All Versions
33
Latest Version
Avg Release Cycle
132 days
Latest Release
942 days ago
Changelog History
Page 1
Changelog History
Page 1
-
v2.5.0 Changes
August 25, 2022๐ Full Changelog
๐ Features:
- ๐ Support JWK thumbprints as key ids #481 (@anakinj).
- ๐ Support OpenSSL >= 3.0 #496 (@anakinj).
๐ Fixes and enhancements:
- ๐ Bring back the old Base64 (RFC2045) deocode mechanisms #488 (@anakinj).
- ๐ Rescue RbNaCl exception for EdDSA wrong key #491 (@n-studio).
- ๐ New parameter name for cases when kid is not found using JWK key loader proc #501 (@anakinj).
- ๐ Fix NoMethodError when a 2 segment token is missing 'alg' header #502 (@cmrd-senya).
-
v2.4.1 Changes
June 07, 2022๐ Full Changelog
๐ Fixes and enhancements:
- ๐ Raise JWT::DecodeError on invalid signature #484 (@freakyfelt!).
-
v2.4.0 Changes
June 06, 2022๐ Full Changelog
๐ Features:
- โฌ๏ธ Dropped support for Ruby 2.5 and older #453 - @anakinj.
- ๐ Use Ruby built-in url-safe base64 methods #454 - @bdewater.
- โก๏ธ Updated rubocop to 1.23.0 #457 - @anakinj.
- โ Add x5c header key finder #338 - @bdewater.
- ๐ Author driven changelog process #463 - @anakinj.
- ๐ Allow regular expressions and procs to verify issuer #437 (rewritten).
- โ Add Support to be able to verify from multiple keys #425 (ritikesh).
๐ Fixes and enhancements:
- ๐ Readme: Typo fix re MissingRequiredClaim #451 (antonmorant).
- ๐ Fix RuboCop TODOs #476 (typhoon2099).
- ๐ Make specific algorithms in README linkable #472 (milieu).
- โก๏ธ Update note about supported JWK types #475 (dpashkevich).
- Create CODE_OF_CONDUCT.md #449 (loic5).
-
v2.3.0 Changes
October 03, 2021๐ Full Changelog
Closed issues:
- ๐ [SECURITY] Algorithm Confusion Through kid Header #440
- ๐ JWT to memory #436
- ๐ ArgumentError: wrong number of arguments (given 2, expected 1) #429
- ๐ HMAC section of README outdated #421
- ๐ NoMethodError: undefined method `zero?' for nil:NilClass if JWT has no 'alg' field #410
- ๐ Release new version #409
- ๐ NameError: uninitialized constant JWT::JWK #403
๐ Merged pull requests:
- ๐ Release 2.3.0 #448 (excpt)
- ๐ Fix Style/MultilineIfModifier issues #447 (anakinj)
- ๐ feat(EdDSA): Accept EdDSA as algorithm header #446 (Pierre-Michard)
- ๐ Pass kid param through JWT::JWK.create_from #445 (shaun-guth-allscripts)
- ๐ fix document about passing JWKs as a simple Hash #443 (takayamaki)
- โ Tests for mixing JWK keys with mismatching algorithms #441 (anakinj)
- โ verify_claims test shouldnt be within the verify_sub test #431 (andyjdavis)
- ๐ Allow decode options to specify required claims #430 (andyjdavis)
- ๐ Fix OpenSSL::PKey::EC public_key handing in tests #427 (anakinj)
- โ Add documentation for find_key #426 (ritikesh)
- ๐ Give ruby 3.0 as a string to avoid number formatting issues #424 (anakinj)
- โ Tests for iat verification behaviour #423 (anakinj)
- โ Remove HMAC with nil secret from documentation #422 (boardfish)
- โก๏ธ Update broken link in README #420 (severin)
- โ Add metadata for RubyGems #418 (nickhammond)
- ๐ Fixed a typo about class name #417 (mai-f)
- ๐ Fix references for v2.2.3 on CHANGELOG #416 (vyper)
- ๐ Raise IncorrectAlgorithm if token has no alg header #411 (bouk)
-
v2.2.3 Changes
April 19, 2021๐ Full Changelog
Implemented enhancements:
- ๐ Verify algorithm before evaluating keyfinder #343
- ๐ Why jwt depends on json < 2.0 ? #179
- ๐ Support for JWK in-lieu of rsa_public #158
- ๐ Fix rspec
raise_errorwarning #413 (excpt) - โ Add support for JWKs with HMAC key type. #372 (phlegx)
- ๐ Improve 'none' algorithm handling #365 (danleyden)
- ๐ Handle parsed JSON JWKS input with string keys #348 (martinemde)
- ๐ Allow Numeric values during encoding #327 (fanfilmu)
Closed issues:
- ๐ "Signature verification raised", yet jwt.io says "Signature Verified" #401
- ๐ truffleruby-head build is failing #396
- ๐ JWT::JWK::EC needs
require 'forwardable'#392 - ๐ How to use a 'signing key' as used by next-auth #389
- ๐ undefined method `verify' for nil:NilClass when validate a JWT with JWK #383
- ๐ Make specifying "algorithm" optional on decode #380
- ๐ ADFS created access tokens can't be validated due to missing 'kid' header #370
- ๐ new version? #355
- ๐ JWT gitlab OmniAuth provider setup support #354
- ๐ Release with support for RSA.import for ruby < 2.4 hasn't been released #347
- ๐ cannot load such file -- jwt #339
๐ Merged pull requests:
- ๐ Prepare 2.2.3 release #415 (excpt)
- โ Remove codeclimate code coverage dev dependency #414 (excpt)
- โ Add forwardable dependency #408 (anakinj)
- ๐ Ignore casing of algorithm #405 (johnnyshields)
- โ Document function and add tests for verify claims method #404 (yasonk)
- ๐ documenting calling verify_jti callback with 2 arguments in the readme #402 (HoneyryderChuck)
- ๐ Target the master branch on the build status badge #399 (anakinj)
- ๐ Improving the local development experience #397 (anakinj)
- ๐ Fix sourcelevel broken links #395 (anakinj)
- ๐ Don't recommend installing gem with sudo #391 (tjschuck)
- ๐ Enable rubocop locally and on ci #390 (anakinj)
- โ Ci and test cleanup #387 (anakinj)
- ๐ Make JWT::JWK::EC compatible with Ruby 2.3 #386 (anakinj)
- ๐ Support JWKs for pre 2.3 rubies #382 (anakinj)
- ๐ท Replace Travis CI with GitHub Actions (also favor openssl/rbnacl combinations over rails compatibility tests) #381 (anakinj)
- โ Add auth0 sponsor message #379 (excpt)
- ๐ Adapt HMAC to JWK RSA code style. #378 (phlegx)
- ๐ Disable Rails cops #376 (anakinj)
- ๐ Support exporting RSA JWK private keys #375 (anakinj)
- ๐ Ebert is SourceLevel nowadays #374 (anakinj)
- โ Add support for JWKs with EC key type #371 (richardlarocque)
- โ Add Truffleruby head to CI #368 (gogainda)
- โ Add more docs about JWK support #341 (take)
-
v2.2.2 Changes
August 18, 2020๐ Full Changelog
Implemented enhancements:
- ๐ JWK does not decode. #332
- ๐ Inconsistent use of symbol and string keys in args (exp and alrogithm). #331
- ๐ Pin simplecov to < 0.18 #356 (anakinj)
- ๐ verifies algorithm before evaluating keyfinder #346 (jb08)
- ๐ Update Rails 6 appraisal to use actual release version #336 (smudge)
- โก๏ธ Update Travis #326 (berkos)
- ๐ Improvement/encode hmac without key #312 (JotaSe)
๐ Fixed bugs:
- โ v2.2.1 warning: already initialized constant JWT Error #335
- ๐ 2.2.1 is no longer raising
JWT::DecodeErroronnilverification key #328 - ๐ Fix algorithm picking from decode options #359 (excpt)
- ๐ฉ Raise error when verification key is empty #358 (anakinj)
Closed issues:
- ๐ JWT RSA: is it possible to encrypt using the public key? #366
- ๐ Example unsigned token that bypasses verification #364
- ๐ Verify exp claim/field even if it's not present #363
- ๐ Decode any token #360
- ๐ [question] example of using a pub/priv keys for signing? #351
- ๐ฐ JWT::ExpiredSignature raised for non-JSON payloads #350
- ๐ verify_aud only verifies that at least one aud is expected #345
- ๐ Sinatra 4.90s TTFB #344
- ๐ How to Logout #342
- ๐ jwt token decoding even when wrong token is provided for some letters #337
- ๐ Need to use
symbolize_keyseverywhere! #330 - ๐ eval() used in Forwardable limits usage in iOS App Store #324
- ๐ HS512256 OpenSSL Exception: First num too large #322
- ๐ Can we change the separator character? #321
- ๐ Verifying iat without leeway may break with poorly synced clocks #319
- โ Adding support for 'hd' hosted domain string #314
- ๐ There is no "typ" header in version 2.0.0 #233
๐ Merged pull requests:
-
v2.2.1 Changes
May 24, 2019 -
v2.2.0 Changes
May 23, 2019๐ v2.2.0 (2019-03-20)
๐ Full Changelog
Implemented enhancements:
- ๐ Use iat_leeway option #273
- โ Use of global state in latest version breaks thread safety of JWT.decode #268
- ๐ JSON support #246
- ๐ Change the Github homepage URL to https #301 (ekohl)
- ๐ Fix Salt length for conformance with PS family specification. #300 (tobypinder)
- โ Add support for Ruby 2.6 #299 (bustikiller)
- โก๏ธ update homepage in gemspec to use HTTPS #298 (evgeni)
- ๐ Make sure alg parameter value isn't added twice #297 (korstiaan)
- ๐ Claims Validation #295 (jamesstonehill)
- ๐ JWT::Encode refactorings, alg and exp related bugfixes #293 (anakinj)
- ๐ Proposal of simple JWK support #289 (anakinj)
- โ Add RSASSA-PSS signature signing support #285 (oliver-hohn)
- โ Add note about using a hard coded algorithm in README #280 (revodoge)
- โ Add Appraisal support #278 (olbrich)
- ๐ Fix decode threading issue #269 (ab320012)
- โ Removed leeway from verify_iat #257 (ab320012)
๐ Fixed bugs:
- ๐ฐ Inconsistent handling of payload claim data types #282
- ๐ Use iat_leeway option #273
- ๐ Issued at validation #247
- ๐ Fix bug and simplify segment validation #292 (anakinj)
- โ Removed leeway from verify_iat #257 (ab320012)
Closed issues:
- ๐ RS256, public and private keys #291
- ๐ Allow passing current time to
decode#288 - ๐ Verify exp claim without verifying jwt #281
- ๐ Decoding JWT with ES256 and secp256k1 curve #277
- ๐ Audience as an array - how to specify? #276
- ๐ signature validation using decode method for JWT #271
- ๐ JWT is easily breakable #267
- ๐ Ruby JWT Token #265
- ๐ ECDSA supported algorithms constant is defined as a string, not an array #264
- ๐ NoMethodError: undefined method `group' for <xxxxx> #261
- ๐ 'DecodeError'will replace 'ExpiredSignature' #260
- ๐ TypeError: no implicit conversion of OpenSSL::PKey::RSA into String #259
- ๐ NameError: uninitialized constant JWT::Algos::Eddsa::RbNaCl #258
- ๐ Get new token if curren token expired #256
- ๐ Infer algorithm from header #254
- ๐ Why is the result of decode is an array? #252
- โ Add support for headless token #251
- ๐ Leeway or exp_leeway #215
- ๐ Could you describe purpose of cert fixtures and their cryptokey lengths. #185
๐ Merged pull requests:
- ๐ Misc config improvements #296 (jamesstonehill)
- ๐ Fix JSON conflict between #293 and #292 #294 (anakinj)
- โฌ๏ธ Drop Ruby 2.2 from test matrix #290 (anakinj)
- โ Remove broken reek config #283 (excpt)
- โ Add missing test, Update common files #275 (excpt)
- โ Remove iat_leeway option #274 (wohlgejm)
- ๐ improving code quality of jwt module #266 (ab320012)
- ๐ fixed ECDSA supported versions const #263 (starbeast)
- โ Added my name to contributor list #262 (ab320012)
- ๐ Use
Class\#newShorthand For Error Subclasses #255 (akabiru) - โ [CI] Test against Ruby 2.5 #253 (nicolasleger)
- ๐ Fix README #250 (rono23)
- ๐ Fix link format #248 (y-yagi)
-
v2.1.0 Changes
October 06, 2017๐ Full Changelog
Implemented enhancements:
- ๐ Ed25519 support planned? #217
- ๐ Verify JTI Proc #207
- ๐ Allow a list of algorithms for decode #241 (lautis)
- ๐ verify takes 2 params, second being payload closes: #207 #238 (ab320012)
- ๐ simplified logic for keyfinder #237 (ab320012)
- ๐ Show backtrace if rbnacl-libsodium not loaded #231 (buzztaiki)
- ๐ Support for ED25519 #229 (ab320012)
๐ Fixed bugs:
- ๐ JWT.encode failing on encode for string #235
- 0๏ธโฃ The README says it uses an algorithm by default #226
- ๐ Fix string payload issue #236 (excpt)
๐ Security fixes:
- โ Add HS256 algorithm to decode default options #228 (marcoadkins)
Closed issues:
- ๐ Change from 1.5.6 to 2.0.0 and appears a "Completed 401 Unauthorized" #240
- 0๏ธโฃ Why doesn't the decode function use a default algorithm? #227
๐ Merged pull requests:
-
v2.0.0 Changes
September 03, 2017๐ Full Changelog
Implemented enhancements:
๐ Fixed bugs:
- ๐ Support versions outside 2.1 #209
- ๐ Verifying expiration without leeway throws exception #206
- โ Ruby interpreter warning #200
- ๐ TypeError: no implicit conversion of String into Integer #188
- ๐ Fix JWT.encode(nil) #203 (tmm1)
Closed issues:
- ๐ Possibility to disable claim verifications #222
- ๐ Proper way to verify Firebase id tokens #216
๐ Merged pull requests:
- ๐ Release 2.0.0 preparations :) #225 (excpt)
- ๐ฐ Skip 'exp' claim validation for array payloads #224 (excpt)
- 0๏ธโฃ Use a default leeway of 0 #223 (travisofthenorth)
- ๐ Fix reported codesmells #221 (excpt)
- โ Add fancy gem version badge #220 (excpt)
- โ Add missing dist option to .travis.yml #219 (excpt)
- ๐ Fix ruby version requirements in gemspec file #218 (excpt)
- ๐ Fix a little typo in the readme #214 (RyanBrushett)
- โก๏ธ Update README.md #212 (zuzannast)
- ๐ Fix typo in HS512256 algorithm description #211 (ojab)
- ๐ Allow configuration of multiple acceptable issuers #210 (ojab)
- ๐ Enforce
expto be anInteger#205 (lucasmazza) - ๐ ruby 1.9.3 support message upd #204 (maokomioko)
- ๐ Guard against partially loaded RbNaCl when failing to load libsodium #202 (Dorian)