Releases · jwt/ruby-jwt

Updated README to correctly document OpenSSL::HMAC documentation #617 (@aedryan)
Verify JWT header format #622 (@304)
Bring back ::JWT::ClaimsValidator, ::JWT::Verify and a few other removed interfaces for preserved backwards compatibility #624 (@anakinj)

Assets 2

23 Sep 16:51

anakinj

v2.9.1

b808636

jwt-2.9.1

Full Changelog

Fixes and enhancements:

Fix regression in iss and aud claim validation #619 (@anakinj)

Assets 2

15 Sep 15:51

anakinj

v2.9.0

b26aee7

jwt-2.9.0

Full Changelog

Features:

Build and push gem using a GH action #612 (@anakinj)

Fixes and enhancements:

Refactor claim validators into their own classes #605 (@anakinj, @MatteoPierro)
Allow extending available algorithms #607 (@anakinj)
Do not include the EdDSA algorithm if rbnacl not available #613 (@anakinj)

Assets 2

18 Jun 14:35

anakinj

v2.8.2

e674ca3

jwt-2.8.2

Full Changelog

Fixes and enhancements:

Print deprecation warnings only on when token decoding succeeds #600 (@anakinj)
Unify code style #602 (@anakinj)

Assets 2

29 Feb 06:33

anakinj

v2.8.1

ea1e441

jwt-2.8.1

Full Changelog

Features:

Configurable base64 decode behaviour #589 (@anakinj)

Fixes and enhancements:

Output deprecation warnings once #589 (@anakinj)

Assets 2

17 Feb 14:17

anakinj

v2.8.0

956fa1b

jwt-2.8.0

Full Changelog

Features:

Updated rubocop to 1.56 #573 (@anakinj)
Run CI on Ruby 3.3 #577 (@anakinj)
Deprecation warning added for the HMAC algorithm HS512256 (HMAC-SHA-512 truncated to 256-bits) #575 (@anakinj)
Stop using RbNaCl for standard HMAC algorithms #575 (@anakinj)

Fixes and enhancements:

Fix signature has expired error if payload is a string #555 (@GobinathAL)
Fix key base equality and spaceship operators #569 (@magneland)
Remove explicit base64 require from x5c_key_finder #580 (@anakinj)
Performance improvements and cleanup of tests #581 (@anakinj)
Repair EC x/y coordinates when importing JWK #585 (@julik)
Explicit dependency to the base64 gem #582 (@anakinj)
Deprecation warning for decoding content not compliant with RFC 4648 #582 (@anakinj)
Algorithms moved under the ::JWT::JWA module (@anakinj)

Assets 2

25 Jul 19:48

anakinj

v2.7.1

781fbd1

jwt-2.7.1

Full Changelog

Fixes and enhancements:

Handle invalid algorithm when decoding JWT #559 - @nataliastanko
Do not raise error when verifying bad HMAC signature #563 - @hieuk09

Assets 2

01 Feb 20:01

anakinj

v2.7.0

53d857e

jwt-2.7.0

Full Changelog

Features:

Support OKP (Ed25519) keys for JWKs #540 (@anakinj)
JWK Sets can now be used for tokens with nil kid #543 (@bellebaum)

Fixes and enhancements:

Fix issue with multiple keys returned by keyfinder and multiple allowed algorithms #545 (@mpospelov)
Non-string kid header values are now rejected #543 (@bellebaum)

Assets 2

22 Dec 20:04

anakinj

v2.6.0

604fe61

jwt-2.6.0

v2.6.0 (2022-12-22)

Full Changelog

Features:

Support custom algorithms by passing algorithm objects#512 (@anakinj).
Support descriptive (not key related) JWK parameters#520 (@bellebaum).
Support for JSON Web Key Sets#525 (@bellebaum).
Support HMAC keys over 32 chars when using RbNaCl#521 (@anakinj).

Fixes and enhancements:

Raise descriptive error on empty hmac_secret and OpenSSL 3.0/openssl gem <3.0.1 #530 (@jonmchan).

Assets 2

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

v2.9.3 (2024-10-03)

v2.9.2 (2024-10-03)

v2.6.0 (2022-12-22)

Releases: jwt/ruby-jwt

jwt-2.9.3

v2.9.3 (2024-10-03)

jwt-2.9.2

v2.9.2 (2024-10-03)

jwt-2.9.1

jwt-2.9.0

jwt-2.8.2

jwt-2.8.1

jwt-2.8.0

jwt-2.7.1

jwt-2.7.0

jwt-2.6.0

v2.6.0 (2022-12-22)