All Versions
33
Latest Version
Avg Release Cycle
132 days
Latest Release
582 days ago

Changelog History
Page 1

  • v2.5.0 Changes

    August 25, 2022

    ๐Ÿ’Ž Full Changelog

    ๐Ÿ”‹ Features:

    ๐Ÿ›  Fixes and enhancements:

    • ๐Ÿ’Ž Bring back the old Base64 (RFC2045) deocode mechanisms #488 (@anakinj).
    • ๐Ÿ’Ž Rescue RbNaCl exception for EdDSA wrong key #491 (@n-studio).
    • ๐Ÿ†• New parameter name for cases when kid is not found using JWK key loader proc #501 (@anakinj).
    • ๐Ÿ›  Fix NoMethodError when a 2 segment token is missing 'alg' header #502 (@cmrd-senya).
  • v2.4.1 Changes

    June 07, 2022

    ๐Ÿ’Ž Full Changelog

    ๐Ÿ›  Fixes and enhancements:

  • v2.4.0 Changes

    June 06, 2022

    ๐Ÿ’Ž Full Changelog

    ๐Ÿ”‹ Features:

    • โฌ‡๏ธ Dropped support for Ruby 2.5 and older #453 - @anakinj.
    • ๐Ÿ’Ž Use Ruby built-in url-safe base64 methods #454 - @bdewater.
    • โšก๏ธ Updated rubocop to 1.23.0 #457 - @anakinj.
    • โž• Add x5c header key finder #338 - @bdewater.
    • ๐Ÿ’Ž Author driven changelog process #463 - @anakinj.
    • ๐Ÿ‘ Allow regular expressions and procs to verify issuer #437 (rewritten).
    • โž• Add Support to be able to verify from multiple keys #425 (ritikesh).

    ๐Ÿ›  Fixes and enhancements:

  • v2.3.0 Changes

    October 03, 2021

    ๐Ÿ’Ž Full Changelog

    Closed issues:

    • ๐Ÿ”’ [SECURITY] Algorithm Confusion Through kid Header #440
    • ๐Ÿ’Ž JWT to memory #436
    • ๐Ÿ’Ž ArgumentError: wrong number of arguments (given 2, expected 1) #429
    • ๐Ÿ’Ž HMAC section of README outdated #421
    • ๐Ÿ’Ž NoMethodError: undefined method `zero?' for nil:NilClass if JWT has no 'alg' field #410
    • ๐Ÿš€ Release new version #409
    • ๐Ÿ’Ž NameError: uninitialized constant JWT::JWK #403

    ๐Ÿ”€ Merged pull requests:

    • ๐Ÿš€ Release 2.3.0 #448 (excpt)
    • ๐Ÿ›  Fix Style/MultilineIfModifier issues #447 (anakinj)
    • ๐Ÿ’Ž feat(EdDSA): Accept EdDSA as algorithm header #446 (Pierre-Michard)
    • ๐Ÿ’Ž Pass kid param through JWT::JWK.create_from #445 (shaun-guth-allscripts)
    • ๐Ÿ›  fix document about passing JWKs as a simple Hash #443 (takayamaki)
    • โœ… Tests for mixing JWK keys with mismatching algorithms #441 (anakinj)
    • โœ… verify_claims test shouldnt be within the verify_sub test #431 (andyjdavis)
    • ๐Ÿ‘ Allow decode options to specify required claims #430 (andyjdavis)
    • ๐Ÿ›  Fix OpenSSL::PKey::EC public_key handing in tests #427 (anakinj)
    • โž• Add documentation for find_key #426 (ritikesh)
    • ๐Ÿ’Ž Give ruby 3.0 as a string to avoid number formatting issues #424 (anakinj)
    • โœ… Tests for iat verification behaviour #423 (anakinj)
    • โœ‚ Remove HMAC with nil secret from documentation #422 (boardfish)
    • โšก๏ธ Update broken link in README #420 (severin)
    • โž• Add metadata for RubyGems #418 (nickhammond)
    • ๐Ÿ›  Fixed a typo about class name #417 (mai-f)
    • ๐Ÿ›  Fix references for v2.2.3 on CHANGELOG #416 (vyper)
    • ๐Ÿ’Ž Raise IncorrectAlgorithm if token has no alg header #411 (bouk)
  • v2.2.3 Changes

    April 19, 2021

    ๐Ÿ’Ž Full Changelog

    Implemented enhancements:

    • ๐Ÿ‘Œ Verify algorithm before evaluating keyfinder #343
    • ๐Ÿ’Ž Why jwt depends on json < 2.0 ? #179
    • ๐Ÿ‘Œ Support for JWK in-lieu of rsa_public #158
    • ๐Ÿ›  Fix rspec raise_error warning #413 (excpt)
    • โž• Add support for JWKs with HMAC key type. #372 (phlegx)
    • ๐Ÿ‘Œ Improve 'none' algorithm handling #365 (danleyden)
    • ๐Ÿ“œ Handle parsed JSON JWKS input with string keys #348 (martinemde)
    • ๐Ÿ‘ Allow Numeric values during encoding #327 (fanfilmu)

    Closed issues:

    • ๐Ÿ’Ž "Signature verification raised", yet jwt.io says "Signature Verified" #401
    • ๐Ÿ— truffleruby-head build is failing #396
    • ๐Ÿ’Ž JWT::JWK::EC needs require 'forwardable' #392
    • ๐Ÿ’Ž How to use a 'signing key' as used by next-auth #389
    • ๐Ÿ’Ž undefined method `verify' for nil:NilClass when validate a JWT with JWK #383
    • ๐Ÿ’Ž Make specifying "algorithm" optional on decode #380
    • ๐Ÿ’Ž ADFS created access tokens can't be validated due to missing 'kid' header #370
    • ๐Ÿ†• new version? #355
    • ๐Ÿ’Ž JWT gitlab OmniAuth provider setup support #354
    • ๐Ÿš€ Release with support for RSA.import for ruby < 2.4 hasn't been released #347
    • ๐Ÿ’Ž cannot load such file -- jwt #339

    ๐Ÿ”€ Merged pull requests:

    • ๐Ÿš€ Prepare 2.2.3 release #415 (excpt)
    • โœ‚ Remove codeclimate code coverage dev dependency #414 (excpt)
    • โž• Add forwardable dependency #408 (anakinj)
    • ๐Ÿ’Ž Ignore casing of algorithm #405 (johnnyshields)
    • โœ… Document function and add tests for verify claims method #404 (yasonk)
    • ๐Ÿ’Ž documenting calling verify_jti callback with 2 arguments in the readme #402 (HoneyryderChuck)
    • ๐Ÿ— Target the master branch on the build status badge #399 (anakinj)
    • ๐Ÿ’Ž Improving the local development experience #397 (anakinj)
    • ๐Ÿ›  Fix sourcelevel broken links #395 (anakinj)
    • ๐Ÿ’Ž Don't recommend installing gem with sudo #391 (tjschuck)
    • ๐Ÿ’Ž Enable rubocop locally and on ci #390 (anakinj)
    • โœ… Ci and test cleanup #387 (anakinj)
    • ๐Ÿ’Ž Make JWT::JWK::EC compatible with Ruby 2.3 #386 (anakinj)
    • ๐Ÿ‘Œ Support JWKs for pre 2.3 rubies #382 (anakinj)
    • ๐Ÿ‘ท Replace Travis CI with GitHub Actions (also favor openssl/rbnacl combinations over rails compatibility tests) #381 (anakinj)
    • โž• Add auth0 sponsor message #379 (excpt)
    • ๐Ÿ’… Adapt HMAC to JWK RSA code style. #378 (phlegx)
    • ๐Ÿ’Ž Disable Rails cops #376 (anakinj)
    • ๐Ÿ‘Œ Support exporting RSA JWK private keys #375 (anakinj)
    • ๐Ÿ’Ž Ebert is SourceLevel nowadays #374 (anakinj)
    • โž• Add support for JWKs with EC key type #371 (richardlarocque)
    • โž• Add Truffleruby head to CI #368 (gogainda)
    • โž• Add more docs about JWK support #341 (take)
  • v2.2.2 Changes

    August 18, 2020

    ๐Ÿ’Ž Full Changelog

    Implemented enhancements:

    • ๐Ÿ’Ž JWK does not decode. #332
    • ๐Ÿ’Ž Inconsistent use of symbol and string keys in args (exp and alrogithm). #331
    • ๐Ÿ“Œ Pin simplecov to < 0.18 #356 (anakinj)
    • ๐Ÿ’Ž verifies algorithm before evaluating keyfinder #346 (jb08)
    • ๐Ÿš€ Update Rails 6 appraisal to use actual release version #336 (smudge)
    • โšก๏ธ Update Travis #326 (berkos)
    • ๐Ÿ‘Œ Improvement/encode hmac without key #312 (JotaSe)

    ๐Ÿ›  Fixed bugs:

    • โš  v2.2.1 warning: already initialized constant JWT Error #335
    • ๐Ÿ’Ž 2.2.1 is no longer raising JWT::DecodeError on nil verification key #328
    • ๐Ÿ›  Fix algorithm picking from decode options #359 (excpt)
    • ๐Ÿšฉ Raise error when verification key is empty #358 (anakinj)

    Closed issues:

    • ๐Ÿ’Ž JWT RSA: is it possible to encrypt using the public key? #366
    • ๐Ÿ’Ž Example unsigned token that bypasses verification #364
    • ๐Ÿ‘Œ Verify exp claim/field even if it's not present #363
    • ๐Ÿ’Ž Decode any token #360
    • ๐Ÿ’Ž [question] example of using a pub/priv keys for signing? #351
    • ๐Ÿ›ฐ JWT::ExpiredSignature raised for non-JSON payloads #350
    • ๐Ÿ‘Œ verify_aud only verifies that at least one aud is expected #345
    • ๐Ÿ’Ž Sinatra 4.90s TTFB #344
    • ๐Ÿ’Ž How to Logout #342
    • ๐Ÿ’Ž jwt token decoding even when wrong token is provided for some letters #337
    • ๐Ÿ’Ž Need to use symbolize_keys everywhere! #330
    • ๐Ÿ’Ž eval() used in Forwardable limits usage in iOS App Store #324
    • ๐Ÿ’Ž HS512256 OpenSSL Exception: First num too large #322
    • ๐Ÿ’Ž Can we change the separator character? #321
    • ๐Ÿ‘Œ Verifying iat without leeway may break with poorly synced clocks #319
    • โž• Adding support for 'hd' hosted domain string #314
    • ๐Ÿ’Ž There is no "typ" header in version 2.0.0 #233

    ๐Ÿ”€ Merged pull requests:

    • ๐Ÿš€ Release v2.2.2 #367 (excpt)
    • ๐Ÿ›  Fix 'already initialized constant JWT Error' #357 (excpt)
    • ๐Ÿ‘Œ Support RSA.import for all Ruby versions. #333 (rabajaj0509)
    • โœ‚ Removed forwardable dependency #325 (anakinj)
  • v2.2.1 Changes

    May 24, 2019

    ๐Ÿ’Ž Full Changelog

    ๐Ÿ›  Fixed bugs:

    • ๐Ÿ’Ž need to require 'forwardable' to use Forwardable #316
    • โž• Add forwardable dependency for JWK RSA KeyFinder #317 (excpt)

    ๐Ÿ”€ Merged pull requests:

  • v2.2.0 Changes

    May 23, 2019

    ๐Ÿ’Ž v2.2.0 (2019-03-20)

    ๐Ÿ’Ž Full Changelog

    Implemented enhancements:

    • ๐Ÿ’Ž Use iat_leeway option #273
    • โœ… Use of global state in latest version breaks thread safety of JWT.decode #268
    • ๐Ÿ’Ž JSON support #246
    • ๐Ÿ”„ Change the Github homepage URL to https #301 (ekohl)
    • ๐Ÿ›  Fix Salt length for conformance with PS family specification. #300 (tobypinder)
    • โž• Add support for Ruby 2.6 #299 (bustikiller)
    • โšก๏ธ update homepage in gemspec to use HTTPS #298 (evgeni)
    • ๐Ÿ’Ž Make sure alg parameter value isn't added twice #297 (korstiaan)
    • ๐Ÿ’Ž Claims Validation #295 (jamesstonehill)
    • ๐Ÿ›  JWT::Encode refactorings, alg and exp related bugfixes #293 (anakinj)
    • ๐Ÿ’Ž Proposal of simple JWK support #289 (anakinj)
    • โž• Add RSASSA-PSS signature signing support #285 (oliver-hohn)
    • โž• Add note about using a hard coded algorithm in README #280 (revodoge)
    • โž• Add Appraisal support #278 (olbrich)
    • ๐Ÿ›  Fix decode threading issue #269 (ab320012)
    • โœ‚ Removed leeway from verify_iat #257 (ab320012)

    ๐Ÿ›  Fixed bugs:

    • ๐Ÿ›ฐ Inconsistent handling of payload claim data types #282
    • ๐Ÿ’Ž Use iat_leeway option #273
    • ๐Ÿ’Ž Issued at validation #247
    • ๐Ÿ›  Fix bug and simplify segment validation #292 (anakinj)
    • โœ‚ Removed leeway from verify_iat #257 (ab320012)

    Closed issues:

    • ๐Ÿ’Ž RS256, public and private keys #291
    • ๐Ÿ‘ Allow passing current time to decode #288
    • ๐Ÿ‘Œ Verify exp claim without verifying jwt #281
    • ๐Ÿ’Ž Decoding JWT with ES256 and secp256k1 curve #277
    • ๐Ÿ’Ž Audience as an array - how to specify? #276
    • ๐Ÿ’Ž signature validation using decode method for JWT #271
    • ๐Ÿ’Ž JWT is easily breakable #267
    • ๐Ÿ’Ž Ruby JWT Token #265
    • ๐Ÿ’Ž ECDSA supported algorithms constant is defined as a string, not an array #264
    • ๐Ÿ’Ž NoMethodError: undefined method `group' for <xxxxx> #261
    • ๐Ÿ’Ž 'DecodeError'will replace 'ExpiredSignature' #260
    • ๐Ÿ’Ž TypeError: no implicit conversion of OpenSSL::PKey::RSA into String #259
    • ๐Ÿ’Ž NameError: uninitialized constant JWT::Algos::Eddsa::RbNaCl #258
    • ๐Ÿ’Ž Get new token if curren token expired #256
    • ๐Ÿ’Ž Infer algorithm from header #254
    • ๐Ÿ’Ž Why is the result of decode is an array? #252
    • โž• Add support for headless token #251
    • ๐Ÿ’Ž Leeway or exp_leeway #215
    • ๐Ÿ’Ž Could you describe purpose of cert fixtures and their cryptokey lengths. #185

    ๐Ÿ”€ Merged pull requests:

  • v2.1.0 Changes

    October 06, 2017

    ๐Ÿ’Ž Full Changelog

    Implemented enhancements:

    • ๐Ÿ’Ž Ed25519 support planned? #217
    • ๐Ÿ‘Œ Verify JTI Proc #207
    • ๐Ÿ‘ Allow a list of algorithms for decode #241 (lautis)
    • ๐Ÿ‘Œ verify takes 2 params, second being payload closes: #207 #238 (ab320012)
    • ๐Ÿ’Ž simplified logic for keyfinder #237 (ab320012)
    • ๐Ÿ’Ž Show backtrace if rbnacl-libsodium not loaded #231 (buzztaiki)
    • ๐Ÿ‘Œ Support for ED25519 #229 (ab320012)

    ๐Ÿ›  Fixed bugs:

    • ๐Ÿ’Ž JWT.encode failing on encode for string #235
    • 0๏ธโƒฃ The README says it uses an algorithm by default #226
    • ๐Ÿ›  Fix string payload issue #236 (excpt)

    ๐Ÿ”’ Security fixes:

    Closed issues:

    • ๐Ÿ”„ Change from 1.5.6 to 2.0.0 and appears a "Completed 401 Unauthorized" #240
    • 0๏ธโƒฃ Why doesn't the decode function use a default algorithm? #227

    ๐Ÿ”€ Merged pull requests:

    • ๐Ÿš€ Release 2.1.0 preparations #243 (excpt)
    • โšก๏ธ Update README.md #242 (excpt)
    • โšก๏ธ Update ebert configuration #232 (excpt)
    • โž• added algos/strategy classes + structs for inputs #230 (ab320012)
  • v2.0.0 Changes

    September 03, 2017

    ๐Ÿ’Ž Full Changelog

    Implemented enhancements:

    ๐Ÿ›  Fixed bugs:

    • ๐Ÿ‘Œ Support versions outside 2.1 #209
    • ๐Ÿ‘Œ Verifying expiration without leeway throws exception #206
    • โš  Ruby interpreter warning #200
    • ๐Ÿ’Ž TypeError: no implicit conversion of String into Integer #188
    • ๐Ÿ›  Fix JWT.encode(nil) #203 (tmm1)

    Closed issues:

    • ๐Ÿ’Ž Possibility to disable claim verifications #222
    • ๐Ÿ’Ž Proper way to verify Firebase id tokens #216

    ๐Ÿ”€ Merged pull requests:

    • ๐Ÿš€ Release 2.0.0 preparations :) #225 (excpt)
    • ๐Ÿ›ฐ Skip 'exp' claim validation for array payloads #224 (excpt)
    • 0๏ธโƒฃ Use a default leeway of 0 #223 (travisofthenorth)
    • ๐Ÿ›  Fix reported codesmells #221 (excpt)
    • โž• Add fancy gem version badge #220 (excpt)
    • โž• Add missing dist option to .travis.yml #219 (excpt)
    • ๐Ÿ›  Fix ruby version requirements in gemspec file #218 (excpt)
    • ๐Ÿ›  Fix a little typo in the readme #214 (RyanBrushett)
    • โšก๏ธ Update README.md #212 (zuzannast)
    • ๐Ÿ›  Fix typo in HS512256 algorithm description #211 (ojab)
    • ๐Ÿ‘ Allow configuration of multiple acceptable issuers #210 (ojab)
    • ๐Ÿ’Ž Enforce exp to be an Integer #205 (lucasmazza)
    • ๐Ÿ’Ž ruby 1.9.3 support message upd #204 (maokomioko)
    • ๐Ÿ’Ž Guard against partially loaded RbNaCl when failing to load libsodium #202 (Dorian)