Changelog History
Page 1
-
v2.2.0 Changes
๐ Unreleased
-
v2.1.2 Changes
๐ Released 2022-03-24
- Handle date overflow in timed unsign on 32-bit systems. :pr:
299
- Handle date overflow in timed unsign on 32-bit systems. :pr:
-
v2.1.1 Changes
๐ Released 2022-03-09
- Handle date overflow in timed unsign. :pr:
296
- Handle date overflow in timed unsign. :pr:
-
v2.1.0 Changes
๐ Released 2022-02-17
- ๐ Drop support for Python 3.6. :pr:
272
๐ Remove previously deprecated code. :pr:
273
- JWS functionality: Use a dedicated library such as Authlib instead.
-
import itsdangerous.json
: Importjson
from the standard library instead.
- ๐ Drop support for Python 3.6. :pr:
-
v2.0.1 Changes
๐ Released 2021-05-18
- Mark top-level names as exported so type checking understands
imports in user projects. :pr:
240
- The
salt
argument toSerializer
andSigner
can beNone
again. :issue:237
- Mark top-level names as exported so type checking understands
imports in user projects. :pr:
-
v2.0.0 Changes
๐ Released 2021-05-11
- ๐ Drop support for Python 2 and 3.5.
- ๐ JWS support (
JSONWebSignatureSerializer
,TimedJSONWebSignatureSerializer
) is deprecated. Use a dedicated JWS/JWT library such as authlib instead. :issue:129
- ๐ Importing
itsdangerous.json
is deprecated. Import Python'sjson
module instead. :pr:152
- Simplejson is no longer used if it is installed. To use a different
library, pass it as
Serializer(serializer=...)
. :issue:146
-
datetime
values are timezone-aware withtimezone.utc
. Code usingTimestampSigner.unsign(return_timestamp=True)
orBadTimeSignature.date_signed
may need to change. :issue:150
- If a signature has an age less than 0, it will raise
SignatureExpired
rather than appearing valid. This can happen if the timestamp offset is changed. :issue:126
-
BadTimeSignature.date_signed
is always adatetime
object rather than anint
in some cases. :issue:124
- ๐ Added support for key rotation. A list of keys can be passed as
secret_key
, oldest to newest. The newest key is used for signing, all keys are tried for unsigning. :pr:141
- ๐ Removed the default SHA-512 fallback signer from
default_fallback_signers
. :issue:155
- Add type information for static typing tools. :pr:
186
-
v1.1.0 Changes
October 27, 2018๐ Released 2018-10-26
- 0๏ธโฃ Change default signing algorithm back to SHA-1. (
#113
_) - 0๏ธโฃ Added a default SHA-512 fallback for users who used the yanked 1.0.0
release which defaulted to SHA-512. (
#114
_) - ๐ Add support for fallback algorithms during deserialization to
support changing the default in the future without breaking existing
signatures. (
#113
_) - ๐ฆ Changed capitalization of packages back to lowercase as the change
in capitalization broke some tooling. (
#113
_)
.. _#113: https://github.com/pallets/itsdangerous/pull/113 .. _#114: https://github.com/pallets/itsdangerous/pull/114
- 0๏ธโฃ Change default signing algorithm back to SHA-1. (
-
v1.0.0 Changes
October 18, 2018๐ Released 2018-10-18
YANKED
Note: This release was yanked from PyPI because it changed the default โช algorithm to SHA-512. This decision was reverted in 1.1.0 and it remains at SHA1.
- ๐ Drop support for Python 2.6 and 3.3.
- ๐จ Refactor code from a single module to a package. Any object in the
API docs is still importable from the top-level
itsdangerous
name, but other imports will need to be changed. A future release will remove many of these compatibility imports. (#107
_) - โก๏ธ Optimize how timestamps are serialized and deserialized. (
#13
_) -
base64_decode
raisesBadData
when it is passed invalid data. (#27
_) - Ensure value is bytes when signing to avoid a
TypeError
on Python 3. (#29
_) - Add a
serializer_kwargs
argument toSerializer
, which is passed todumps
duringdump_payload
. (#36
_) - More compact JSON dumps for unicode strings. (
#38
_) Use the full timestamp rather than an offset, allowing dates before
- (
#46
_)
To retain compatibility with signers from previous versions, consider using
this shim <https://github.com/pallets/itsdangerous /issues/120#issuecomment-456913331>
_ when unsigning.- (
Detect a
sep
character that may show up in the signature itself and raise aValueError
. (#62
_)Use a consistent signature for keyword arguments for
Serializer.load_payload
in subclasses. (#74
,#75
)0๏ธโฃ Change default intermediate hash from SHA-1 to SHA-512. (
#80
_)Convert JWS exp header to an int when loading. (
#99
_)
.. _#13: https://github.com/pallets/itsdangerous/pull/13 .. _#27: https://github.com/pallets/itsdangerous/pull/27 .. _#29: https://github.com/pallets/itsdangerous/issues/29 .. _#36: https://github.com/pallets/itsdangerous/pull/36 .. _#38: https://github.com/pallets/itsdangerous/issues/38 .. _#46: https://github.com/pallets/itsdangerous/issues/46 .. _#62: https://github.com/pallets/itsdangerous/issues/62 .. _#74: https://github.com/pallets/itsdangerous/issues/74 .. _#75: https://github.com/pallets/itsdangerous/pull/75 .. _#80: https://github.com/pallets/itsdangerous/pull/80 .. _#99: https://github.com/pallets/itsdangerous/pull/99 .. _#107: https://github.com/pallets/itsdangerous/pull/107
-
v0.24 Changes
March 28, 2014๐ Released 2014-03-28
- ๐ป Added a
BadHeader
exception that is used for bad headers that replaces the oldBadPayload
exception that was reused in those cases.
- ๐ป Added a
-
v0.23 Changes
August 08, 2013๐ Released 2013-08-08
- โ Fixed a packaging mistake that caused the tests and license files to not be included.