All Versions
27
Latest Version
Avg Release Cycle
99 days
Latest Release
440 days ago
Changelog History
Page 1
Changelog History
Page 1
-
v2.2.0
May 23, 2019💎 v2.2.0 (2019-03-20)
Implemented enhancements:
- 💎 Use iat_leeway option #273
- ✅ Use of global state in latest version breaks thread safety of JWT.decode #268
- 💎 JSON support #246
- 🔄 Change the Github homepage URL to https #301 (ekohl)
- 🛠 Fix Salt length for conformance with PS family specification. #300 (tobypinder)
- ➕ Add support for Ruby 2.6 #299 (bustikiller)
- ⚡️ update homepage in gemspec to use HTTPS #298 (evgeni)
- 💎 Make sure alg parameter value isn't added twice #297 (korstiaan)
- 💎 Claims Validation #295 (jamesstonehill)
- 🛠 JWT::Encode refactorings, alg and exp related bugfixes #293 (anakinj)
- 💎 Proposal of simple JWK support #289 (anakinj)
- ➕ Add RSASSA-PSS signature signing support #285 (oliver-hohn)
- ➕ Add note about using a hard coded algorithm in README #280 (revodoge)
- ➕ Add Appraisal support #278 (olbrich)
- 🛠 Fix decode threading issue #269 (ab320012)
- ✂ Removed leeway from verify_iat #257 (ab320012)
🛠 Fixed bugs:
- 🛰 Inconsistent handling of payload claim data types #282
- 💎 Use iat_leeway option #273
- 💎 Issued at validation #247
- 🛠 Fix bug and simplify segment validation #292 (anakinj)
- ✂ Removed leeway from verify_iat #257 (ab320012)
Closed issues:
- 💎 RS256, public and private keys #291
- 👍 Allow passing current time to
decode#288 - 👌 Verify exp claim without verifying jwt #281
- 💎 Decoding JWT with ES256 and secp256k1 curve #277
- 💎 Audience as an array - how to specify? #276
- 💎 signature validation using decode method for JWT #271
- 💎 JWT is easily breakable #267
- 💎 Ruby JWT Token #265
- 💎 ECDSA supported algorithms constant is defined as a string, not an array #264
- 💎 NoMethodError: undefined method `group' for <xxxxx> #261
- 💎 'DecodeError'will replace 'ExpiredSignature' #260
- 💎 TypeError: no implicit conversion of OpenSSL::PKey::RSA into String #259
- 💎 NameError: uninitialized constant JWT::Algos::Eddsa::RbNaCl #258
- 💎 Get new token if curren token expired #256
- 💎 Infer algorithm from header #254
- 💎 Why is the result of decode is an array? #252
- ➕ Add support for headless token #251
- 💎 Leeway or exp_leeway #215
- 💎 Could you describe purpose of cert fixtures and their cryptokey lengths. #185
🔀 Merged pull requests:
- 💎 Misc config improvements #296 (jamesstonehill)
- 🛠 Fix JSON conflict between #293 and #292 #294 (anakinj)
- ⬇️ Drop Ruby 2.2 from test matrix #290 (anakinj)
- ✂ Remove broken reek config #283 (excpt)
- ➕ Add missing test, Update common files #275 (excpt)
- ✂ Remove iat_leeway option #274 (wohlgejm)
- 💎 improving code quality of jwt module #266 (ab320012)
- 🛠 fixed ECDSA supported versions const #263 (starbeast)
- ➕ Added my name to contributor list #262 (ab320012)
- 💎 Use
Class\#newShorthand For Error Subclasses #255 (akabiru) - ✅ [CI] Test against Ruby 2.5 #253 (nicolasleger)
- 🛠 Fix README #250 (rono23)
- 🛠 Fix link format #248 (y-yagi)
-
v2.1.0
October 06, 2017💎 2.1.0 (2017-10-06)
Implemented enhancements:
- 💎 Ed25519 support planned? #217
- 👌 Verify JTI Proc #207
- 👍 Allow a list of algorithms for decode #241 (lautis)
- 👌 verify takes 2 params, second being payload closes: #207 #238 (ab320012)
- 💎 simplified logic for keyfinder #237 (ab320012)
- 💎 Show backtrace if rbnacl-libsodium not loaded #231 (buzztaiki)
- 👌 Support for ED25519 #229 (ab320012)
🛠 Fixed bugs:
- 💎 JWT.encode failing on encode for string #235
- 0️⃣ The README says it uses an algorithm by default #226
- 🛠 Fix string payload issue #236 (excpt)
Closed issues:
- 🔄 Change from 1.5.6 to 2.0.0 and appears a "Completed 401 Unauthorized" #240
- 0️⃣ Why doesn't the decode function use a default algorithm? #227
🔀 Merged pull requests:
-
v2.0.0
September 03, 2017Implemented enhancements:
🛠 Fixed bugs:
- 👌 Support versions outside 2.1 #209
- 👌 Verifying expiration without leeway throws exception #206
- ⚠ Ruby interpreter warning #200
- 💎 TypeError: no implicit conversion of String into Integer #188
- 🛠 Fix JWT.encode(nil) #203 (tmm1)
Closed issues:
🔀 Merged pull requests:
- 🚀 Release 2.0.0 preparations :) #225 (excpt)
- 🛰 Skip 'exp' claim validation for array payloads #224 (excpt)
- 0️⃣ Use a default leeway of 0 #223 (travisofthenorth)
- 🛠 Fix reported codesmells #221 (excpt)
- ➕ Add fancy gem version badge #220 (excpt)
- ➕ Add missing dist option to .travis.yml #219 (excpt)
- 🛠 Fix ruby version requirements in gemspec file #218 (excpt)
- 🛠 Fix a little typo in the readme #214 (RyanBrushett)
- ⚡️ Update README.md #212 (zuzannast)
- 🛠 Fix typo in HS512256 algorithm description #211 (ojab)
- 👍 Allow configuration of multiple acceptable issuers #210 (ojab)
- 💎 Enforce
expto be anInteger#205 (lucasmazza) - 💎 ruby 1.9.3 support message upd #204 (maokomioko)
- 💎 Guard against partially loaded RbNaCl when failing to load libsodium #202 (Dorian)
-
v2.0.0.beta1
February 27, 2017🔄 Changelog
💎 v2.0.0.beta1 (2017-02-27)
Implemented enhancements:
- 💎 Error with method sign for String #171
- ♻️ Refactor the encondig code #121
- ♻️ Refactor #196 (EmilioCristalli)
- 🚚 Move signature logic to its own module #195 (EmilioCristalli)
- ➕ Add options for claim-specific leeway #187 (EmilioCristalli)
- ➕ Add user friendly encode error if private key is a String, #171 #176 (xamenrax)
- 💎 Return empty string if signature less than byte_size #155 #175 (xamenrax)
- ✂ Remove 'typ' optional parameter #174 (xamenrax)
- 🛰 Pass payload to keyfinder #172 (CodeMonkeySteve)
- 💎 Use RbNaCl for HMAC if available with fallback to OpenSSL #149 (mwpastore)
🛠 Fixed bugs:
- ruby-jwt::raw_to_asn1: Fails for signatures less than byte_size #155
- 💎 The leeway parameter is applies to all time based verifications #129
- ➕ Add options for claim-specific leeway #187 (EmilioCristalli)
- 💎 Make algorithm option required to verify signature #184 (EmilioCristalli)
- 🛰 Validate audience when payload is a scalar and options is an array #183 (steti)
Closed issues:
- 💎 Different encoded value between servers with same password #197
- 💎 Signature is different at each run #190
- 💎 Include custom headers with password #189
- 💎 can't create token - 'NotImplementedError: Unsupported signing method' #186
- 💎 Why jwt depends on json < 2.0 ? #179
- 💎 Cannot verify JWT at all?? #177
- 👌 verify_iss: true is raising JWT::DecodeError instead of JWT::InvalidIssuerError #170
🔀 Merged pull requests:
- 🔖 Version bump 2.0.0.beta1 #199 (excpt)
- ⚡️ Update CHANGELOG.md and minor fixes #198 (excpt)
- ➕ Add Codacy coverage reporter #194 (excpt)
- ➕ Add minimum required ruby version to gemspec #193 (excpt)
- 💎 Code smell fixes #192 (excpt)
- 🔖 Version bump to 2.0.0.dev #191 (excpt)
- ♻️ Basic encode module refactoring #121 #182 (xamenrax)
- 🛠 Fix travis ci build configuration #181 (excpt)
- 🛠 Fix travis ci build configuration #180 (excpt)
- 🛠 Fix typo in README #178 (tomeduarte)
- 🛠 Fix code style #173 (excpt)
- 🛠 Fixed a typo in a spec name #169 (Mingan)
-
v1.5.5
September 16, 2016Implemented enhancements:
- 💎 JWT.decode always raises JWT::ExpiredSignature for tokens created with Time objects passed as the
expparameter #148
🛠 Fixed bugs:
- 💎 expiration check does not give "Signature has expired" error for the exact time of expiration #157
- 💎 JTI claim broken? #152
- 💎 Audience Claim broken? #151
- 💎 1.5.3 breaks compatibility with 1.5.2 #133
- 🔖 Version 1.5.3 breaks 1.9.3 compatibility, but not documented as such #132
- 🛠 Fix: exp claim check #161 (excpt)
Closed issues:
- 💎 Rendering Json Results in JWT::DecodeError #162
- 💎 PHP Libraries #154
- 🔒 [security] Signature verified after expiration/sub/iss checks #153
- 💎 Is ruby-jwt thread-safe? #150
- 💎 JWT 1.5.3 #143
- 💎 gem install v 1.5.3 returns error #141
- ➕ Adding a CHANGELOG #140
🔀 Merged pull requests:
- ⬆️ Bump version #165 (excpt)
- 👌 Improve error message for exp claim in payload #164 (excpt)
- 🛠 Fix #151 and code refactoring #163 (excpt)
- 💎 Signature validation before claim verification #160 (excpt)
- 💎 Create specs for README.md examples #159 (excpt)
- 💎 Tiny Readme Improvement #156 (b264)
- ➕ Added test execution to Rakefile #147 (jabbrwcky)
- ➕ Add more bling bling to the site #146 (excpt)
- ⬆️ Bump version #145 (excpt)
- ➕ Add first content and basic layout #144 (excpt)
- ➕ Add a changelog file #142 (excpt)
- 💎 Return decoded_segments #139 (akostrikov)
- 💎 JWT.decode always raises JWT::ExpiredSignature for tokens created with Time objects passed as the
-
v1.5.4
March 24, 2016 -
v1.5.3
February 24, 2016🔄 Changelog
- ⬇️ Dropped ruby 1.9.3 support #131
- 📚 Update README.md - improve documentation and fix typos
- ✂ Removed
echoedependency - 🛠 Fix hash/string key issue in options #130
- 👍 Allow a proc to be passed for JTI verification #126
- ♻️ Code refactoring and code smell fixes
Commits
🔀 4a0b939 Merge pull request #131 from jwt/drop-ruby-1.9.3-support
⚡️ cfc8362 Update .travis.yml
🔀 04120f6 Merge pull request #130 from tpickett66/hash-keys
💎 a4d0473 Bump version
💎 a6d1a33 Allow verification option keys to be strings or symbols
💎 b47ab94 Make Verify an instantiatable class
🛰 6a9b5cc Adjust aud checking to use a string key against the payload
🚚 7b80ec9 Move Verify specs to a separate file.
⚡️ 2c7837f update testing and install sections of readme
🔀 d4fca40 Merge pull request #126 from yahooguntu/master
💎 0100ad6 Allow a proc to be passed for JTI verification
♻️ b85b30e Merge pull request #122 from excpt/refactor-json-dependency
🔀 1499b16 Merge pull request #123 from excpt/ci-settings
🚚 2d5bc86 Remove obsolete json code
✅ a03fbaf Add ruby 2.3.0 for travis ci testing
⚡️ 91b4220 Update README.md
🔀 86f470b Merge pull request #118 from excpt/master
💎 a6672da Add fancy badges to README.md
🔀 0a2fa6c Merge pull request #117 from excpt/master
🔀 707376a Fix merge options bug
💎 f889e49 Fix some code smells
💎 a0815ee Fix some more code smells
💎 e556eb9 Fix some code smells in JWT::Verify class
♻️ 7a7ac9a Refactor decode and verify functionality
🔀 59dd2e0 Merge pull request #116 from excpt/master
💎 79cdce8 Fix code smell reported by rubocop
💎 451d950 Fix code smells reported by rubocop
✅ 4d440dc Fix travis test command
🚚 279df0e Remove echoe dependency
🚚 4f45b66 Add version class, remove utf8 encoding comment
⚡️ 559a23b Update codeclimate settings
🔀 cabde34 Merge pull request #114 from FXFusion/master
⚡️ e5a94db Updated readme for iss/aud options
🔀 6c84213 Merge pull request #113 from lwe/lwe-jti-validation-fix
💎 320306b relax restrictions on "jti" claim verification
🔀 27c7412 Merge pull request #112 from kat3kasper/fix/misspelling
💎 02cbbd6 Fix error misspelling -
v1.5.2
October 27, 2015Implemented enhancements:
- 💎 Must we specify algorithm when calling decode to avoid vulnerabilities? #107
- ♻️ Code review: Rspec test refactoring #85 (excpt)
🛠 Fixed bugs:
- 💎 aud verifies if aud is passed in, :sub does not #102
- 💎 iat check does not use leeway so nbf could pass, but iat fail #83
Closed issues:
- ✅ Test ticket from Code Climate #104
- ✅ Test ticket from Code Climate #100
- 🛰 Is it possible to decode the payload without validating the signature? #97
- 💎 What is audience? #96
- 💎 Options hash uses both symbols and strings as keys. #95
🔀 Merged pull requests:
- 🛠 Fix incorrect
iatexamples #109 (kjwierenga) - ⚡️ Update docs to include instructions for the algorithm parameter. #108 (aarongray)
- 💎 make sure :sub check behaves like :aud check #103 (skippy)
- 🔄 Change hash syntax #101 (excpt)
- 💎 Include LICENSE and README.md in gem #99 (bkeepers)
- ✂ Remove unused variable in the sample code. #98 (hypermkt)
- 🛠 Fix iat claim example #94 (larrylv)
- 🛠 Fix wrong description in README.md #93 (larrylv)
- 💎 JWT and JWA are now RFC. #92 (aj-michael)
- ⚡️ Update README.md #91 (nsarno)
- 🛠 Fix missing verify parameter in docs #90 (ernie)
- 💎 Iat check uses leeway. #89 (aj-michael)
- 💎 nbf check allows exact time matches. #88 (aj-michael)