jwt 3.2.0

jwt-3.2.0

on Ruby Gems

v3.2.0 (2026-05-13)

Full Changelog

Features:

• Add enforce_hmac_key_length configuration option #716 - (@304)

Fixes and enhancements:

• Reject nil and empty HMAC keys when signing and verifying (CVE-2026-45363 / GHSA-c32j-vqhx-rx3x)
• Fix compatibility with the openssl 4.0 gem #706
• Test against Ruby 4.0 on CI #707
• Fix type error when header is not a JSON object #715 - (@304)