Skip to content

Releases: jwt/ruby-jwt

jwt-2.5.0

25 Aug 19:59
Compare
Choose a tag to compare

Full Changelog

Features:

Fixes and enhancements:

  • Bring back the old Base64 (RFC2045) deocode mechanisms #488 (@anakinj).
  • Rescue RbNaCl exception for EdDSA wrong key #491 (@n-studio).
  • New parameter name for cases when kid is not found using JWK key loader proc #501 (@anakinj).
  • Fix NoMethodError when a 2 segment token is missing 'alg' header #502 (@cmrd-senya).
  • Support OpenSSL >= 3.0 #496 (@anakinj).

jwt-2.4.1

07 Jun 19:55
Compare
Choose a tag to compare

v2.4.1 (2022-06-07)

Fixes and enhancements:

Full Changelog

jwt-2.4.0

06 Jun 21:10
Compare
Choose a tag to compare

v2.4.0 (2022-06-06)

Full Changelog

Features:

Fixes and enhancements:

jwt-2.4.0.beta1

03 May 21:04
Compare
Choose a tag to compare
jwt-2.4.0.beta1 Pre-release
Pre-release

v2.4.0 (2022-05-03)

Full Changelog

Implemented enhancements:

  • Ensure presence of claims #244
  • Support verifying signature signed using x5c header #59
  • Add x5c header key finder #338 (bdewater)

Security fixes:

  • Importing JWK then exporting results in different kid #313

Closed issues:

  • Is there a way to decode a ES256 encoded JWT with a root certificate but without a public key or a private key? #471
  • Encode output with extra quote #469
  • Please release new gem version #444
  • HS512 signature verification fails for valid tokens #438
  • ArgumentError: invalid base64 while calling JWT::JWK.import(hash) #361
  • NoMethodError (undefined method `encode' for JsonWebToken:Module) #329

Merged pull requests:

jwt-2.3.0

03 Oct 22:14
Compare
Choose a tag to compare

v2.3.0 (2021-10-03)

Full Changelog

Closed issues:

  • [SECURITY] Algorithm Confusion Through kid Header #440
  • JWT to memory #436
  • ArgumentError: wrong number of arguments (given 2, expected 1) #429
  • HMAC section of README outdated #421
  • NoMethodError: undefined method `zero?' for nil:NilClass if JWT has no 'alg' field #410
  • Release new version #409
  • NameError: uninitialized constant JWT::JWK #403

Merged pull requests:

jwt-2.2.3

19 Apr 23:28
Compare
Choose a tag to compare

v2.2.3 (2021-04-19)

Full Changelog

Implemented enhancements:

  • Verify algorithm before evaluating keyfinder #343
  • Why jwt depends on json < 2.0 ? #179
  • Support for JWK in-lieu of rsa_public #158
  • Fix rspec raise_error warning #413 (excpt)
  • Add support for JWKs with HMAC key type. #372 (phlegx)
  • Improve 'none' algorithm handling #365 (danleyden)
  • Handle parsed JSON JWKS input with string keys #348 (martinemde)
  • Allow Numeric values during encoding #327 (fanfilmu)

Closed issues:

  • "Signature verification raised", yet jwt.io says "Signature Verified" #401
  • truffleruby-head build is failing #396
  • JWT::JWK::EC needs require 'forwardable' #392
  • How to use a 'signing key' as used by next-auth #389
  • undefined method `verify' for nil:NilClass when validate a JWT with JWK #383
  • Make specifying "algorithm" optional on decode #380
  • ADFS created access tokens can't be validated due to missing 'kid' header #370
  • new version? #355
  • JWT gitlab OmniAuth provider setup support #354
  • Release with support for RSA.import for ruby < 2.4 hasn't been released #347
  • cannot load such file -- jwt #339

Merged pull requests:

jwt-2.2.2

18 Aug 07:16
Compare
Choose a tag to compare

v2.2.2 (2020-08-18)

Full Changelog

Implemented enhancements:

  • JWK does not decode. #332
  • Inconsistent use of symbol and string keys in args (exp and alrogithm). #331
  • Pin simplecov to < 0.18 #356 (anakinj)
  • verifies algorithm before evaluating keyfinder #346 (jb08)
  • Update Rails 6 appraisal to use actual release version #336 (smudge)
  • Update Travis #326 (berkos)
  • Improvement/encode hmac without key #312 (JotaSe)

Fixed bugs:

  • v2.2.1 warning: already initialized constant JWT Error #335
  • 2.2.1 is no longer raising JWT::DecodeError on nil verification key #328
  • Fix algorithm picking from decode options #359 (excpt)
  • Raise error when verification key is empty #358 (anakinj)

Closed issues:

  • JWT RSA: is it possible to encrypt using the public key? #366
  • Example unsigned token that bypasses verification #364
  • Verify exp claim/field even if it's not present #363
  • Decode any token #360
  • [question] example of using a pub/priv keys for signing? #351
  • JWT::ExpiredSignature raised for non-JSON payloads #350
  • verify_aud only verifies that at least one aud is expected #345
  • Sinatra 4.90s TTFB #344
  • How to Logout #342
  • jwt token decoding even when wrong token is provided for some letters #337
  • Need to use symbolize\_keys everywhere! #330
  • eval() used in Forwardable limits usage in iOS App Store #324
  • HS512256 OpenSSL Exception: First num too large #322
  • Can we change the separator character? #321
  • Verifying iat without leeway may break with poorly synced clocks #319
  • Adding support for 'hd' hosted domain string #314
  • There is no "typ" header in version 2.0.0 #233

Merged pull requests:

jwt-2.2.1

24 May 09:02
8279f62
Compare
Choose a tag to compare

v2.2.1 (2019-05-24)

Full Changelog

Fixed bugs:

  • need to require 'forwardable' to use Forwardable #316
  • Add forwardable dependency for JWK RSA KeyFinder #317 (excpt)

jwt-2.2.0

23 May 18:38
61b2906
Compare
Choose a tag to compare

v2.2.0 (2019-03-20)

Full Changelog

Implemented enhancements:

Fixed bugs:

  • Inconsistent handling of payload claim data types #282
  • Use iat\_leeway option #273
  • Issued at validation #247
  • Fix bug and simplify segment validation #292 (anakinj)
  • Removed leeway from verify\_iat #257 (ab320012)

Closed issues:

  • RS256, public and private keys #291
  • Allow passing current time to decode #288
  • Verify exp claim without verifying jwt #281
  • Decoding JWT with ES256 and secp256k1 curve #277
  • Audience as an array - how to specify? #276
  • signature validation using decode method for JWT #271
  • JWT is easily breakable #267
  • Ruby JWT Token #265
  • ECDSA supported algorithms constant is defined as a string, not an array #264
  • NoMethodError: undefined method `group' for <xxxxx> #261
  • 'DecodeError'will replace 'ExpiredSignature' #260
  • TypeError: no implicit conversion of OpenSSL::PKey::RSA into String #259
  • NameError: uninitialized constant JWT::Algos::Eddsa::RbNaCl #258
  • Get new token if curren token expired #256
  • Infer algorithm from header #254
  • Why is the result of decode is an array? #252
  • Add support for headless token #251
  • Leeway or exp_leeway #215
  • Could you describe purpose of cert fixtures and their cryptokey lengths. #185

Merged pull requests:

jwt-2.2.0-beta.0

20 Mar 18:12
7a6a3f1
Compare
Choose a tag to compare
jwt-2.2.0-beta.0 Pre-release
Pre-release

2.2.0-beta.0 (2019-03-20)

Full Changelog

Implemented enhancements:

Fixed bugs:

  • Inconsistent handling of payload claim data types #282
  • Use iat\_leeway option #273
  • Issued at validation #247
  • Fix bug and simplify segment validation #292 (anakinj)
  • Removed leeway from verify\_iat #257 (ab320012)

Closed issues:

  • RS256, public and private keys #291
  • Allow passing current time to decode #288
  • Verify exp claim without verifying jwt #281
  • Decoding JWT with ES256 and secp256k1 curve #277
  • Audience as an array - how to specify? #276
  • signature validation using decode method for JWT #271
  • JWT is easily breakable #267
  • Ruby JWT Token #265
  • ECDSA supported algorithms constant is defined as a string, not an array #264
  • NoMethodError: undefined method `group' for <xxxxx> #261
  • 'DecodeError'will replace 'ExpiredSignature' #260
  • TypeError: no implicit conversion of OpenSSL::PKey::RSA into String #259
  • NameError: uninitialized constant JWT::Algos::Eddsa::RbNaCl #258
  • Get new token if curren token expired #256
  • Infer algorithm from header #254
  • Why is the result of decode is an array? #252
  • Add support for headless token #251
  • Leeway or exp_leeway #215
  • Could you describe purpose of cert fixtures and their cryptokey lengths. #185

Merged pull requests: