Changelog History
Page 2
-
v2.0.0.beta1 Changes
February 27, 2017๐ Changelog
๐ v2.0.0.beta1 (2017-02-27)
๐ Full Changelog
Implemented enhancements:
- ๐ Error with method sign for String #171
- ๐จ Refactor the encondig code #121
- ๐จ Refactor #196 (EmilioCristalli)
- ๐ Move signature logic to its own module #195 (EmilioCristalli)
- โ Add options for claim-specific leeway #187 (EmilioCristalli)
- โ Add user friendly encode error if private key is a String, #171 #176 (xamenrax)
- ๐ Return empty string if signature less than byte_size #155 #175 (xamenrax)
- โ Remove 'typ' optional parameter #174 (xamenrax)
- ๐ฐ Pass payload to keyfinder #172 (CodeMonkeySteve)
- ๐ Use RbNaCl for HMAC if available with fallback to OpenSSL #149 (mwpastore)
๐ Fixed bugs:
- ruby-jwt::raw_to_asn1: Fails for signatures less than byte_size #155
- ๐ The leeway parameter is applies to all time based verifications #129
- โ Add options for claim-specific leeway #187 (EmilioCristalli)
- ๐ Make algorithm option required to verify signature #184 (EmilioCristalli)
- ๐ฐ Validate audience when payload is a scalar and options is an array #183 (steti)
Closed issues:
- ๐ Different encoded value between servers with same password #197
- ๐ Signature is different at each run #190
- ๐ Include custom headers with password #189
- ๐ can't create token - 'NotImplementedError: Unsupported signing method' #186
- ๐ Why jwt depends on json < 2.0 ? #179
- ๐ Cannot verify JWT at all?? #177
- ๐ verify_iss: true is raising JWT::DecodeError instead of JWT::InvalidIssuerError #170
๐ Merged pull requests:
- ๐ Version bump 2.0.0.beta1 #199 (excpt)
- โก๏ธ Update CHANGELOG.md and minor fixes #198 (excpt)
- โ Add Codacy coverage reporter #194 (excpt)
- โ Add minimum required ruby version to gemspec #193 (excpt)
- ๐ Code smell fixes #192 (excpt)
- ๐ Version bump to 2.0.0.dev #191 (excpt)
- ๐จ Basic encode module refactoring #121 #182 (xamenrax)
- ๐ Fix travis ci build configuration #181 (excpt)
- ๐ Fix travis ci build configuration #180 (excpt)
- ๐ Fix typo in README #178 (tomeduarte)
- ๐ Fix code style #173 (excpt)
- ๐ Fixed a typo in a spec name #169 (Mingan)
-
v1.5.6 Changes
September 19, 2016 -
v1.5.5 Changes
September 16, 2016๐ Full Changelog
Implemented enhancements:
- ๐ JWT.decode always raises JWT::ExpiredSignature for tokens created with Time objects passed as the
exp
parameter #148
๐ Fixed bugs:
- ๐ expiration check does not give "Signature has expired" error for the exact time of expiration #157
- ๐ JTI claim broken? #152
- ๐ Audience Claim broken? #151
- ๐ 1.5.3 breaks compatibility with 1.5.2 #133
- ๐ Version 1.5.3 breaks 1.9.3 compatibility, but not documented as such #132
- ๐ Fix: exp claim check #161 (excpt)
Closed issues:
- ๐ Rendering Json Results in JWT::DecodeError #162
- ๐ PHP Libraries #154
- ๐ [security] Signature verified after expiration/sub/iss checks #153
- ๐ Is ruby-jwt thread-safe? #150
- ๐ JWT 1.5.3 #143
- ๐ gem install v 1.5.3 returns error #141
- โ Adding a CHANGELOG #140
๐ Merged pull requests:
- โฌ๏ธ Bump version #165 (excpt)
- ๐ Improve error message for exp claim in payload #164 (excpt)
- ๐ Fix #151 and code refactoring #163 (excpt)
- ๐ Signature validation before claim verification #160 (excpt)
- ๐ Create specs for README.md examples #159 (excpt)
- ๐ Tiny Readme Improvement #156 (b264)
- โ Added test execution to Rakefile #147 (jabbrwcky)
- โ Add more bling bling to the site #146 (excpt)
- โฌ๏ธ Bump version #145 (excpt)
- โ Add first content and basic layout #144 (excpt)
- โ Add a changelog file #142 (excpt)
- ๐ Return decoded_segments #139 (akostrikov)
- ๐ JWT.decode always raises JWT::ExpiredSignature for tokens created with Time objects passed as the
-
v1.5.4 Changes
March 24, 2016 -
v1.5.3 Changes
February 24, 2016๐ Changelog
- โฌ๏ธ Dropped ruby 1.9.3 support #131
- ๐ Update README.md - improve documentation and fix typos
- โ Removed
echoe
dependency - ๐ Fix hash/string key issue in options #130
- ๐ Allow a proc to be passed for JTI verification #126
- ๐จ Code refactoring and code smell fixes
Commits
๐ 4a0b939 Merge pull request #131 from jwt/drop-ruby-1.9.3-support
โก๏ธ cfc8362 Update .travis.yml
๐ 04120f6 Merge pull request #130 from tpickett66/hash-keys
๐ a4d0473 Bump version
๐ a6d1a33 Allow verification option keys to be strings or symbols
๐ b47ab94 Make Verify an instantiatable class
๐ฐ 6a9b5cc Adjust aud checking to use a string key against the payload
๐ 7b80ec9 Move Verify specs to a separate file.
โก๏ธ 2c7837f update testing and install sections of readme
๐ d4fca40 Merge pull request #126 from yahooguntu/master
๐ 0100ad6 Allow a proc to be passed for JTI verification
๐จ b85b30e Merge pull request #122 from excpt/refactor-json-dependency
๐ 1499b16 Merge pull request #123 from excpt/ci-settings
๐ 2d5bc86 Remove obsolete json code
โ a03fbaf Add ruby 2.3.0 for travis ci testing
โก๏ธ 91b4220 Update README.md
๐ 86f470b Merge pull request #118 from excpt/master
๐ a6672da Add fancy badges to README.md
๐ 0a2fa6c Merge pull request #117 from excpt/master
๐ 707376a Fix merge options bug
๐ f889e49 Fix some code smells
๐ a0815ee Fix some more code smells
๐ e556eb9 Fix some code smells in JWT::Verify class
๐จ 7a7ac9a Refactor decode and verify functionality
๐ 59dd2e0 Merge pull request #116 from excpt/master
๐ 79cdce8 Fix code smell reported by rubocop
๐ 451d950 Fix code smells reported by rubocop
โ 4d440dc Fix travis test command
๐ 279df0e Remove echoe dependency
๐ 4f45b66 Add version class, remove utf8 encoding comment
โก๏ธ 559a23b Update codeclimate settings
๐ cabde34 Merge pull request #114 from FXFusion/master
โก๏ธ e5a94db Updated readme for iss/aud options
๐ 6c84213 Merge pull request #113 from lwe/lwe-jti-validation-fix
๐ 320306b relax restrictions on "jti" claim verification
๐ 27c7412 Merge pull request #112 from kat3kasper/fix/misspelling
๐ 02cbbd6 Fix error misspelling -
v1.5.2 Changes
October 27, 2015๐ Full Changelog
Implemented enhancements:
- ๐ Must we specify algorithm when calling decode to avoid vulnerabilities? #107
- ๐จ Code review: Rspec test refactoring #85 (excpt)
๐ Fixed bugs:
- ๐ aud verifies if aud is passed in, :sub does not #102
- ๐ iat check does not use leeway so nbf could pass, but iat fail #83
Closed issues:
- โ Test ticket from Code Climate #104
- โ Test ticket from Code Climate #100
- ๐ฐ Is it possible to decode the payload without validating the signature? #97
- ๐ What is audience? #96
- ๐ Options hash uses both symbols and strings as keys. #95
๐ Merged pull requests:
- ๐ Fix incorrect
iat
examples #109 (kjwierenga) - โก๏ธ Update docs to include instructions for the algorithm parameter. #108 (aarongray)
- ๐ make sure :sub check behaves like :aud check #103 (skippy)
- ๐ Change hash syntax #101 (excpt)
- ๐ Include LICENSE and README.md in gem #99 (bkeepers)
- โ Remove unused variable in the sample code. #98 (hypermkt)
- ๐ Fix iat claim example #94 (larrylv)
- ๐ Fix wrong description in README.md #93 (larrylv)
- ๐ JWT and JWA are now RFC. #92 (aj-michael)
- โก๏ธ Update README.md #91 (nsarno)
- ๐ Fix missing verify parameter in docs #90 (ernie)
- ๐ Iat check uses leeway. #89 (aj-michael)
- ๐ nbf check allows exact time matches. #88 (aj-michael)
-
v1.5.1 Changes
June 22, 2015๐ Full Changelog
Implemented enhancements:
๐ Fixed bugs:
- ๐ ECDSA signature verification fails for valid tokens #84
- ๐ Shouldn't verification of additional claims, like iss, aud etc. be enforced when in options? #81
- ๐ Fix either README or source code #78
- ๐ decode fails with 'none' algorithm and verify #75
Closed issues:
- ๐ Doc mismatch: uninitialized constant JWT::ExpiredSignature #79
- ๐ TypeError when specifying a wrong algorithm #77
- ๐ jti verification doesn't prevent replays #73
๐ Merged pull requests:
-
v1.5.0 Changes
May 09, 2015๐ Full Changelog
Implemented enhancements:
- ๐ Needs to support asymmetric key signatures over shared secrets #46
- ๐ Implement Elliptic Curve Crypto Signatures #74 (jtdowney)
- โ Add an option to verify the signature on decode #71 (javawizard)
Closed issues:
- ๐ Check JWT vulnerability #76
๐ Merged pull requests:
-
v1.4.1 Changes
March 12, 2015 -
v1.4.0 Changes
March 10, 2015๐ Full Changelog
Closed issues:
- ๐ The behavior using 'json' differs from 'multi_json' #41
๐ Merged pull requests:
- ๐ Release 1.4.0 #64 (excpt)
- โก๏ธ Update README.md and remove dead code #63 (excpt)
- โ Add 'iat/ aud/ sub/ jti' support for ruby-jwt #62 (ZhangHanDong)
- โ Add 'iss' support for ruby-jwt #61 (ZhangHanDong)
- ๐ Clarify .encode API in README #60 (jbodah)