All Versions
29
Latest Version
Avg Release Cycle
131 days
Latest Release
190 days ago

Changelog History
Page 1

  • v2.2.3 Changes

    April 19, 2021

    ๐Ÿ’Ž Full Changelog

    Implemented enhancements:

    • ๐Ÿ‘Œ Verify algorithm before evaluating keyfinder #343
    • ๐Ÿ’Ž Why jwt depends on json < 2.0 ? #179
    • ๐Ÿ‘Œ Support for JWK in-lieu of rsa_public #158
    • ๐Ÿ›  Fix rspec raise_error warning #413 (excpt)
    • โž• Add support for JWKs with HMAC key type. #372 (phlegx)
    • ๐Ÿ‘Œ Improve 'none' algorithm handling #365 (danleyden)
    • ๐Ÿ“œ Handle parsed JSON JWKS input with string keys #348 (martinemde)
    • ๐Ÿ‘ Allow Numeric values during encoding #327 (fanfilmu)

    Closed issues:

    • ๐Ÿ’Ž "Signature verification raised", yet jwt.io says "Signature Verified" #401
    • ๐Ÿ— truffleruby-head build is failing #396
    • ๐Ÿ’Ž JWT::JWK::EC needs require 'forwardable' #392
    • ๐Ÿ’Ž How to use a 'signing key' as used by next-auth #389
    • ๐Ÿ’Ž undefined method `verify' for nil:NilClass when validate a JWT with JWK #383
    • ๐Ÿ’Ž Make specifying "algorithm" optional on decode #380
    • ๐Ÿ’Ž ADFS created access tokens can't be validated due to missing 'kid' header #370
    • ๐Ÿ†• new version? #355
    • ๐Ÿ’Ž JWT gitlab OmniAuth provider setup support #354
    • ๐Ÿš€ Release with support for RSA.import for ruby < 2.4 hasn't been released #347
    • ๐Ÿ’Ž cannot load such file -- jwt #339

    ๐Ÿ”€ Merged pull requests:

    • โœ‚ Remove codeclimate code coverage dev dependency #414 (excpt)
    • โž• Add forwardable dependency #408 (anakinj)
    • ๐Ÿ’Ž Ignore casing of algorithm #405 (johnnyshields)
    • โœ… Document function and add tests for verify claims method #404 (yasonk)
    • ๐Ÿ’Ž documenting calling verify_jti callback with 2 arguments in the readme #402 (HoneyryderChuck)
    • ๐Ÿ— Target the master branch on the build status badge #399 (anakinj)
    • ๐Ÿ’Ž Improving the local development experience #397 (anakinj)
    • ๐Ÿ›  Fix sourcelevel broken links #395 (anakinj)
    • ๐Ÿ’Ž Don't recommend installing gem with sudo #391 (tjschuck)
    • ๐Ÿ’Ž Enable rubocop locally and on ci #390 (anakinj)
    • โœ… Ci and test cleanup #387 (anakinj)
    • ๐Ÿ’Ž Make JWT::JWK::EC compatible with Ruby 2.3 #386 (anakinj)
    • ๐Ÿ‘Œ Support JWKs for pre 2.3 rubies #382 (anakinj)
    • ๐Ÿ‘ท Replace Travis CI with GitHub Actions (also favor openssl/rbnacl combinations over rails compatibility tests) #381 (anakinj)
    • โž• Add auth0 sponsor message #379 (excpt)
    • ๐Ÿ’… Adapt HMAC to JWK RSA code style. #378 (phlegx)
    • ๐Ÿ’Ž Disable Rails cops #376 (anakinj)
    • ๐Ÿ‘Œ Support exporting RSA JWK private keys #375 (anakinj)
    • ๐Ÿ’Ž Ebert is SourceLevel nowadays #374 (anakinj)
    • โž• Add support for JWKs with EC key type #371 (richardlarocque)
    • โž• Add Truffleruby head to CI #368 (gogainda)
    • โž• Add more docs about JWK support #341 (take)
  • v2.2.2 Changes

    August 18, 2020

    ๐Ÿ’Ž Full Changelog

    Implemented enhancements:

    • ๐Ÿ’Ž JWK does not decode. #332
    • ๐Ÿ’Ž Inconsistent use of symbol and string keys in args (exp and alrogithm). #331
    • ๐Ÿ“Œ Pin simplecov to < 0.18 #356 (anakinj)
    • ๐Ÿ’Ž verifies algorithm before evaluating keyfinder #346 (jb08)
    • ๐Ÿš€ Update Rails 6 appraisal to use actual release version #336 (smudge)
    • โšก๏ธ Update Travis #326 (berkos)
    • ๐Ÿ‘Œ Improvement/encode hmac without key #312 (JotaSe)

    ๐Ÿ›  Fixed bugs:

    • โš  v2.2.1 warning: already initialized constant JWT Error #335
    • ๐Ÿ’Ž 2.2.1 is no longer raising JWT::DecodeError on nil verification key #328
    • ๐Ÿ›  Fix algorithm picking from decode options #359 (excpt)
    • ๐Ÿšฉ Raise error when verification key is empty #358 (anakinj)

    Closed issues:

    • ๐Ÿ’Ž JWT RSA: is it possible to encrypt using the public key? #366
    • ๐Ÿ’Ž Example unsigned token that bypasses verification #364
    • ๐Ÿ‘Œ Verify exp claim/field even if it's not present #363
    • ๐Ÿ’Ž Decode any token #360
    • ๐Ÿ’Ž [question] example of using a pub/priv keys for signing? #351
    • ๐Ÿ›ฐ JWT::ExpiredSignature raised for non-JSON payloads #350
    • ๐Ÿ‘Œ verify_aud only verifies that at least one aud is expected #345
    • ๐Ÿ’Ž Sinatra 4.90s TTFB #344
    • ๐Ÿ’Ž How to Logout #342
    • ๐Ÿ’Ž jwt token decoding even when wrong token is provided for some letters #337
    • ๐Ÿ’Ž Need to use symbolize_keys everywhere! #330
    • ๐Ÿ’Ž eval() used in Forwardable limits usage in iOS App Store #324
    • ๐Ÿ’Ž HS512256 OpenSSL Exception: First num too large #322
    • ๐Ÿ’Ž Can we change the separator character? #321
    • ๐Ÿ‘Œ Verifying iat without leeway may break with poorly synced clocks #319
    • โž• Adding support for 'hd' hosted domain string #314
    • ๐Ÿ’Ž There is no "typ" header in version 2.0.0 #233

    ๐Ÿ”€ Merged pull requests:

    • ๐Ÿš€ Release v2.2.2 #367 (excpt)
    • ๐Ÿ›  Fix 'already initialized constant JWT Error' #357 (excpt)
    • ๐Ÿ‘Œ Support RSA.import for all Ruby versions. #333 (rabajaj0509)
    • โœ‚ Removed forwardable dependency #325 (anakinj)
  • v2.2.1 Changes

    May 24, 2019

    ๐Ÿ’Ž Full Changelog

    ๐Ÿ›  Fixed bugs:

    • ๐Ÿ’Ž need to require 'forwardable' to use Forwardable #316
    • โž• Add forwardable dependency for JWK RSA KeyFinder #317 (excpt)

    ๐Ÿ”€ Merged pull requests:

  • v2.2.0 Changes

    May 23, 2019

    ๐Ÿ’Ž v2.2.0 (2019-03-20)

    ๐Ÿ’Ž Full Changelog

    Implemented enhancements:

    • ๐Ÿ’Ž Use iat_leeway option #273
    • โœ… Use of global state in latest version breaks thread safety of JWT.decode #268
    • ๐Ÿ’Ž JSON support #246
    • ๐Ÿ”„ Change the Github homepage URL to https #301 (ekohl)
    • ๐Ÿ›  Fix Salt length for conformance with PS family specification. #300 (tobypinder)
    • โž• Add support for Ruby 2.6 #299 (bustikiller)
    • โšก๏ธ update homepage in gemspec to use HTTPS #298 (evgeni)
    • ๐Ÿ’Ž Make sure alg parameter value isn't added twice #297 (korstiaan)
    • ๐Ÿ’Ž Claims Validation #295 (jamesstonehill)
    • ๐Ÿ›  JWT::Encode refactorings, alg and exp related bugfixes #293 (anakinj)
    • ๐Ÿ’Ž Proposal of simple JWK support #289 (anakinj)
    • โž• Add RSASSA-PSS signature signing support #285 (oliver-hohn)
    • โž• Add note about using a hard coded algorithm in README #280 (revodoge)
    • โž• Add Appraisal support #278 (olbrich)
    • ๐Ÿ›  Fix decode threading issue #269 (ab320012)
    • โœ‚ Removed leeway from verify_iat #257 (ab320012)

    ๐Ÿ›  Fixed bugs:

    • ๐Ÿ›ฐ Inconsistent handling of payload claim data types #282
    • ๐Ÿ’Ž Use iat_leeway option #273
    • ๐Ÿ’Ž Issued at validation #247
    • ๐Ÿ›  Fix bug and simplify segment validation #292 (anakinj)
    • โœ‚ Removed leeway from verify_iat #257 (ab320012)

    Closed issues:

    • ๐Ÿ’Ž RS256, public and private keys #291
    • ๐Ÿ‘ Allow passing current time to decode #288
    • ๐Ÿ‘Œ Verify exp claim without verifying jwt #281
    • ๐Ÿ’Ž Decoding JWT with ES256 and secp256k1 curve #277
    • ๐Ÿ’Ž Audience as an array - how to specify? #276
    • ๐Ÿ’Ž signature validation using decode method for JWT #271
    • ๐Ÿ’Ž JWT is easily breakable #267
    • ๐Ÿ’Ž Ruby JWT Token #265
    • ๐Ÿ’Ž ECDSA supported algorithms constant is defined as a string, not an array #264
    • ๐Ÿ’Ž NoMethodError: undefined method `group' for <xxxxx> #261
    • ๐Ÿ’Ž 'DecodeError'will replace 'ExpiredSignature' #260
    • ๐Ÿ’Ž TypeError: no implicit conversion of OpenSSL::PKey::RSA into String #259
    • ๐Ÿ’Ž NameError: uninitialized constant JWT::Algos::Eddsa::RbNaCl #258
    • ๐Ÿ’Ž Get new token if curren token expired #256
    • ๐Ÿ’Ž Infer algorithm from header #254
    • ๐Ÿ’Ž Why is the result of decode is an array? #252
    • โž• Add support for headless token #251
    • ๐Ÿ’Ž Leeway or exp_leeway #215
    • ๐Ÿ’Ž Could you describe purpose of cert fixtures and their cryptokey lengths. #185

    ๐Ÿ”€ Merged pull requests:

  • v2.1.0 Changes

    October 06, 2017

    ๐Ÿ’Ž Full Changelog

    Implemented enhancements:

    • ๐Ÿ’Ž Ed25519 support planned? #217
    • ๐Ÿ‘Œ Verify JTI Proc #207
    • ๐Ÿ‘ Allow a list of algorithms for decode #241 (lautis)
    • ๐Ÿ‘Œ verify takes 2 params, second being payload closes: #207 #238 (ab320012)
    • ๐Ÿ’Ž simplified logic for keyfinder #237 (ab320012)
    • ๐Ÿ’Ž Show backtrace if rbnacl-libsodium not loaded #231 (buzztaiki)
    • ๐Ÿ‘Œ Support for ED25519 #229 (ab320012)

    ๐Ÿ›  Fixed bugs:

    • ๐Ÿ’Ž JWT.encode failing on encode for string #235
    • 0๏ธโƒฃ The README says it uses an algorithm by default #226
    • ๐Ÿ›  Fix string payload issue #236 (excpt)

    ๐Ÿ”’ Security fixes:

    Closed issues:

    • ๐Ÿ”„ Change from 1.5.6 to 2.0.0 and appears a "Completed 401 Unauthorized" #240
    • 0๏ธโƒฃ Why doesn't the decode function use a default algorithm? #227

    ๐Ÿ”€ Merged pull requests:

    • ๐Ÿš€ Release 2.1.0 preparations #243 (excpt)
    • โšก๏ธ Update README.md #242 (excpt)
    • โšก๏ธ Update ebert configuration #232 (excpt)
    • โž• added algos/strategy classes + structs for inputs #230 (ab320012)
  • v2.0.0 Changes

    September 03, 2017

    ๐Ÿ’Ž Full Changelog

    Implemented enhancements:

    ๐Ÿ›  Fixed bugs:

    • ๐Ÿ‘Œ Support versions outside 2.1 #209
    • ๐Ÿ‘Œ Verifying expiration without leeway throws exception #206
    • โš  Ruby interpreter warning #200
    • ๐Ÿ’Ž TypeError: no implicit conversion of String into Integer #188
    • ๐Ÿ›  Fix JWT.encode(nil) #203 (tmm1)

    Closed issues:

    • ๐Ÿ’Ž Possibility to disable claim verifications #222
    • ๐Ÿ’Ž Proper way to verify Firebase id tokens #216

    ๐Ÿ”€ Merged pull requests:

    • ๐Ÿš€ Release 2.0.0 preparations :) #225 (excpt)
    • ๐Ÿ›ฐ Skip 'exp' claim validation for array payloads #224 (excpt)
    • 0๏ธโƒฃ Use a default leeway of 0 #223 (travisofthenorth)
    • ๐Ÿ›  Fix reported codesmells #221 (excpt)
    • โž• Add fancy gem version badge #220 (excpt)
    • โž• Add missing dist option to .travis.yml #219 (excpt)
    • ๐Ÿ›  Fix ruby version requirements in gemspec file #218 (excpt)
    • ๐Ÿ›  Fix a little typo in the readme #214 (RyanBrushett)
    • โšก๏ธ Update README.md #212 (zuzannast)
    • ๐Ÿ›  Fix typo in HS512256 algorithm description #211 (ojab)
    • ๐Ÿ‘ Allow configuration of multiple acceptable issuers #210 (ojab)
    • ๐Ÿ’Ž Enforce exp to be an Integer #205 (lucasmazza)
    • ๐Ÿ’Ž ruby 1.9.3 support message upd #204 (maokomioko)
    • ๐Ÿ’Ž Guard against partially loaded RbNaCl when failing to load libsodium #202 (Dorian)
  • v2.0.0.beta1 Changes

    February 27, 2017

    ๐Ÿ”„ Changelog

    ๐Ÿ’Ž v2.0.0.beta1 (2017-02-27)

    ๐Ÿ’Ž Full Changelog

    Implemented enhancements:

    ๐Ÿ›  Fixed bugs:

    • ruby-jwt::raw_to_asn1: Fails for signatures less than byte_size #155
    • ๐Ÿ’Ž The leeway parameter is applies to all time based verifications #129
    • โž• Add options for claim-specific leeway #187 (EmilioCristalli)
    • ๐Ÿ’Ž Make algorithm option required to verify signature #184 (EmilioCristalli)
    • ๐Ÿ›ฐ Validate audience when payload is a scalar and options is an array #183 (steti)

    Closed issues:

    • ๐Ÿ’Ž Different encoded value between servers with same password #197
    • ๐Ÿ’Ž Signature is different at each run #190
    • ๐Ÿ’Ž Include custom headers with password #189
    • ๐Ÿ’Ž can't create token - 'NotImplementedError: Unsupported signing method' #186
    • ๐Ÿ’Ž Why jwt depends on json < 2.0 ? #179
    • ๐Ÿ’Ž Cannot verify JWT at all?? #177
    • ๐Ÿ‘Œ verify_iss: true is raising JWT::DecodeError instead of JWT::InvalidIssuerError #170

    ๐Ÿ”€ Merged pull requests:

    • ๐Ÿ”– Version bump 2.0.0.beta1 #199 (excpt)
    • โšก๏ธ Update CHANGELOG.md and minor fixes #198 (excpt)
    • โž• Add Codacy coverage reporter #194 (excpt)
    • โž• Add minimum required ruby version to gemspec #193 (excpt)
    • ๐Ÿ’Ž Code smell fixes #192 (excpt)
    • ๐Ÿ”– Version bump to 2.0.0.dev #191 (excpt)
    • โ™ป๏ธ Basic encode module refactoring #121 #182 (xamenrax)
    • ๐Ÿ›  Fix travis ci build configuration #181 (excpt)
    • ๐Ÿ›  Fix travis ci build configuration #180 (excpt)
    • ๐Ÿ›  Fix typo in README #178 (tomeduarte)
    • ๐Ÿ›  Fix code style #173 (excpt)
    • ๐Ÿ›  Fixed a typo in a spec name #169 (Mingan)
  • v1.5.6 Changes

    September 19, 2016

    ๐Ÿ’Ž Full Changelog

    ๐Ÿ›  Fixed bugs:

    • ๐Ÿ›  Fix missing symbol handling in aud verify code #166 (excpt)

    ๐Ÿ”€ Merged pull requests:

    • โšก๏ธ Update changelog #168 (excpt)
    • ๐Ÿ›  Fix rubocop code smells #167 (excpt)
  • v1.5.5 Changes

    September 16, 2016

    ๐Ÿ’Ž Full Changelog

    Implemented enhancements:

    • ๐Ÿ’Ž JWT.decode always raises JWT::ExpiredSignature for tokens created with Time objects passed as the exp parameter #148

    ๐Ÿ›  Fixed bugs:

    • ๐Ÿ’Ž expiration check does not give "Signature has expired" error for the exact time of expiration #157
    • ๐Ÿ’Ž JTI claim broken? #152
    • ๐Ÿ’Ž Audience Claim broken? #151
    • ๐Ÿ’Ž 1.5.3 breaks compatibility with 1.5.2 #133
    • ๐Ÿ”– Version 1.5.3 breaks 1.9.3 compatibility, but not documented as such #132
    • ๐Ÿ›  Fix: exp claim check #161 (excpt)

    Closed issues:

    • ๐Ÿ’Ž Rendering Json Results in JWT::DecodeError #162
    • ๐Ÿ’Ž PHP Libraries #154
    • ๐Ÿ”’ [security] Signature verified after expiration/sub/iss checks #153
    • ๐Ÿ’Ž Is ruby-jwt thread-safe? #150
    • ๐Ÿ’Ž JWT 1.5.3 #143
    • ๐Ÿ’Ž gem install v 1.5.3 returns error #141
    • โž• Adding a CHANGELOG #140

    ๐Ÿ”€ Merged pull requests:

    • โฌ†๏ธ Bump version #165 (excpt)
    • ๐Ÿ‘Œ Improve error message for exp claim in payload #164 (excpt)
    • ๐Ÿ›  Fix #151 and code refactoring #163 (excpt)
    • ๐Ÿ’Ž Signature validation before claim verification #160 (excpt)
    • ๐Ÿ’Ž Create specs for README.md examples #159 (excpt)
    • ๐Ÿ’Ž Tiny Readme Improvement #156 (b264)
    • โž• Added test execution to Rakefile #147 (jabbrwcky)
    • โž• Add more bling bling to the site #146 (excpt)
    • โฌ†๏ธ Bump version #145 (excpt)
    • โž• Add first content and basic layout #144 (excpt)
    • โž• Add a changelog file #142 (excpt)
    • ๐Ÿ’Ž Return decoded_segments #139 (akostrikov)
  • v1.5.4 Changes

    March 24, 2016

    ๐Ÿ’Ž Full Changelog

    Closed issues:

    ๐Ÿ”€ Merged pull requests:

    • โšก๏ธ Update README.md #138 (excpt)
    • ๐Ÿ›  Fix base64url_decode #136 (excpt)
    • ๐Ÿ›  Fix ruby 1.9.3 compatibility #135 (excpt)
    • ๐Ÿ’Ž iat can be a float value #134 (llimllib)