symfony version constraints