Releases: latchset/jwcrypto
Version 1.5.7
What's Changed
- JWE: allow general (non flattened) serialization syntax by @Thomas-Mollard in #351
- Update CI actions by @simo5 in #352
- Allow to pass through pem loading unsafe option by @simo5 in #354
- Add support for 'scope' claim with multiple scopes by @tony2001 in #359
- Set default kid when importing keys from pyca. by @bartvm in #367
- Hardening: Enforce length of keys for HMAC operations by @simo5 in #369
- Add Ed25519 and Ed448 signature algorithms by @simo5 in #370
- Migrate jwcrypto packaging to Hatch by @iamdhakrey in #373
- Version 1.5.7 by @simo5 in #374
New Contributors
- @Thomas-Mollard made their first contribution in #351
- @tony2001 made their first contribution in #359
- @bartvm made their first contribution in #367
- @iamdhakrey made their first contribution in #373
Full Changelog: v1.5.6...v1.5.7
Contributors
Assets 2
Version 1.5.6 - Moderate Security release
What's Changed
Full Changelog: v1.5.5...v1.5.6
Contributors
Assets 5
Version 1.5.5
This version fixes a pypi distribution problem introduced in 1.0 when pushing was automated.
With 1.5.5 a binary wheel is now also made available on pypi.
What's Changed
- Fix doc generation by @simo5 in #345
- Update publish action to upload also binary dist by @simo5 in #347
- Fix pypi publishing by @simo5 in #348
Full Changelog: v1.5.4...v1.5.5
Contributors
Assets 4
v1.5.4
One more release bump to address issues with typing_extensions minimum required version
Full Changelog: v1.5.3...v1.5.4
v1.5.3
Bumping release due to inconsistency in python 3.6 support that affected pypi
jwcrypto-1.5.3.tar.gz.sha512sum.txt
jwcrypto-1.5.3.tar.gz
What's Changed
Full Changelog: v1.5.2...v1.5.3
Contributors
Assets 2
Version 1.5.2 - maintenance release
This is a minor maintenance release to improve interoperability with debuggers
Note: yanked from pypi due to 3.6 incompatibility, use 1.5.3
What's Changed
- replace deprecated package with typing_extensions by @david-homelend in #337
New Contributors
- @david-homelend made their first contribution in #337
Full Changelog: v1.5.1...v1.5.2
Contributors
Assets 4
Version 1.5.1 - Security Release
This is a minor security release to fix a potential DoS for applications that allow the use of symmetric keys with pbkdf2.
What's Changed
- Fix X22519 import/export from PEM by @achamayou in #334
- Read the Docs now requires a config file by @simo5 in #335
- chore: refactor for removing pdb symbols by @peppelinux in #330
- Fix potential DoS issue with p2c header by @simo5 in #336
New Contributors
- @achamayou made their first contribution in #334
- @peppelinux made their first contribution in #330
Full Changelog: v1.5.0...v1.5.1
Contributors
Assets 2
v1.5.0
Version 1.5
Minor bugfixes and the addition of Brainpool curves.
As mentioned in the commit: "The use of these algorithms is specified solely by the gematik GmbH – National Digital Health Agency - for use in german e-health applications"
This version also raises the minimum Cryptography version required to 3.4 and the minimum python version tested to 3.7
What's Changed
- Raising the bar for minimum pyca/cryptography by @simo5 in #306
- Fix typos with codespell by @cclauss in #307
- Add codespell checks in CI by @simo5 in #308
- Add Brainpool EC-curves support by @spilikin in #309
- Fix error message by @Cito in #318
- Fix assorted CI issue by @simo5 in #319
- Better support for algorithms that have different input keysize requirement by @simo5 in #324
New Contributors
Full Changelog: v1.4.2...v1.5.0
Contributors
Assets 4
Version 1.4.2
Another minor release to fix a mistake in the compatibility heuristics which affects actual applications
What's Changed
- Fix typo in new backwards JWT compat heuristics by @jcgruenhage in #303
New Contributors
- @jcgruenhage made their first contribution in #303
Full Changelog: v1.4.1...v1.4.2
Contributors
Assets 4
Version 1.4.1
This is a minor release focused on improving backwards compatibility with applications after the API breaking changes introduced in 1.4
This patch adds a bunch of heuristics to be able to safely autodetect a token type. It has been tested to solve the compatibility issues (ie old code works without modifications and fully securely) with at least one large application.
What's Changed
Full Changelog: v1.4.0...v1.4.1