LADI
/
py-jwt
1
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
py-jwt/CHANGELOG.md

11 KiB
Raw Permalink Blame History

Change Log

All notable changes to this project will be documented in this file. This project adheres to Semantic Versioning.

Unreleased

Changed

Fixed

Added

v1.7.1

Fixed

  • Update test dependencies with pinned ranges
  • Fix pytest deprecation warnings

v1.7.0

Changed

  • Remove CRLF line endings #353

Fixed

  • Update usage.rst #360

Added

v1.6.4

Fixed

  • Reverse an unintentional breaking API change to .decode() #352

v1.6.3

Changed

  • All exceptions inherit from PyJWTError #340

Added

Docs

  • Added section to usage docs for jwt.get_unverified_header() #350
  • Update legacy instructions for using pycrypto #337

v1.6.1

Fixed

  • Audience parameter throws InvalidAudienceError when application does not specify an audience, but the token does. #336

v1.6.0

Changed

  • Dropped support for python 2.6 and 3.3 #301
  • An invalid signature now raises an InvalidSignatureError instead of DecodeError #316

Fixed

  • Fix over-eager fallback to stdin #304

Added

  • Audience parameter now supports iterables #306

v1.5.3

Changed

  • Increase required version of the cryptography package to >=1.4.0.

Fixed

  • Remove uses of deprecated functions from the cryptography package.
  • Warn about missing algorithms param to decode() only when verify param is True #281

v1.5.2

Fixed

  • Ensure correct arguments order in decode super call 7c1e61d

v1.5.1

Changed

  • Change optparse for argparse. #238

Fixed

  • Guard against PKCS1 PEM encododed public keys #277
  • Add deprecation warning when decoding without specifying algorithms #277
  • Improve deprecation messages #270
  • PyJWT.decode: move verify param into options #271

Added

  • Support for Python 3.6 #262
  • Expose jwt.InvalidAlgorithmError #264

v1.5.0

Changed

  • Add support for ECDSA public keys in RFC 4253 (OpenSSH) format #244
  • Renamed commandline script jwt to jwt-cli to avoid issues with the script clobbering the jwt module in some circumstances. #187
  • Better error messages when using an algorithm that requires the cryptography package, but it isn't available #230
  • Tokens with future 'iat' values are no longer rejected #190
  • Non-numeric 'iat' values now raise InvalidIssuedAtError instead of DecodeError
  • Remove rejection of future 'iat' claims #252

Fixed

  • Add back 'ES512' for backward compatibility (for now) #225
  • Fix incorrectly named ECDSA algorithm #219
  • Fix rpm build #196

Added

  • Add JWK support for HMAC and RSA keys #202

v1.4.2

Fixed

  • A PEM-formatted key encoded as bytes could cause a TypeError to be raised #213

v1.4.1

Fixed

  • Newer versions of Pytest could not detect warnings properly #182
  • Non-string 'kid' value now raises InvalidTokenError #174
  • jwt.decode(None) now gracefully fails with InvalidTokenError #183

v1.4

Fixed

  • Exclude Python cache files from PyPI releases.

Added

  • Added new options to require certain claims (require_nbf, require_iat, require_exp) and raise MissingRequiredClaimError if they are not present.
  • If audience= or issuer= is specified but the claim is not present, MissingRequiredClaimError is now raised instead of InvalidAudienceError and InvalidIssuerError

v1.3

Fixed

  • ECDSA (ES256, ES384, ES512) signatures are now being properly serialized #158
  • RSA-PSS (PS256, PS384, PS512) signatures now use the proper salt length for PSS padding. #163

Added

  • Added a new jwt.get_unverified_header() to parse and return the header portion of a token prior to signature verification.

Removed

  • Python 3.2 is no longer a supported platform. This version of Python is rarely used. Users affected by this should upgrade to 3.3+.

v1.2.0

Fixed

  • Added back verify_expiration= argument to jwt.decode() that was erroneously removed in v1.1.0.

Changed

  • Refactored JWS-specific logic out of PyJWT and into PyJWS superclass. #141

Deprecated

  • verify_expiration= argument to jwt.decode() is now deprecated and will be removed in a future version. Use the option= argument instead.

v1.1.0

Added

  • Added support for PS256, PS384, and PS512 algorithms. #132
  • Added flexible and complete verification options during decode. #131
  • Added this CHANGELOG.md file.

Deprecated

  • Deprecated usage of the .decode(..., verify=False) parameter.

Fixed

  • Fixed command line encoding. #128

v1.0.1

Fixed

  • Include jwt/contrib' and jwt/contrib/algorithms` in setup.py so that they will actually be included when installing. 882524d
  • Fix bin/jwt after removing jwt.header(). bd57b02

v1.0.0

Changed

  • Moved jwt.api.header out of the public API. #85
  • Added README details how to extract public / private keys from an x509 certificate. #100
  • Refactor api.py functions into an object (PyJWT). #101
  • Added support for PyCrypto and ecdsa when cryptography isn't available. #101

Fixed

  • Fixed a security vulnerability where alg=None header could bypass signature verification. #109
  • Fixed a security vulnerability by adding support for a whitelist of allowed alg values jwt.decode(algorithms=[]). #110