All Versions
27
Latest Version
Avg Release Cycle
99 days
Latest Release
440 days ago

Changelog History
Page 1

  • v2.2.1

    May 24, 2019

    💎 v2.2.1 (2019-05-24)

    💎 Full Changelog

    🛠 Fixed bugs:

    • 💎 need to require 'forwardable' to use Forwardable #316
    • ➕ Add forwardable dependency for JWK RSA KeyFinder #317 (excpt)
  • v2.2.0

    May 23, 2019

    💎 v2.2.0 (2019-03-20)

    💎 Full Changelog

    Implemented enhancements:

    • 💎 Use iat_leeway option #273
    • ✅ Use of global state in latest version breaks thread safety of JWT.decode #268
    • 💎 JSON support #246
    • 🔄 Change the Github homepage URL to https #301 (ekohl)
    • 🛠 Fix Salt length for conformance with PS family specification. #300 (tobypinder)
    • ➕ Add support for Ruby 2.6 #299 (bustikiller)
    • ⚡️ update homepage in gemspec to use HTTPS #298 (evgeni)
    • 💎 Make sure alg parameter value isn't added twice #297 (korstiaan)
    • 💎 Claims Validation #295 (jamesstonehill)
    • 🛠 JWT::Encode refactorings, alg and exp related bugfixes #293 (anakinj)
    • 💎 Proposal of simple JWK support #289 (anakinj)
    • ➕ Add RSASSA-PSS signature signing support #285 (oliver-hohn)
    • ➕ Add note about using a hard coded algorithm in README #280 (revodoge)
    • ➕ Add Appraisal support #278 (olbrich)
    • 🛠 Fix decode threading issue #269 (ab320012)
    • ✂ Removed leeway from verify_iat #257 (ab320012)

    🛠 Fixed bugs:

    • 🛰 Inconsistent handling of payload claim data types #282
    • 💎 Use iat_leeway option #273
    • 💎 Issued at validation #247
    • 🛠 Fix bug and simplify segment validation #292 (anakinj)
    • ✂ Removed leeway from verify_iat #257 (ab320012)

    Closed issues:

    • 💎 RS256, public and private keys #291
    • 👍 Allow passing current time to decode #288
    • 👌 Verify exp claim without verifying jwt #281
    • 💎 Decoding JWT with ES256 and secp256k1 curve #277
    • 💎 Audience as an array - how to specify? #276
    • 💎 signature validation using decode method for JWT #271
    • 💎 JWT is easily breakable #267
    • 💎 Ruby JWT Token #265
    • 💎 ECDSA supported algorithms constant is defined as a string, not an array #264
    • 💎 NoMethodError: undefined method `group' for <xxxxx> #261
    • 💎 'DecodeError'will replace 'ExpiredSignature' #260
    • 💎 TypeError: no implicit conversion of OpenSSL::PKey::RSA into String #259
    • 💎 NameError: uninitialized constant JWT::Algos::Eddsa::RbNaCl #258
    • 💎 Get new token if curren token expired #256
    • 💎 Infer algorithm from header #254
    • 💎 Why is the result of decode is an array? #252
    • ➕ Add support for headless token #251
    • 💎 Leeway or exp_leeway #215
    • 💎 Could you describe purpose of cert fixtures and their cryptokey lengths. #185

    🔀 Merged pull requests:

  • v2.1.0

    October 06, 2017

    💎 2.1.0 (2017-10-06)

    💎 Full Changelog

    Implemented enhancements:

    • 💎 Ed25519 support planned? #217
    • 👌 Verify JTI Proc #207
    • 👍 Allow a list of algorithms for decode #241 (lautis)
    • 👌 verify takes 2 params, second being payload closes: #207 #238 (ab320012)
    • 💎 simplified logic for keyfinder #237 (ab320012)
    • 💎 Show backtrace if rbnacl-libsodium not loaded #231 (buzztaiki)
    • 👌 Support for ED25519 #229 (ab320012)

    🛠 Fixed bugs:

    • 💎 JWT.encode failing on encode for string #235
    • 0️⃣ The README says it uses an algorithm by default #226
    • 🛠 Fix string payload issue #236 (excpt)

    Closed issues:

    • 🔄 Change from 1.5.6 to 2.0.0 and appears a "Completed 401 Unauthorized" #240
    • 0️⃣ Why doesn't the decode function use a default algorithm? #227

    🔀 Merged pull requests:

    • ⚡️ Update README.md #242 (excpt)
    • ⚡️ Update ebert configuration #232 (excpt)
    • ➕ added algos/strategy classes + structs for inputs #230 (ab320012)
    • ➕ Add HS256 algorithm to decode default options #228 (madkin10)
  • v2.0.0

    September 03, 2017

    💎 Full Changelog

    Implemented enhancements:

    🛠 Fixed bugs:

    • 👌 Support versions outside 2.1 #209
    • 👌 Verifying expiration without leeway throws exception #206
    • ⚠ Ruby interpreter warning #200
    • 💎 TypeError: no implicit conversion of String into Integer #188
    • 🛠 Fix JWT.encode(nil) #203 (tmm1)

    Closed issues:

    • 💎 Possibility to disable claim verifications #222
    • 💎 Proper way to verify Firebase id tokens #216

    🔀 Merged pull requests:

    • 🚀 Release 2.0.0 preparations :) #225 (excpt)
    • 🛰 Skip 'exp' claim validation for array payloads #224 (excpt)
    • 0️⃣ Use a default leeway of 0 #223 (travisofthenorth)
    • 🛠 Fix reported codesmells #221 (excpt)
    • ➕ Add fancy gem version badge #220 (excpt)
    • ➕ Add missing dist option to .travis.yml #219 (excpt)
    • 🛠 Fix ruby version requirements in gemspec file #218 (excpt)
    • 🛠 Fix a little typo in the readme #214 (RyanBrushett)
    • ⚡️ Update README.md #212 (zuzannast)
    • 🛠 Fix typo in HS512256 algorithm description #211 (ojab)
    • 👍 Allow configuration of multiple acceptable issuers #210 (ojab)
    • 💎 Enforce exp to be an Integer #205 (lucasmazza)
    • 💎 ruby 1.9.3 support message upd #204 (maokomioko)
    • 💎 Guard against partially loaded RbNaCl when failing to load libsodium #202 (Dorian)
  • v2.0.0.beta1

    February 27, 2017

    🔄 Changelog

    💎 v2.0.0.beta1 (2017-02-27)

    💎 Full Changelog

    Implemented enhancements:

    🛠 Fixed bugs:

    • ruby-jwt::raw_to_asn1: Fails for signatures less than byte_size #155
    • 💎 The leeway parameter is applies to all time based verifications #129
    • ➕ Add options for claim-specific leeway #187 (EmilioCristalli)
    • 💎 Make algorithm option required to verify signature #184 (EmilioCristalli)
    • 🛰 Validate audience when payload is a scalar and options is an array #183 (steti)

    Closed issues:

    • 💎 Different encoded value between servers with same password #197
    • 💎 Signature is different at each run #190
    • 💎 Include custom headers with password #189
    • 💎 can't create token - 'NotImplementedError: Unsupported signing method' #186
    • 💎 Why jwt depends on json < 2.0 ? #179
    • 💎 Cannot verify JWT at all?? #177
    • 👌 verify_iss: true is raising JWT::DecodeError instead of JWT::InvalidIssuerError #170

    🔀 Merged pull requests:

  • v1.5.6

    September 19, 2016

    💎 Full Changelog

    🛠 Fixed bugs:

    • 🛠 Fix missing symbol handling in aud verify code #166 (excpt)

    🔀 Merged pull requests:

  • v1.5.5

    September 16, 2016

    💎 Full Changelog

    Implemented enhancements:

    • 💎 JWT.decode always raises JWT::ExpiredSignature for tokens created with Time objects passed as the exp parameter #148

    🛠 Fixed bugs:

    • 💎 expiration check does not give "Signature has expired" error for the exact time of expiration #157
    • 💎 JTI claim broken? #152
    • 💎 Audience Claim broken? #151
    • 💎 1.5.3 breaks compatibility with 1.5.2 #133
    • 🔖 Version 1.5.3 breaks 1.9.3 compatibility, but not documented as such #132
    • 🛠 Fix: exp claim check #161 (excpt)

    Closed issues:

    • 💎 Rendering Json Results in JWT::DecodeError #162
    • 💎 PHP Libraries #154
    • 🔒 [security] Signature verified after expiration/sub/iss checks #153
    • 💎 Is ruby-jwt thread-safe? #150
    • 💎 JWT 1.5.3 #143
    • 💎 gem install v 1.5.3 returns error #141
    • ➕ Adding a CHANGELOG #140

    🔀 Merged pull requests:

  • v1.5.4

    March 24, 2016

    💎 Full Changelog

    Closed issues:

    🔀 Merged pull requests:

  • v1.5.3

    February 24, 2016

    🔄 Changelog

    • ⬇️ Dropped ruby 1.9.3 support #131
    • 📚 Update README.md - improve documentation and fix typos
    • ✂ Removed echoe dependency
    • 🛠 Fix hash/string key issue in options #130
    • 👍 Allow a proc to be passed for JTI verification #126
    • ♻️ Code refactoring and code smell fixes

    Commits

    🔀 4a0b939 Merge pull request #131 from jwt/drop-ruby-1.9.3-support
    ⚡️ cfc8362 Update .travis.yml
    🔀 04120f6 Merge pull request #130 from tpickett66/hash-keys
    💎 a4d0473 Bump version
    💎 a6d1a33 Allow verification option keys to be strings or symbols
    💎 b47ab94 Make Verify an instantiatable class
    🛰 6a9b5cc Adjust aud checking to use a string key against the payload
    🚚 7b80ec9 Move Verify specs to a separate file.
    ⚡️ 2c7837f update testing and install sections of readme
    🔀 d4fca40 Merge pull request #126 from yahooguntu/master
    💎 0100ad6 Allow a proc to be passed for JTI verification
    ♻️ b85b30e Merge pull request #122 from excpt/refactor-json-dependency
    🔀 1499b16 Merge pull request #123 from excpt/ci-settings
    🚚 2d5bc86 Remove obsolete json code
    a03fbaf Add ruby 2.3.0 for travis ci testing
    ⚡️ 91b4220 Update README.md
    🔀 86f470b Merge pull request #118 from excpt/master
    💎 a6672da Add fancy badges to README.md
    🔀 0a2fa6c Merge pull request #117 from excpt/master
    🔀 707376a Fix merge options bug
    💎 f889e49 Fix some code smells
    💎 a0815ee Fix some more code smells
    💎 e556eb9 Fix some code smells in JWT::Verify class
    ♻️ 7a7ac9a Refactor decode and verify functionality
    🔀 59dd2e0 Merge pull request #116 from excpt/master
    💎 79cdce8 Fix code smell reported by rubocop
    💎 451d950 Fix code smells reported by rubocop
    4d440dc Fix travis test command
    🚚 279df0e Remove echoe dependency
    🚚 4f45b66 Add version class, remove utf8 encoding comment
    ⚡️ 559a23b Update codeclimate settings
    🔀 cabde34 Merge pull request #114 from FXFusion/master
    ⚡️ e5a94db Updated readme for iss/aud options
    🔀 6c84213 Merge pull request #113 from lwe/lwe-jti-validation-fix
    💎 320306b relax restrictions on "jti" claim verification
    🔀 27c7412 Merge pull request #112 from kat3kasper/fix/misspelling
    💎 02cbbd6 Fix error misspelling

  • v1.5.2

    October 27, 2015

    💎 Full Changelog

    Implemented enhancements:

    • 💎 Must we specify algorithm when calling decode to avoid vulnerabilities? #107
    • ♻️ Code review: Rspec test refactoring #85 (excpt)

    🛠 Fixed bugs:

    • 💎 aud verifies if aud is passed in, :sub does not #102
    • 💎 iat check does not use leeway so nbf could pass, but iat fail #83

    Closed issues:

    • ✅ Test ticket from Code Climate #104
    • ✅ Test ticket from Code Climate #100
    • 🛰 Is it possible to decode the payload without validating the signature? #97
    • 💎 What is audience? #96
    • 💎 Options hash uses both symbols and strings as keys. #95

    🔀 Merged pull requests: