All Versions
7
Latest Version
Avg Release Cycle
139 days
Latest Release
1906 days ago

Changelog History

  • v1.1.1 Changes

    July 28, 2016
    • ๐Ÿ›  Fixed handling of expiration exceptions during selection of decryption method (patch contributed by yuriikonovaliuk)
  • v1.1.0 Changes

    March 03, 2016
    • ๐Ÿ‘ Allowed to decrypt JWE compliant tokens (patch contributed by yuriikonovaliuk)

    Note: Tokens generated by encrypt are not JWE spec compliant. Prior to this patch decrypt was not able to decrypt JWE spec compliant tokens as well.

  • v1.0.0 Changes

    October 06, 2015
    • ๐Ÿ›  Fixed bug in authentication tag computation (patch contributed by jaimeperez)

    Important: This is a backwards incompatible change, in that tokens produced in this version will not be decipherable by tokens < 1.0.0. The jwe hash string used was changed to use an empty string rather than "." to fall in line with https://tools.ietf.org/html/rfc7518#section-5.2.2.1

  • v0.3.0 Changes

    April 10, 2015
    • ๐Ÿ›  Fixed critical JWT vulnerability (patch contributed by yuriikonovaliuk)

    Important: Only unencrypted tokens are vulnerable. This fix lead to backward incompatible change to verify function signature.

  • v0.2.2 Changes

    January 07, 2015
    • ๐Ÿ›  RFC compliance fixes (patch contributed by jaimeperez)

    Important: This change introduces a temporarily injected key (__v) in order to distinguish between legacy and newly issued tokens. This allows for the use of either token as to not break backwards compatibility and (possibly) ๐Ÿšš degrade user experience. This will be removed for v1.0.

    In order to verify whether or not clients are using a legacy token, the application code can verify whether or not the key "__v" is contained in the headers (this can be done after deserialize_compact). The existence of the key identifies a newly created token.

  • v0.2.1 Changes

    November 24, 2014
    • ๐Ÿ“Œ Unpinned pycrypto dependency (patch contributed by kuba)
    • โž• Added CLI exposing "decrypt" command
    • โž• Added custom exceptions, making client error handling easier
  • v0.1 Changes

    April 16, 2014
    • ๐ŸŽ‰ Initial release