All Versions
25
Latest Version
Avg Release Cycle
129 days
Latest Release
-

Changelog History
Page 3

  • v1.3 Changes

    ๐Ÿ›  Fixed

    
-  ECDSA (ES256, ES384, ES512) signatures are now being properly
   serialized `#158 <https://github.com/jpadilla/pyjwt/pull/158>`__
-  RSA-PSS (PS256, PS384, PS512) signatures now use the proper salt
   length for PSS padding.
   `#163 <https://github.com/jpadilla/pyjwt/pull/163>`__

โž• Added
    • Added a new jwt.get_unverified_header() to parse and return the header portion of a token prior to signature verification.

    โœ‚ Removed

    
- ๐Ÿ‘  Python 3.2 is no longer a supported platform. This version of Python
   is rarely used. Users affected by this should upgrade to 3.3+.

  • v1.2.0 Changes

    ๐Ÿ›  Fixed

    
-  Added back ``verify_expiration=`` argument to ``jwt.decode()`` that
   was erroneously removed in
   `v1.1.0 <https://github.com/jpadilla/pyjwt/compare/1.0.1...1.1.0>`__.

๐Ÿ”„ Changed
    • ๐Ÿ”จ Refactored JWS-specific logic out of PyJWT and into PyJWS superclass. #141 <https://github.com/jpadilla/pyjwt/pull/141>__

    ๐Ÿ—„ Deprecated

    
- ๐Ÿ—„  ``verify_expiration=`` argument to ``jwt.decode()`` is now deprecated
   and will be removed in a future version. Use the ``option=`` argument
   instead.

  • v1.1.0 Changes

    โž• Added

    
- ๐Ÿ‘  Added support for PS256, PS384, and PS512 algorithms.
   `#132 <https://github.com/jpadilla/pyjwt/pull/132>`__
-  Added flexible and complete verification options during decode.
   `#131 <https://github.com/jpadilla/pyjwt/pull/131>`__
-  Added this CHANGELOG.md file.

๐Ÿ—„ Deprecated
    • ๐Ÿ—„ Deprecated usage of the .decode(..., verify=False) parameter.

    ๐Ÿ›  Fixed

    
- ๐Ÿ›   Fixed command line encoding.
   `#128 <https://github.com/jpadilla/pyjwt/pull/128>`__

  • v1.0.1 Changes

    ๐Ÿ›  Fixed

    
-  Include jwt/contrib' and jwt/contrib/algorithms\` in setup.py so that
   they will actually be included when installing.
   `882524d <https://github.com/jpadilla/pyjwt/commit/882524d>`__
-  Fix bin/jwt after removing jwt.header().
   `bd57b02 <https://github.com/jpadilla/pyjwt/commit/bd57b02>`__

  • v1.0.0 Changes

    ๐Ÿ”„ Changed

    • ๐Ÿšš Moved jwt.api.header out of the public API. #85
    • โž• Added README details how to extract public / private keys from an x509 certificate. #100
    • ๐Ÿ”จ Refactor api.py functions into an object (PyJWT). #101
    • โž• Added support for PyCrypto and ecdsa when cryptography isn't available. #101

    ๐Ÿ›  Fixed

    • ๐Ÿ›  Fixed a security vulnerability where alg=None header could bypass signature verification. #109
    • ๐Ÿ›  Fixed a security vulnerability by adding support for a whitelist of allowed alg values jwt.decode(algorithms=[]). #110

    ๐Ÿš€ [unreleased]: https://github.com/jpadilla/pyjwt/compare/1.4.2...HEAD