Release Notes for 4.2.0
This release provides a high-level API, a new (non-standard) algorithm, and validation for key length requirements.
The latter is a minor BC-break for users that aren't following the RFC recommendations.
To contain the impact of the changes and give time for people to rotate keys, we have deprecated implementations that maintain the previous behaviour and allow unsafe keys.
For more information, please read the documentation.
4.2.0
- Total issues resolved: 3
- Total pull requests resolved: 15
- Total contributors: 7
Documentation
- 866: Improve documentation thanks to @lcobucci
- 853: Add documentation for JwtFacade thanks to @lcobucci
- 768: Be more clear about adding validation constraints in the doc thanks to @NicolasCARPi
- 725: [docs] Clarify change in date-formats thanks to @jaylinski
Improvement
- 865: Track constraint on violations thanks to @lcobucci
- 836: Key: require non-empty-string for factory methods too thanks to @Slamdunk
- 832: Add Blake2b signature algorithm thanks to @Slamdunk
- 827: Add constraint for private claim validation thanks to @james-bw
- 826: Add withClaim validation for custom claim validation thanks to @james-bw
- 759: Add simplified API thanks to @Slamdunk
Improvement,Minor BC-break,Security
- 864: Fix ecdsa key size validation thanks to @lcobucci
- 855: Require minimum key size for OpenSSL keys thanks to @Slamdunk
- 854: Require minimum key size for RSA keys thanks to @lcobucci
- 835: Require minimum key size for HMAC algorithm thanks to @Slamdunk
- 833: Key: permit empty keys only with
::empty()factory method thanks to @Slamdunk
Security
-
789: Merge release 4.1.5 into 4.2.x thanks to @github-actions[bot]
-
704: Invalid signing with SHA256 alg using secp521r1 curve thanks to @KartaviK
CI
- 657: Migrate to native dependabot thanks to @lcobucci