Note that this release introduces a warning at startup if the configured JWT signing secret is fewer than 32 characters in length, and pads the key with spaces to the right to reach 32 characters.
Anyone that has specified a custom JWT signing key with a length fewer than 32 characters and that is using the key in another application (for example, to verify or create slskd JWTs) will need to adjust external applications to account for the additional characters.
Support for JWT signing keys with length fewer than 32 characters will be removed in the next major (0.20.xx) release.
What's Changed
- FIX: Ensure JWT signing key is at least 32 characters (256 bits) by @jpdillingham in #1021
Full Changelog: 0.19.2...0.19.3