• Add JWT_ENCODE_NBF configuration option to allow disabling the NBF claim during token creation. Thanks @magnunleno! #416
• Add a new get_jwt_request_location() function to determine where a token was parsed from in a request (useful for implicit token refresh with cookies). Thanks @sammck! #420
• Fix wrong error message in edge case with current user in non-decorated route. #408
• Fix JWT in headers followed by a comma raises IndexError #347
• Fix edge cases where @jwt_required(optional=True) was treating a request as if there was jwt present instead of handling the InvalidHeaderError. #421
• Add a JWT_QUERY_STRING_VALUE_PREFIX configuration option. #421
• Update error messages to provide more helpful information to callers when they are sending in a token in an unexpected way.