-
Notifications
You must be signed in to change notification settings - Fork 11
/
Copy pathCHANGELOG
79 lines (49 loc) · 2.67 KB
/
CHANGELOG
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
Changelog jmacaroons
=====================
Version 0.5.0 (2022-02-07)
--------------------------
* Add V2 serialization format, thanks to the contribution by Neil Madden
* Add new ```Macaroon.builder``` method to replace the separate class (deprecates: MacaroonBuilder), thanks to the contribution by Timothée Peignier
Version 0.4.1 (2019-08-07)
--------------------------
! Fix timezone handling in the TimestampCaveatVerifier, when millis were used
! Fix examples
! Fix derived key handling more consistent
Version 0.4.0 (2019-08-04)
--------------------------
! Fix spelling mistake satisfyExcact -> satisfyExact (breaking API change, but fixes this jarring typo)
! Fix 3rd party caveats have to be encrypted using a unique nonce, else the security model breaks
! Fix possible timing attack issue while comparing HMACs (https://github.com/nitram509/jmacaroons/issues/6)
! Changed key handling to consistently ensure we always derive a fixed length key from that string or bytes, to be consistent with other macaroon implementations (https://github.com/nitram509/jmacaroons/issues/11)
* Switch to Java 1.8 support
Version 0.3.1 (2014-12-19)
--------------------------
* Fixed: a bug in verifying third-party caveats, they aren't optional but mandatory
Version 0.3.0 (2014-12-06)
--------------------------
+ Added: AuthoritiesCaveatVerifier to verify given authorities, which is a common use case
+ Added: not only strings but also byte arrays may be used as secret keys
* Catched up latest changes from libmacaroons (2014-10-05 hash 568ff74, vid isn't encoded as base64, but raw)
* Improved performance via clone HMAC tool, because its 25% faster than creating a new one via 'getInstance()'
! Serialization uses Base64 URL safe encoding (RFC 4648). This follows libmacaroons implementation,
but may break compatibility to older libs. For backward compatibility, De-Serialization accepts both base64 standards.
Version 0.2.0 (2014-09-26)
--------------------------
+ Added: adding third party caveats to macaroons is possible
+ Added: verifying third party caveats on macaroons is possible
* Fixed: modifying macaroons also copies caveats
* Improved java-docs
* Reworked macaroon structure, using caveat packets
Version 0.1.7 (2014-09-06)
--------------------------
+ Added feature for verifying general caveats constrains
+ Added TimestampCaveatVerifier
Version 0.1.7 (2014-09-06)
--------------------------
+ Lowered the required runtime to JRE 1.6
Version 0.1.6 (2014-09-03)
--------------------------
+ Improved MacaroonsVerifier (API changed)
Version 0.1.4 (2014-08-25)
--------------------------
* Initial release