Releases: jwt/ruby-jwt
Releases · jwt/ruby-jwt
jwt-2.2.1
jwt-2.2.0
v2.2.0 (2019-03-20)
Implemented enhancements:
- Use iat_leeway option #273
- Use of global state in latest version breaks thread safety of JWT.decode #268
- JSON support #246
- Change the Github homepage URL to https #301 (ekohl)
- Fix Salt length for conformance with PS family specification. #300 (tobypinder)
- Add support for Ruby 2.6 #299 (bustikiller)
- update homepage in gemspec to use HTTPS #298 (evgeni)
- Make sure alg parameter value isn't added twice #297 (korstiaan)
- Claims Validation #295 (jamesstonehill)
- JWT::Encode refactorings, alg and exp related bugfixes #293 (anakinj)
- Proposal of simple JWK support #289 (anakinj)
- Add RSASSA-PSS signature signing support #285 (oliver-hohn)
- Add note about using a hard coded algorithm in README #280 (revodoge)
- Add Appraisal support #278 (olbrich)
- Fix decode threading issue #269 (ab320012)
- Removed leeway from verify_iat #257 (ab320012)
Fixed bugs:
- Inconsistent handling of payload claim data types #282
- Use iat\_leeway option #273
- Issued at validation #247
- Fix bug and simplify segment validation #292 (anakinj)
- Removed leeway from verify\_iat #257 (ab320012)
Closed issues:
- RS256, public and private keys #291
- Allow passing current time to
decode#288 - Verify exp claim without verifying jwt #281
- Decoding JWT with ES256 and secp256k1 curve #277
- Audience as an array - how to specify? #276
- signature validation using decode method for JWT #271
- JWT is easily breakable #267
- Ruby JWT Token #265
- ECDSA supported algorithms constant is defined as a string, not an array #264
- NoMethodError: undefined method `group' for <xxxxx> #261
- 'DecodeError'will replace 'ExpiredSignature' #260
- TypeError: no implicit conversion of OpenSSL::PKey::RSA into String #259
- NameError: uninitialized constant JWT::Algos::Eddsa::RbNaCl #258
- Get new token if curren token expired #256
- Infer algorithm from header #254
- Why is the result of decode is an array? #252
- Add support for headless token #251
- Leeway or exp_leeway #215
- Could you describe purpose of cert fixtures and their cryptokey lengths. #185
Merged pull requests:
- Misc config improvements #296 (jamesstonehill)
- Fix JSON conflict between #293 and #292 #294 (anakinj)
- Drop Ruby 2.2 from test matrix #290 (anakinj)
- Remove broken reek config #283 (excpt)
- Add missing test, Update common files #275 (excpt)
- Remove iat_leeway option #274 (wohlgejm)
- improving code quality of jwt module #266 (ab320012)
- fixed ECDSA supported versions const #263 (starbeast)
- Added my name to contributor list #262 (ab320012)
- Use
Class\#newShorthand For Error Subclasses #255 (akabiru) - [CI] Test against Ruby 2.5 #253 (nicolasleger)
- Fix README #250 (rono23)
- Fix link format #248 (y-yagi)
jwt-2.2.0-beta.0
2.2.0-beta.0 (2019-03-20)
Implemented enhancements:
- Use iat_leeway option #273
- Use of global state in latest version breaks thread safety of JWT.decode #268
- JSON support #246
- Change the Github homepage URL to https #301 (ekohl)
- Fix Salt length for conformance with PS family specification. #300 (tobypinder)
- Add support for Ruby 2.6 #299 (bustikiller)
- update homepage in gemspec to use HTTPS #298 (evgeni)
- Make sure alg parameter value isn't added twice #297 (korstiaan)
- Claims Validation #295 (jamesstonehill)
- JWT::Encode refactorings, alg and exp related bugfixes #293 (anakinj)
- Proposal of simple JWK support #289 (anakinj)
- Add RSASSA-PSS signature signing support #285 (oliver-hohn)
- Add note about using a hard coded algorithm in README #280 (revodoge)
- Add Appraisal support #278 (olbrich)
- Fix decode threading issue #269 (ab320012)
- Removed leeway from verify_iat #257 (ab320012)
Fixed bugs:
- Inconsistent handling of payload claim data types #282
- Use iat\_leeway option #273
- Issued at validation #247
- Fix bug and simplify segment validation #292 (anakinj)
- Removed leeway from verify\_iat #257 (ab320012)
Closed issues:
- RS256, public and private keys #291
- Allow passing current time to
decode#288 - Verify exp claim without verifying jwt #281
- Decoding JWT with ES256 and secp256k1 curve #277
- Audience as an array - how to specify? #276
- signature validation using decode method for JWT #271
- JWT is easily breakable #267
- Ruby JWT Token #265
- ECDSA supported algorithms constant is defined as a string, not an array #264
- NoMethodError: undefined method `group' for <xxxxx> #261
- 'DecodeError'will replace 'ExpiredSignature' #260
- TypeError: no implicit conversion of OpenSSL::PKey::RSA into String #259
- NameError: uninitialized constant JWT::Algos::Eddsa::RbNaCl #258
- Get new token if curren token expired #256
- Infer algorithm from header #254
- Why is the result of decode is an array? #252
- Add support for headless token #251
- Leeway or exp_leeway #215
- Could you describe purpose of cert fixtures and their cryptokey lengths. #185
Merged pull requests:
- Misc config improvements #296 (jamesstonehill)
- Fix JSON conflict between #293 and #292 #294 (anakinj)
- Drop Ruby 2.2 from test matrix #290 (anakinj)
- Remove broken reek config #283 (excpt)
- Add missing test, Update common files #275 (excpt)
- Remove iat_leeway option #274 (wohlgejm)
- improving code quality of jwt module #266 (ab320012)
- fixed ECDSA supported versions const #263 (starbeast)
- Added my name to contributor list #262 (ab320012)
- Use
Class\#newShorthand For Error Subclasses #255 (akabiru) - [CI] Test against Ruby 2.5 #253 (nicolasleger)
- Fix README #250 (rono23)
- Fix link format #248 (y-yagi)
jwt-2.1.0
2.1.0 (2017-10-06)
Implemented enhancements:
- Ed25519 support planned? #217
- Verify JTI Proc #207
- Allow a list of algorithms for decode #241 (lautis)
- verify takes 2 params, second being payload closes: #207 #238 (ab320012)
- simplified logic for keyfinder #237 (ab320012)
- Show backtrace if rbnacl-libsodium not loaded #231 (buzztaiki)
- Support for ED25519 #229 (ab320012)
Fixed bugs:
- JWT.encode failing on encode for string #235
- The README says it uses an algorithm by default #226
- Fix string payload issue #236 (excpt)
Closed issues:
- Change from 1.5.6 to 2.0.0 and appears a "Completed 401 Unauthorized" #240
- Why doesn't the decode function use a default algorithm? #227
Merged pull requests:
jwt-2.0.0
Change Log
v2.0.0 (2017-09-03)
Fixed bugs:
- Support versions outside 2.1 #209
- Verifying expiration without leeway throws exception #206
- Ruby interpreter warning #200
- TypeError: no implicit conversion of String into Integer #188
- Fix JWT.encode(nil) #203 (tmm1)
Closed issues:
Merged pull requests:
- Skip 'exp' claim validation for array payloads #224 (excpt)
- Use a default leeway of 0 #223 (travisofthenorth)
- Fix reported codesmells #221 (excpt)
- Add fancy gem version badge #220 (excpt)
- Add missing dist option to .travis.yml #219 (excpt)
- Fix ruby version requirements in gemspec file #218 (excpt)
- Fix a little typo in the readme #214 (RyanBrushett)
- Update README.md #212 (zuzannast)
- Fix typo in HS512256 algorithm description #211 (ojab)
- Allow configuration of multiple acceptable issuers #210 (ojab)
- Enforce
expto be anInteger#205 (lucasmazza) - ruby 1.9.3 support message upd #204 (maokomioko)
- Guard against partially loaded RbNaCl when failing to load libsodium #202 (Dorian)
jwt-2.0.0.beta1
Changelog
v2.0.0.beta1 (2017-02-27)
Implemented enhancements:
- Error with method sign for String #171
- Refactor the encondig code #121
- Refactor #196 (EmilioCristalli)
- Move signature logic to its own module #195 (EmilioCristalli)
- Add options for claim-specific leeway #187 (EmilioCristalli)
- Add user friendly encode error if private key is a String, #171 #176 (xamenrax)
- Return empty string if signature less than byte_size #155 #175 (xamenrax)
- Remove 'typ' optional parameter #174 (xamenrax)
- Pass payload to keyfinder #172 (CodeMonkeySteve)
- Use RbNaCl for HMAC if available with fallback to OpenSSL #149 (mwpastore)
Fixed bugs:
- ruby-jwt::raw_to_asn1: Fails for signatures less than byte_size #155
- The leeway parameter is applies to all time based verifications #129
- Add options for claim-specific leeway #187 (EmilioCristalli)
- Make algorithm option required to verify signature #184 (EmilioCristalli)
- Validate audience when payload is a scalar and options is an array #183 (steti)
Closed issues:
- Different encoded value between servers with same password #197
- Signature is different at each run #190
- Include custom headers with password #189
- can't create token - 'NotImplementedError: Unsupported signing method' #186
- Why jwt depends on json < 2.0 ? #179
- Cannot verify JWT at all?? #177
- verify_iss: true is raising JWT::DecodeError instead of JWT::InvalidIssuerError #170
Merged pull requests:
- Version bump 2.0.0.beta1 #199 (excpt)
- Update CHANGELOG.md and minor fixes #198 (excpt)
- Add Codacy coverage reporter #194 (excpt)
- Add minimum required ruby version to gemspec #193 (excpt)
- Code smell fixes #192 (excpt)
- Version bump to 2.0.0.dev #191 (excpt)
- Basic encode module refactoring #121 #182 (xamenrax)
- Fix travis ci build configuration #181 (excpt)
- Fix travis ci build configuration #180 (excpt)
- Fix typo in README #178 (tomeduarte)
- Fix code style #173 (excpt)
- Fixed a typo in a spec name #169 (Mingan)
jwt-1.5.6
jwt-1.5.5
Implemented enhancements:
- JWT.decode always raises JWT::ExpiredSignature for tokens created with Time objects passed as the
expparameter #148
Fixed bugs:
- expiration check does not give "Signature has expired" error for the exact time of expiration #157
- JTI claim broken? #152
- Audience Claim broken? #151
- 1.5.3 breaks compatibility with 1.5.2 #133
- Version 1.5.3 breaks 1.9.3 compatibility, but not documented as such #132
- Fix: exp claim check #161 (excpt)
Closed issues:
- Rendering Json Results in JWT::DecodeError #162
- PHP Libraries #154
- [security] Signature verified after expiration/sub/iss checks #153
- Is ruby-jwt thread-safe? #150
- JWT 1.5.3 #143
- gem install v 1.5.3 returns error #141
- Adding a CHANGELOG #140
Merged pull requests:
- Bump version #165 (excpt)
- Improve error message for exp claim in payload #164 (excpt)
- Fix #151 and code refactoring #163 (excpt)
- Signature validation before claim verification #160 (excpt)
- Create specs for README.md examples #159 (excpt)
- Tiny Readme Improvement #156 (b264)
- Added test execution to Rakefile #147 (jabbrwcky)
- Add more bling bling to the site #146 (excpt)
- Bump version #145 (excpt)
- Add first content and basic layout #144 (excpt)
- Add a changelog file #142 (excpt)
- Return decoded_segments #139 (akostrikov)
jwt-1.5.4
Closed issues:
Merged pull requests:
[YANKED] jwt-1.5.3
Changelog
- Dropped ruby 1.9.3 support #131
- Update README.md - improve documentation and fix typos
- Removed
echoedependency - Fix hash/string key issue in options #130
- Allow a proc to be passed for JTI verification #126
- Code refactoring and code smell fixes
Commits
4a0b939 Merge pull request #131 from jwt/drop-ruby-1.9.3-support
cfc8362 Update .travis.yml
04120f6 Merge pull request #130 from tpickett66/hash-keys
a4d0473 Bump version
a6d1a33 Allow verification option keys to be strings or symbols
b47ab94 Make Verify an instantiatable class
6a9b5cc Adjust aud checking to use a string key against the payload
7b80ec9 Move Verify specs to a separate file.
2c7837f update testing and install sections of readme
d4fca40 Merge pull request #126 from yahooguntu/master
0100ad6 Allow a proc to be passed for JTI verification
b85b30e Merge pull request #122 from excpt/refactor-json-dependency
1499b16 Merge pull request #123 from excpt/ci-settings
2d5bc86 Remove obsolete json code
a03fbaf Add ruby 2.3.0 for travis ci testing
91b4220 Update README.md
86f470b Merge pull request #118 from excpt/master
a6672da Add fancy badges to README.md
0a2fa6c Merge pull request #117 from excpt/master
707376a Fix merge options bug
f889e49 Fix some code smells
a0815ee Fix some more code smells
e556eb9 Fix some code smells in JWT::Verify class
7a7ac9a Refactor decode and verify functionality
59dd2e0 Merge pull request #116 from excpt/master
79cdce8 Fix code smell reported by rubocop
451d950 Fix code smells reported by rubocop
4d440dc Fix travis test command
279df0e Remove echoe dependency
4f45b66 Add version class, remove utf8 encoding comment
559a23b Update codeclimate settings
cabde34 Merge pull request #114 from FXFusion/master
e5a94db Updated readme for iss/aud options
6c84213 Merge pull request #113 from lwe/lwe-jti-validation-fix
320306b relax restrictions on "jti" claim verification
27c7412 Merge pull request #112 from kat3kasper/fix/misspelling
02cbbd6 Fix error misspelling