Skip to content

Latest commit

 

History

History
134 lines (83 loc) · 3.49 KB

CHANGES.adoc

File metadata and controls

134 lines (83 loc) · 3.49 KB

Changelog

Version 0.9.0

Date: 2016-01-06

  • Update buddy-core dependency to 0.9.0

  • Minor cosmetic changes.

Version 0.8.1

Date: 2015-11-17

  • Properly remove cats dependency.

  • Fix wrong arguments on jws and compact sign methods.

Version 0.8.0

Date: 2015-11-15

  • Adapt to buddy-core 0.8.x changes.

  • BREAKING CHANGE: Remove cats dependency. The jws/encode, jws/decode and respectivelly functions in the jwe namespace are now simple alias to the main api on the each ns.

Version 0.7.1

Date: 2015-09-23

  • Fix broken nbf claim validation. (thanks to @jonpither for report it)

Version 0.7.0

Date: 2015-09-19

  • Update cats to 1.0.0

  • Update clj-time to 0.11.0

  • Update nippy to 2.9.1

  • Update buddy-core to 0.7.0

  • Remove slingshot usage and start using plain clojure.lang.ExceptionInfo exceptions. (maybe breaking change)

Version 0.6.1

Date: 2015-08-02

  • Set default clojure version to 1.7.0

  • Update cats version to 0.6.1

Version 0.6.0

Date: 2015-06-28

  • Replace cryptographic primitives used in jwe implementation with buddy-core new implementation that fixes few bugs realted to wrong padding management.

  • Update buddy-core to 0.6.0

  • Remove direct slingshot dependency because is not transitive from the new buddy-core version.

  • Update cheshire dependency to 5.5.0

Version 0.5.1

Date: 2015-05-09

  • Improved error reporting when validating wrong jwe/jws tokens.

Version 0.5.0

Date: 2015-04-03

  • Add Jsen Web Encryption support. With key encryption algorithms: DIR, A128KW, A192KW, A256KW, RSA1_5, RSA-OAEP, RSA-OAEP-256. and content encryption algorithms: A128CBC-HS256, A192CBC-HS384, A256CBC-HS512, A128GCM, A192GCM, A256GCM.

  • The encode and decode functions now returns instances of success or failure of exception monad instead of instances of either monad (maybe breaking change).

  • The sign and unsign functions now raises exceptions instead of simply return nil. This allows libraries and applications that does not works with monads workis like a usual, using jvm exceptions and know the specific error instead of useless nil (maybe breaking change).

  • Add the ability to specify the :typ header value in JWS.

  • Add :iss (issuer) and :aud (audience) claims validation to JWS.

  • Add explicit alg validation in JWS (the previous behavior that only checks the header alg without matching it with user provided value has security flaws: https://auth0.com/blog/2015/03/31/critical-vulnerabilities-in-json-web-token-libraries/

Version 0.4.2

Date: 2015-03-29

  • Bug fix related to :iat param validating on jws. (thanks to @tvanhens)

Version 0.4.1

Date: 2015-03-14

  • Update nippy version from 2.7.1 to 2.8.0

  • Update buddy-core from 0.4.0 to 0.4.2

  • Update cats from 0.3.2 to 0.3.4

Version 0.4.0

Date: 2015-02-22

  • Add encode/decode functions to JWS/JWT implementation. Them instead of return plain value, return a monadic either. That allows granular error reporting instead something like nil that not very useful. The previous sign/unsign are conserved for backward compatibility but maybe in future will be removed.

  • Rename parameter maxage to max-age on jws implementation. This change introduces a little backward incompatibility.

  • Add "compact" signing implementation as replacemen of django based one.

  • Django based generic signing is removed.

  • Update buddy-core version to 0.4.0

Version 0.3.0

Date: 2014-01-18

  • First version splitted from monolitic buddy package.

  • No changes from original version.