4.2.0

Release Notes for 4.2.0

This release provides a high-level API, a new (non-standard) algorithm, and validation for key length requirements.
The latter is a minor BC-break for users that aren't following the RFC recommendations.

To contain the impact of the changes and give time for people to rotate keys, we have deprecated implementations that maintain the previous behaviour and allow unsafe keys.
For more information, please read the documentation.

4.2.0

• Total issues resolved: 3
• Total pull requests resolved: 15
• Total contributors: 7

Documentation

• 866: Improve documentation thanks to @lcobucci
• 853: Add documentation for JwtFacade thanks to @lcobucci
• 768: Be more clear about adding validation constraints in the doc thanks to @NicolasCARPi
• 725: [docs] Clarify change in date-formats thanks to @jaylinski

Improvement

• 865: Track constraint on violations thanks to @lcobucci
• 836: Key: require non-empty-string for factory methods too thanks to @Slamdunk
• 832: Add Blake2b signature algorithm thanks to @Slamdunk
• 827: Add constraint for private claim validation thanks to @james-bw
• 826: Add withClaim validation for custom claim validation thanks to @james-bw
• 759: Add simplified API thanks to @Slamdunk

Improvement,Minor BC-break,Security

• 864: Fix ecdsa key size validation thanks to @lcobucci
• 855: Require minimum key size for OpenSSL keys thanks to @Slamdunk
• 854: Require minimum key size for RSA keys thanks to @lcobucci
• 835: Require minimum key size for HMAC algorithm thanks to @Slamdunk
• 833: Key: permit empty keys only with ::empty() factory method thanks to @Slamdunk

Security

• 789: Merge release 4.1.5 into 4.2.x thanks to @github-actions[bot]

• 704: Invalid signing with SHA256 alg using secp521r1 curve thanks to @KartaviK

CI

• 657: Migrate to native dependabot thanks to @lcobucci

4.1.5

Release Notes for 4.1.5

This patch ships a minor security fix to prevent misuse of the LocalFileReference key.

More info: GHSA-7322-jrq4-x5hf

4.1.5

• Total issues resolved: 0
• Total pull requests resolved: 1
• Total contributors: 1

Security

• 788: Merge release 4.0.4 into 4.1.x thanks to @github-actions[bot]

4.0.4

Release Notes for 4.0.4

This patch ships a minor security fix to prevent misuse of the LocalFileReference key.

More info: More info: GHSA-7322-jrq4-x5hf

4.0.4

• Total issues resolved: 0
• Total pull requests resolved: 0
• Total contributors: 0

3.4.6

Release Notes for 3.4.6

This patch ships a minor security fix to prevent misuse of the LocalFileReference key.

More info: More info: GHSA-7322-jrq4-x5hf

3.4.6

• Total issues resolved: 1
• Total pull requests resolved: 0
• Total contributors: 3

4.1.4

Release Notes for 4.1.4

This release removes the possibility of having parsing issues when dealing with time-fractions with more than 6 decimal places.

4.1.4

• Total issues resolved: 0
• Total pull requests resolved: 1
• Total contributors: 1

Bug

• 711: Merge release 4.0.3 into 4.1.x thanks to @github-actions[bot]

4.0.3

Release Notes for 4.0.3

This release removes the possibility of having parsing issues when dealing with time-fractions with more than 6 decimal places.

4.0.3

• Total issues resolved: 1
• Total pull requests resolved: 1
• Total contributors: 2

Bug

• 710: Prevent type conversions issues when parsing time-fractions thanks to @lcobucci
• 709: Usage of json_encode() to convert time fractions to microseconds cause precision issues thanks to @sachchida1993

4.1.3

Release Notes for 4.1.3

This release fixes a specification compatibility issue by making sure we use floats to represent time fractions.

4.1.3

• Total issues resolved: 0
• Total pull requests resolved: 1
• Total contributors: 1

Bug

• 707: Merge release 4.0.2 into 4.1.x thanks to @github-actions[bot]

4.0.2

Release Notes for 4.0.2

This release fixes a specification compatibility issue by making sure we use floats to represent time fractions.

4.0.2

• Total issues resolved: 0
• Total pull requests resolved: 1
• Total contributors: 1

Bug

• 706: Fix usage of non JSON numeric values for time fractions (without having precision issues) thanks to @yassinrais

4.1.2

Release Notes for 4.1.2

This release fixes the polyfill for sodium base64 encoding.

4.1.2

• Total issues resolved: 0
• Total pull requests resolved: 1
• Total contributors: 1

Bug

• 685: Fix SodiumBase64Polyfill fallback method reference thanks to @Slamdunk

4.1.1

Release Notes for 4.1.1

This release makes it possible to use the library when libsodium < 1.0.14 is installed.

4.1.1

• Total issues resolved: 0
• Total pull requests resolved: 1
• Total contributors: 1

Bug

• 670: Fix compatibility issues with older libsodium version (< 1.0.14) thanks to @Slamdunk