All notable changes to this project will be documented in this file.
The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.
2.5.0 - 2022-04-13
- Local Code Execution through Argument Injection via dash leading git url parameter in Gemfile CVE-2021-43809.
- Dependency Confusion in Bundler CVE-2020-36327.
- Insecure path handling in Bundler CVE-2019-3881.
- Using Bundler 2.3.11.
- Using
Time.current
instead ofTime.now
to work with timezones PR 34. - Caching certificates on memory using
Thread
to avoid unnecessary calls into Redis PR 33.
2.4.0 - 2020-05-02
- Rake development dependency vulnerability CVE-2020-8130.
- Using Bundler 1.17.2.
- Ability to raise errors when verifying tokens.
FirebaseIdToken::Certificates.find!
method.FirebaseIdToken::Signatures.verify!
method.FirebaseIdToken::Exceptions::CertificateNotFound
exception.:raise_error
option toFirebaseIdToken::Signature.verify
.CHANGELOG.md
file.
2.3.2 - 2020-02-15
- Certificate fixture not accessible when packing Gem into Rails application.
- Bumped Bundler version to 1.14.
2.3.1 - 2019-08-13
- Certificate fixture reading issue.
- Test mode.
- Test mode documentation.
2.3.0 - 2018-06-18
- Started to use Semantic Versioning.
- Runtime dependencies versions upgraded.
- Use Redis
>= 3.3.3
.
Nothing tracked, release skipped.
2.1.0 - 2018-04-09
FirebaseIdToken::Signature.verify
now returnsnil
for newly issued tokens.
2.0.0 - 2017-12-09
- Typo on Rake task
force_request
name.
1.3.0 - 2017-09-15
- Renamed
Certificates.request_anyway
toCertificates.request!
(Certificates.request_anyway
was kept for backwards compatibility.
- Documentaiton typos.
- Initializer typos.
1.2.2 - 2017-04-29
- Recommended people to use cron tasks instead of background jobs.
- Set certificates TTL based on cache-control's max-age.
- Documentation now warns about request during application start in Rails.
- Documentation typos.
1.2.1 - 2017-04-27
- Small improvements on documentation.
- The Gem was marked as "ready to use".
Nothing tracked.
Version removed.
Version removed.