JWT v2.3.0 Release Notes
Release Date: 2021-10-03 // 9 months ago-
๐ Full Changelog
Closed issues:
- ๐ [SECURITY] Algorithm Confusion Through kid Header #440
- ๐ JWT to memory #436
- ๐ ArgumentError: wrong number of arguments (given 2, expected 1) #429
- ๐ HMAC section of README outdated #421
- ๐ NoMethodError: undefined method `zero?' for nil:NilClass if JWT has no 'alg' field #410
- ๐ Release new version #409
- ๐ NameError: uninitialized constant JWT::JWK #403
๐ Merged pull requests:
- ๐ Fix Style/MultilineIfModifier issues #447 (anakinj)
- ๐ feat(EdDSA): Accept EdDSA as algorithm header #446 (Pierre-Michard)
- ๐ Pass kid param through JWT::JWK.create_from #445 (shaun-guth-allscripts)
- ๐ fix document about passing JWKs as a simple Hash #443 (takayamaki)
- โ Tests for mixing JWK keys with mismatching algorithms #441 (anakinj)
- โ verify_claims test shouldnt be within the verify_sub test #431 (andyjdavis)
- ๐ Allow decode options to specify required claims #430 (andyjdavis)
- ๐ Fix OpenSSL::PKey::EC public_key handing in tests #427 (anakinj)
- โ Add documentation for find_key #426 (ritikesh)
- ๐ Give ruby 3.0 as a string to avoid number formatting issues #424 (anakinj)
- โ Tests for iat verification behaviour #423 (anakinj)
- โ Remove HMAC with nil secret from documentation #422 (boardfish)
- โก๏ธ Update broken link in README #420 (severin)
- โ Add metadata for RubyGems #418 (nickhammond)
- ๐ Fixed a typo about class name #417 (mai-f)
- ๐ Fix references for v2.2.3 on CHANGELOG #416 (vyper)
- ๐ Raise IncorrectAlgorithm if token has no alg header #411 (bouk)
Previous changes from v2.2.3
-
๐ Full Changelog
Implemented enhancements:
- ๐ Verify algorithm before evaluating keyfinder #343
- ๐ Why jwt depends on json < 2.0 ? #179
- ๐ Support for JWK in-lieu of rsa_public #158
- ๐ Fix rspec
raise_errorwarning #413 (excpt) - โ Add support for JWKs with HMAC key type. #372 (phlegx)
- ๐ Improve 'none' algorithm handling #365 (danleyden)
- ๐ Handle parsed JSON JWKS input with string keys #348 (martinemde)
- ๐ Allow Numeric values during encoding #327 (fanfilmu)
Closed issues:
- ๐ "Signature verification raised", yet jwt.io says "Signature Verified" #401
- ๐ truffleruby-head build is failing #396
- ๐ JWT::JWK::EC needs
require 'forwardable'#392 - ๐ How to use a 'signing key' as used by next-auth #389
- ๐ undefined method `verify' for nil:NilClass when validate a JWT with JWK #383
- ๐ Make specifying "algorithm" optional on decode #380
- ๐ ADFS created access tokens can't be validated due to missing 'kid' header #370
- ๐ new version? #355
- ๐ JWT gitlab OmniAuth provider setup support #354
- ๐ Release with support for RSA.import for ruby < 2.4 hasn't been released #347
- ๐ cannot load such file -- jwt #339
๐ Merged pull requests:
- ๐ Prepare 2.2.3 release #415 (excpt)
- โ Remove codeclimate code coverage dev dependency #414 (excpt)
- โ Add forwardable dependency #408 (anakinj)
- ๐ Ignore casing of algorithm #405 (johnnyshields)
- โ Document function and add tests for verify claims method #404 (yasonk)
- ๐ documenting calling verify_jti callback with 2 arguments in the readme #402 (HoneyryderChuck)
- ๐ Target the master branch on the build status badge #399 (anakinj)
- ๐ Improving the local development experience #397 (anakinj)
- ๐ Fix sourcelevel broken links #395 (anakinj)
- ๐ Don't recommend installing gem with sudo #391 (tjschuck)
- ๐ Enable rubocop locally and on ci #390 (anakinj)
- โ Ci and test cleanup #387 (anakinj)
- ๐ Make JWT::JWK::EC compatible with Ruby 2.3 #386 (anakinj)
- ๐ Support JWKs for pre 2.3 rubies #382 (anakinj)
- ๐ท Replace Travis CI with GitHub Actions (also favor openssl/rbnacl combinations over rails compatibility tests) #381 (anakinj)
- โ Add auth0 sponsor message #379 (excpt)
- ๐ Adapt HMAC to JWK RSA code style. #378 (phlegx)
- ๐ Disable Rails cops #376 (anakinj)
- ๐ Support exporting RSA JWK private keys #375 (anakinj)
- ๐ Ebert is SourceLevel nowadays #374 (anakinj)
- โ Add support for JWKs with EC key type #371 (richardlarocque)
- โ Add Truffleruby head to CI #368 (gogainda)
- โ Add more docs about JWK support #341 (take)