From 45e5dabc47becbb4ee55b500c6b9e6ca48deb022 Mon Sep 17 00:00:00 2001 From: Kevin Glowacz Date: Wed, 11 May 2016 11:42:27 -0500 Subject: [PATCH] v2.0.0 --- CHANGELOG.md | 9 ++++++++- README.md | 2 +- VERSION | 2 +- 3 files changed, 10 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index d6d5d970..9849c3f7 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,10 @@ +# 2.0.0 (2016-05-11) +- IMPORTANT: 2.0.0 is backwards incompatible with the default settings of v1.x + v2.0.0 always includes the http method in the canonical string. + You can use the upgrade strategy in v1.4.x and above to migrate to v2.0.0 + without any down time. Please see the 1.4.0 release nodes for more info +- Added support for other digest algorithms like SHA-256 (#98 fwininger) + # 1.5.0 (2016-01-21) - Added a sign_with_http_method configuration option to the ActiveResource rails tie to correspond to passing the `:with_http_method => true` into @@ -7,7 +14,7 @@ - Fixed an issue where getters wouldn't immediately have the correct value after setting a date or content md5 in some of the request drivers (#91) -# 1.4 (2015-12-16) +# 1.4.0 (2015-12-16) ## IMPORTANT SECURITY FIX (with backwards compatible fallback) diff --git a/README.md b/README.md index 93ce24d8..420c6e4f 100644 --- a/README.md +++ b/README.md @@ -2,7 +2,7 @@ [![Build Status](https://travis-ci.org/mgomes/api_auth.png?branch=master)](https://travis-ci.org/mgomes/api_auth) -## IMPORTANT: See [CHANGELOG.md](/CHANGELOG.md) for security update information +## IMPORTANT: v2.0.0 is backwards incompatible with the default settings of v1.x to address a security vulnerability. See [CHANGELOG.md](/CHANGELOG.md) for security update information. Logins and passwords are for humans. Communication between applications need to be protected through different means. diff --git a/VERSION b/VERSION index ce083fb2..227cea21 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -2.0.0.pre +2.0.0