Releases: jwt/ruby-jwt
Releases · jwt/ruby-jwt
jwt-2.8.1
jwt-2.8.0
Features:
- Updated rubocop to 1.56 #573 (@anakinj)
- Run CI on Ruby 3.3 #577 (@anakinj)
- Deprecation warning added for the HMAC algorithm HS512256 (HMAC-SHA-512 truncated to 256-bits) #575 (@anakinj)
- Stop using RbNaCl for standard HMAC algorithms #575 (@anakinj)
Fixes and enhancements:
- Fix signature has expired error if payload is a string #555 (@GobinathAL)
- Fix key base equality and spaceship operators #569 (@magneland)
- Remove explicit base64 require from x5c_key_finder #580 (@anakinj)
- Performance improvements and cleanup of tests #581 (@anakinj)
- Repair EC x/y coordinates when importing JWK #585 (@julik)
- Explicit dependency to the base64 gem #582 (@anakinj)
- Deprecation warning for decoding content not compliant with RFC 4648 #582 (@anakinj)
- Algorithms moved under the
::JWT::JWAmodule (@anakinj)
jwt-2.7.1
Fixes and enhancements:
- Handle invalid algorithm when decoding JWT #559 - @nataliastanko
- Do not raise error when verifying bad HMAC signature #563 - @hieuk09
jwt-2.7.0
Features:
- Support OKP (Ed25519) keys for JWKs #540 (@anakinj)
- JWK Sets can now be used for tokens with nil kid #543 (@bellebaum)
Fixes and enhancements:
- Fix issue with multiple keys returned by keyfinder and multiple allowed algorithms #545 (@mpospelov)
- Non-string
kidheader values are now rejected #543 (@bellebaum)
jwt-2.6.0
v2.6.0 (2022-12-22)
Features:
- Support custom algorithms by passing algorithm objects#512 (@anakinj).
- Support descriptive (not key related) JWK parameters#520 (@bellebaum).
- Support for JSON Web Key Sets#525 (@bellebaum).
- Support HMAC keys over 32 chars when using RbNaCl#521 (@anakinj).
Fixes and enhancements:
jwt-2.5.0
Features:
Fixes and enhancements:
- Bring back the old Base64 (RFC2045) deocode mechanisms #488 (@anakinj).
- Rescue RbNaCl exception for EdDSA wrong key #491 (@n-studio).
- New parameter name for cases when kid is not found using JWK key loader proc #501 (@anakinj).
- Fix NoMethodError when a 2 segment token is missing 'alg' header #502 (@cmrd-senya).
- Support OpenSSL >= 3.0 #496 (@anakinj).
jwt-2.4.1
v2.4.1 (2022-06-07)
Fixes and enhancements:
- Raise JWT::DecodeError on invalid signature #484 (@freakyfelt!).
jwt-2.4.0
v2.4.0 (2022-06-06)
Features:
- Dropped support for Ruby 2.5 and older #453 - @anakinj.
- Use Ruby built-in url-safe base64 methods #454 - @bdewater.
- Updated rubocop to 1.23.0 #457 - @anakinj.
- Add x5c header key finder #338 - @bdewater.
- Author driven changelog process #463 - @anakinj.
- Allow regular expressions and procs to verify issuer #437 (rewritten).
- Add Support to be able to verify from multiple keys #425 (ritikesh).
Fixes and enhancements:
- Readme: Typo fix re MissingRequiredClaim #451 (antonmorant).
- Fix RuboCop TODOs #476 (typhoon2099).
- Make specific algorithms in README linkable #472 (milieu).
- Update note about supported JWK types #475 (dpashkevich).
- Create CODE_OF_CONDUCT.md #449 (loic5).
jwt-2.4.0.beta1
v2.4.0 (2022-05-03)
Implemented enhancements:
- Ensure presence of claims #244
- Support verifying signature signed using x5c header #59
- Add x5c header key finder #338 (bdewater)
Security fixes:
- Importing JWK then exporting results in different
kid#313
Closed issues:
- Is there a way to decode a ES256 encoded JWT with a root certificate but without a public key or a private key? #471
- Encode output with extra quote #469
- Please release new gem version #444
- HS512 signature verification fails for valid tokens #438
- ArgumentError: invalid base64 while calling JWT::JWK.import(hash) #361
- NoMethodError (undefined method `encode' for JsonWebToken:Module) #329
Merged pull requests:
- Fix RuboCop TODOs #476 (typhoon2099)
- Update note about supported JWK types #475 (dpashkevich)
- Make specific algorithms in README linkable #472 (milieu)
- Add tests for keyfinder logic to ensure the argument count does not matter #467 (anakinj)
- More tests for none token #466 (anakinj)
- Improve non algorithm tests #465 (anakinj)
- Bring back Ruby 2.5 support and CodeClimate coverage reports #464 (anakinj)
- Fix a little RuboCop issue #462 (anakinj)
- Fixes with latest RuboCop #459 (anakinj)
- Removed bundler-audit from codeclimate config #458 (anakinj)
- Updated rubocop to 1.23.0 #457 (anakinj)
- Add Ruby 3.1 to test matrix #456 (anakinj)
- Use Ruby built-in url-safe base64 methods #454 (bdewater)
- Stop running tests on EOL rubies. #453 (anakinj)
- Fix openssl gem version check to support versons greater than 3 #452 (anakinj)
- Readme: Typo fix re MissingRequiredClaim #451 (antonmorant)
- Fix for exception after mergeing #385 #450 (anakinj)
- Create CODE_OF_CONDUCT.md #449 (loic5)
- Allow regular expressions and procs to verify issuer #437 (rewritten)
- Add Support to be able to verify from multiple keys #425 (ritikesh)
- Define the secp256r1 curve #385 (anakinj)
jwt-2.3.0
v2.3.0 (2021-10-03)
Closed issues:
- [SECURITY] Algorithm Confusion Through kid Header #440
- JWT to memory #436
- ArgumentError: wrong number of arguments (given 2, expected 1) #429
- HMAC section of README outdated #421
- NoMethodError: undefined method `zero?' for nil:NilClass if JWT has no 'alg' field #410
- Release new version #409
- NameError: uninitialized constant JWT::JWK #403
Merged pull requests:
- Fix Style/MultilineIfModifier issues #447 (anakinj)
- feat(EdDSA): Accept EdDSA as algorithm header #446 (Pierre-Michard)
- Pass kid param through JWT::JWK.create_from #445 (shaun-guth-allscripts)
- fix document about passing JWKs as a simple Hash #443 (takayamaki)
- Tests for mixing JWK keys with mismatching algorithms #441 (anakinj)
- verify_claims test shouldnt be within the verify_sub test #431 (andyjdavis)
- Allow decode options to specify required claims #430 (andyjdavis)
- Fix OpenSSL::PKey::EC public_key handing in tests #427 (anakinj)
- Add documentation for find_key #426 (ritikesh)
- Give ruby 3.0 as a string to avoid number formatting issues #424 (anakinj)
- Tests for iat verification behaviour #423 (anakinj)
- Remove HMAC with nil secret from documentation #422 (boardfish)
- Update broken link in README #420 (severin)
- Add metadata for RubyGems #418 (nickhammond)
- Fixed a typo about class name #417 (mai-f)
- Fix references for v2.2.3 on CHANGELOG #416 (vyper)
- Raise IncorrectAlgorithm if token has no alg header #411 (bouk)