github lestrrat-go/jwx v3.1.1
on GitHub

7 hours ago

For more detailed release notes, see Changes.

What's Changed

  • build(deps): bump pozil/auto-assign-issue from 2.2.0 to 2.2.1 by @dependabot[bot] in #2045
  • guard ecdsa coordinates against oversized big.Int by @lestrrat in #2050
  • reject jwe with conflicting alg in protected vs per-recipient by @lestrrat in #2052
  • fix AddressClaim.MarshalJSON for non-printable bytes by @lestrrat in #2056
  • jwt: only call ParseForm when WithFormKey is supplied by @lestrrat in #2058
  • jws: jkuProvider rejects fetched keys marked use=enc by @lestrrat in #2060
  • jwa: unify SignatureAlgorithm/KeyEncryption/ContentEncryption into one registry by @lestrrat in #2066
  • build(deps): bump pozil/auto-assign-issue from f245a9119ba5cc2fed4aa7b8268d576d40acddf0 to 7bf9d82c77d45976224660b873fc83e60576c5aa by @dependabot[bot] in #2065
  • cmd/jwx: warn on private-key-to-tty + reject keysize<=0 for oct by @lestrrat in #2071
  • jws: refuse "b64" header in VerifyCompactFast by @lestrrat in #2081
  • jws: VerifyCompactFast refusals match jws.VerifyError() class by @lestrrat in #2083
  • jws: name loose keySet options in fan-out verify error by @lestrrat in #2085
  • jws: honor RFC 7797 b64=false in Message.MarshalJSON by @lestrrat in #2087
  • jws: reject literal-JSON "protected" in general-form JWS by @lestrrat in #2089
  • jwt: ParseRequest: don't skip form body on chunked transfer by @lestrrat in #2091
  • jwt: pedantic mode enforces cty=JWT nested-envelope shape by @lestrrat in #2094
  • jwt: defensively reject missing claims in MaxDeltaIs / MinDeltaIs by @lestrrat in #2099
  • jwt: ParseInsecure: parse loop-local payload, not original input by @lestrrat in #2097
  • jws: Verify rejects b64=false without "b64" listed in "crit" by @lestrrat in #2102
  • jws: Sign auto-declares "b64" in "crit" when emitting b64=false by @lestrrat in #2104
  • jws: declare "b64" as typed bool header field by @lestrrat in #2106
  • jws: reject general-form JWS with top-level "header" sibling of "signatures" by @lestrrat in #2108
  • jws: typed sentinel for AlgorithmsForKey unclassifiable-key failures by @lestrrat in #2110
  • jws: VerifyMessage observes ctx cancellation between loop iterations by @lestrrat in #2112
  • jws: cleanup follow-ups from recent review (low-severity batch) by @lestrrat in #2114
  • jwe: DecryptMessage observes ctx cancellation between loop iterations by @lestrrat in #2117
  • jwe: parse and bound-check PBES2 p2c in int64 space; name the violated bound by @lestrrat in #2119
  • jwe: WithKey validates alg-vs-key shape at option-time by @lestrrat in #2121
  • jwe: compression cap error names "decompressed" payload, the option, and the size by @lestrrat in #2123
  • jwe: bound joined-error count and drop redundant outer Decrypt prefix by @lestrrat in #2125
  • jwe: keySetProvider surfaces per-key errors via errors.Join by @lestrrat in #2127
  • jwe: add WithDisabledKeyAlgorithms global policy hook by @lestrrat in #2129
  • jwe: document WithMaxDecompressBufferSize behavior at non-positive values by @lestrrat in #2131
  • jwk: stop duplicating JWK fields at JWKS top level on parse by @lestrrat in #2133
  • jwk: wrap ParseKey errors with ParseError sentinel by @lestrrat in #2135
  • jwk: stream the keys array with cap-before-allocate by @lestrrat in #2137
  • jwk: treat nil key from custom KeyParser as continue, not success by @lestrrat in #2140
  • jwk: fix phantom ContinueParseError refs and unmarshaler typo in docs by @lestrrat in #2142
  • Changes: draft v3.1.1 release notes by @lestrrat in #2155

Full Changelog: v3.1.0...v3.1.1

Check out latest releases or
releases around lestrrat-go/jwx v3.1.1

Don't miss a new jwx release

NewReleases is sending notifications on new releases.

Get notifications