JWT v2.3.0 Release Notes

Release Date: 2021-10-03 // 9 months ago
  • ๐Ÿ’Ž Full Changelog

    Closed issues:

    • ๐Ÿ”’ [SECURITY] Algorithm Confusion Through kid Header #440
    • ๐Ÿ’Ž JWT to memory #436
    • ๐Ÿ’Ž ArgumentError: wrong number of arguments (given 2, expected 1) #429
    • ๐Ÿ’Ž HMAC section of README outdated #421
    • ๐Ÿ’Ž NoMethodError: undefined method `zero?' for nil:NilClass if JWT has no 'alg' field #410
    • ๐Ÿš€ Release new version #409
    • ๐Ÿ’Ž NameError: uninitialized constant JWT::JWK #403

    ๐Ÿ”€ Merged pull requests:

    • ๐Ÿ›  Fix Style/MultilineIfModifier issues #447 (anakinj)
    • ๐Ÿ’Ž feat(EdDSA): Accept EdDSA as algorithm header #446 (Pierre-Michard)
    • ๐Ÿ’Ž Pass kid param through JWT::JWK.create_from #445 (shaun-guth-allscripts)
    • ๐Ÿ›  fix document about passing JWKs as a simple Hash #443 (takayamaki)
    • โœ… Tests for mixing JWK keys with mismatching algorithms #441 (anakinj)
    • โœ… verify_claims test shouldnt be within the verify_sub test #431 (andyjdavis)
    • ๐Ÿ‘ Allow decode options to specify required claims #430 (andyjdavis)
    • ๐Ÿ›  Fix OpenSSL::PKey::EC public_key handing in tests #427 (anakinj)
    • โž• Add documentation for find_key #426 (ritikesh)
    • ๐Ÿ’Ž Give ruby 3.0 as a string to avoid number formatting issues #424 (anakinj)
    • โœ… Tests for iat verification behaviour #423 (anakinj)
    • โœ‚ Remove HMAC with nil secret from documentation #422 (boardfish)
    • โšก๏ธ Update broken link in README #420 (severin)
    • โž• Add metadata for RubyGems #418 (nickhammond)
    • ๐Ÿ›  Fixed a typo about class name #417 (mai-f)
    • ๐Ÿ›  Fix references for v2.2.3 on CHANGELOG #416 (vyper)
    • ๐Ÿ’Ž Raise IncorrectAlgorithm if token has no alg header #411 (bouk)

Previous changes from v2.2.3

  • ๐Ÿ’Ž Full Changelog

    Implemented enhancements:

    • ๐Ÿ‘Œ Verify algorithm before evaluating keyfinder #343
    • ๐Ÿ’Ž Why jwt depends on json < 2.0 ? #179
    • ๐Ÿ‘Œ Support for JWK in-lieu of rsa_public #158
    • ๐Ÿ›  Fix rspec raise_error warning #413 (excpt)
    • โž• Add support for JWKs with HMAC key type. #372 (phlegx)
    • ๐Ÿ‘Œ Improve 'none' algorithm handling #365 (danleyden)
    • ๐Ÿ“œ Handle parsed JSON JWKS input with string keys #348 (martinemde)
    • ๐Ÿ‘ Allow Numeric values during encoding #327 (fanfilmu)

    Closed issues:

    • ๐Ÿ’Ž "Signature verification raised", yet jwt.io says "Signature Verified" #401
    • ๐Ÿ— truffleruby-head build is failing #396
    • ๐Ÿ’Ž JWT::JWK::EC needs require 'forwardable' #392
    • ๐Ÿ’Ž How to use a 'signing key' as used by next-auth #389
    • ๐Ÿ’Ž undefined method `verify' for nil:NilClass when validate a JWT with JWK #383
    • ๐Ÿ’Ž Make specifying "algorithm" optional on decode #380
    • ๐Ÿ’Ž ADFS created access tokens can't be validated due to missing 'kid' header #370
    • ๐Ÿ†• new version? #355
    • ๐Ÿ’Ž JWT gitlab OmniAuth provider setup support #354
    • ๐Ÿš€ Release with support for RSA.import for ruby < 2.4 hasn't been released #347
    • ๐Ÿ’Ž cannot load such file -- jwt #339

    ๐Ÿ”€ Merged pull requests:

    • ๐Ÿš€ Prepare 2.2.3 release #415 (excpt)
    • โœ‚ Remove codeclimate code coverage dev dependency #414 (excpt)
    • โž• Add forwardable dependency #408 (anakinj)
    • ๐Ÿ’Ž Ignore casing of algorithm #405 (johnnyshields)
    • โœ… Document function and add tests for verify claims method #404 (yasonk)
    • ๐Ÿ’Ž documenting calling verify_jti callback with 2 arguments in the readme #402 (HoneyryderChuck)
    • ๐Ÿ— Target the master branch on the build status badge #399 (anakinj)
    • ๐Ÿ’Ž Improving the local development experience #397 (anakinj)
    • ๐Ÿ›  Fix sourcelevel broken links #395 (anakinj)
    • ๐Ÿ’Ž Don't recommend installing gem with sudo #391 (tjschuck)
    • ๐Ÿ’Ž Enable rubocop locally and on ci #390 (anakinj)
    • โœ… Ci and test cleanup #387 (anakinj)
    • ๐Ÿ’Ž Make JWT::JWK::EC compatible with Ruby 2.3 #386 (anakinj)
    • ๐Ÿ‘Œ Support JWKs for pre 2.3 rubies #382 (anakinj)
    • ๐Ÿ‘ท Replace Travis CI with GitHub Actions (also favor openssl/rbnacl combinations over rails compatibility tests) #381 (anakinj)
    • โž• Add auth0 sponsor message #379 (excpt)
    • ๐Ÿ’… Adapt HMAC to JWK RSA code style. #378 (phlegx)
    • ๐Ÿ’Ž Disable Rails cops #376 (anakinj)
    • ๐Ÿ‘Œ Support exporting RSA JWK private keys #375 (anakinj)
    • ๐Ÿ’Ž Ebert is SourceLevel nowadays #374 (anakinj)
    • โž• Add support for JWKs with EC key type #371 (richardlarocque)
    • โž• Add Truffleruby head to CI #368 (gogainda)
    • โž• Add more docs about JWK support #341 (take)