All Versions
Latest Version
Avg Release Cycle
252 days
Latest Release

Changelog History
Page 1

  • v2.2.0 Changes

    ๐Ÿš€ Unreleased

  • v2.1.2 Changes

    ๐Ÿš€ Released 2022-03-24

    • Handle date overflow in timed unsign on 32-bit systems. :pr:299
  • v2.1.1 Changes

    ๐Ÿš€ Released 2022-03-09

    • Handle date overflow in timed unsign. :pr:296
  • v2.1.0 Changes

    ๐Ÿš€ Released 2022-02-17

    • ๐Ÿ‘ Drop support for Python 3.6. :pr:272
    • ๐Ÿšš Remove previously deprecated code. :pr:273

      • JWS functionality: Use a dedicated library such as Authlib instead.
      • import itsdangerous.json: Import json from the standard library instead.
  • v2.0.1 Changes

    ๐Ÿš€ Released 2021-05-18

    • Mark top-level names as exported so type checking understands imports in user projects. :pr:240
    • The salt argument to Serializer and Signer can be None again. :issue:237
  • v2.0.0 Changes

    ๐Ÿš€ Released 2021-05-11

    • ๐Ÿ‘ Drop support for Python 2 and 3.5.
    • ๐Ÿ‘ JWS support (JSONWebSignatureSerializer, TimedJSONWebSignatureSerializer) is deprecated. Use a dedicated JWS/JWT library such as authlib instead. :issue:129
    • ๐Ÿ—„ Importing itsdangerous.json is deprecated. Import Python's json module instead. :pr:152
    • Simplejson is no longer used if it is installed. To use a different library, pass it as Serializer(serializer=...). :issue:146
    • datetime values are timezone-aware with timezone.utc. Code using TimestampSigner.unsign(return_timestamp=True) or BadTimeSignature.date_signed may need to change. :issue:150
    • If a signature has an age less than 0, it will raise SignatureExpired rather than appearing valid. This can happen if the timestamp offset is changed. :issue:126
    • BadTimeSignature.date_signed is always a datetime object rather than an int in some cases. :issue:124
    • ๐Ÿ‘ Added support for key rotation. A list of keys can be passed as secret_key, oldest to newest. The newest key is used for signing, all keys are tried for unsigning. :pr:141
    • ๐Ÿšš Removed the default SHA-512 fallback signer from default_fallback_signers. :issue:155
    • Add type information for static typing tools. :pr:186
  • v1.1.0 Changes

    October 27, 2018

    ๐Ÿš€ Released 2018-10-26

    • 0๏ธโƒฃ Change default signing algorithm back to SHA-1. (#113_)
    • 0๏ธโƒฃ Added a default SHA-512 fallback for users who used the yanked 1.0.0 release which defaulted to SHA-512. (#114_)
    • ๐Ÿ‘ Add support for fallback algorithms during deserialization to support changing the default in the future without breaking existing signatures. (#113_)
    • ๐Ÿ“ฆ Changed capitalization of packages back to lowercase as the change in capitalization broke some tooling. (#113_)

    .. _#113: .. _#114:

  • v1.0.0 Changes

    October 18, 2018

    ๐Ÿš€ Released 2018-10-18


    Note: This release was yanked from PyPI because it changed the default โช algorithm to SHA-512. This decision was reverted in 1.1.0 and it remains at SHA1.

    • ๐Ÿ‘ Drop support for Python 2.6 and 3.3.
    • ๐Ÿ”จ Refactor code from a single module to a package. Any object in the API docs is still importable from the top-level itsdangerous name, but other imports will need to be changed. A future release will remove many of these compatibility imports. (#107_)
    • โšก๏ธ Optimize how timestamps are serialized and deserialized. (#13_)
    • base64_decode raises BadData when it is passed invalid data. (#27_)
    • Ensure value is bytes when signing to avoid a TypeError on Python 3. (#29_)
    • Add a serializer_kwargs argument to Serializer, which is passed to dumps during dump_payload. (#36_)
    • More compact JSON dumps for unicode strings. (#38_)
    • Use the full timestamp rather than an offset, allowing dates before

      1. (#46_)

      To retain compatibility with signers from previous versions, consider using this shim < /issues/120#issuecomment-456913331>_ when unsigning.

    • Detect a sep character that may show up in the signature itself and raise a ValueError. (#62_)

    • Use a consistent signature for keyword arguments for Serializer.load_payload in subclasses. (#74, #75)

    • 0๏ธโƒฃ Change default intermediate hash from SHA-1 to SHA-512. (#80_)

    • Convert JWS exp header to an int when loading. (#99_)

    .. _#13: .. _#27: .. _#29: .. _#36: .. _#38: .. _#46: .. _#62: .. _#74: .. _#75: .. _#80: .. _#99: .. _#107:

  • v0.24 Changes

    March 28, 2014

    ๐Ÿš€ Released 2014-03-28

    • ๐Ÿ‘ป Added a BadHeader exception that is used for bad headers that replaces the old BadPayload exception that was reused in those cases.
  • v0.23 Changes

    August 08, 2013

    ๐Ÿš€ Released 2013-08-08

    • โœ… Fixed a packaging mistake that caused the tests and license files to not be included.