Skip to content

Releases: potatosalad/erlang-jose

1.11.10 (2024-04-17)

17 Apr 17:15
1.11.10
eb6de2c
Compare
Choose a tag to compare
  • Fixes
    • Various type spec fixes; see #165 and #166.

1.11.8 (2024-04-07)

07 Apr 17:15
1.11.8
a352bb5
Compare
Choose a tag to compare
  • Fixes
    • Removes use of dynamic() type spec so OTP 24 and OTP 25 are still supported for now.

1.11.7 (2024-04-07)

07 Apr 17:06
1.11.7
718d213
Compare
Choose a tag to compare
  • Security Patches
    • CVE-2023-50966: Add jose:pbes2_count_maximum/0. By default, the maximum iterations are set to 10,000 and it will raise an error if p2c is larger than this value.
  • Changes
    • Declare Poison as an optional dependency, thanks to [@lnikkila][https://github.com/lnikkila]; see #144.
    • Ensure jiffy:encode/1 returns a binary, thanks to @ssepml; see #145.
    • Various type spec additions and dialyzer/dialyxir integrations, thanks to @whatyouhide and @maennchen.
    • Doc updates and fixes, thanks to @aymanosman and @adamu; see #158 and #159.

1.11.6 (2023-07-18)

18 Jul 19:21
1.11.6
7cdd2cd
Compare
Choose a tag to compare

1.11.6 (2023-07-18)

  • Fixes
    • Use sha256 instead of sha when validating RSA signing supportability, thanks to @pavledjo; see #142.

1.11.5 (2022-12-16)

16 Dec 18:44
1.11.5
e0110a1
Compare
Choose a tag to compare
  • Fixes
    • Remove dependency on parse_transform for jose_base64 and jose_base64url.

1.11.4 (2022-12-15)

16 Dec 02:56
1.11.4
5f2c32f
Compare
Choose a tag to compare
  • Enhancements
    • Add support for native crypto operations for Ed25519 and Ed448, thanks to @brettbeatty; see #123.
    • Add support for native crypto operations for ChaCha20-Poly1305 and XChaCha20-Poly1305, when available.
    • Add support for libsodium operations for XChaCha20-Poly1305, when available.
    • Add support for thoas JSON encode/decode, thanks to @michaelklishin; see #126.
    • Add support for ES256K which uses the secp256k1 curve and RS1 signatures (see 291dbb8).
    • Add support for ECDH-1PU JOSE.JWK.box_encrypt_ecdh_1pu and ECDH-ES JOSE.JWK.box_encrypt_ecdh_es and document the deprecated JOSE.JWK.box_encrypt.
    • Add support for ECDH-SS JOSE.JWK.box_encrypt_ecdh_ss.
    • Hide kty field when inspecting %JOSE.JWK{} strict, thanks to @spencerdcarlson; see #139
  • Fixes
    • Version mismatch causing rebar3 to constantly try to update; see #122.
    • Fix Ed25519 and Ed448 key DER/PEM encode/decode for OTP 25.
    • Fix Ed25519ctx, Ed25519ph, Ed448, and Ed448ph when dealing with contexts so the implementation matches IETF RFC 8032.
    • Drop direct usage of crypto:hmac/4, thanks to @thalesmg; see #136
    • Replace incorrect usage of -include_lib with -include, thanks to @Richiban; see #140
    • Update the CI jobs so they actually run the Elixir tests, thanks to @moogle19; see #137
    • Change the master branch to main.

1.10.1 (2020-01-08)

08 Jan 20:12
Compare
Choose a tag to compare
  • Fixes
    • Add PEM/DER compatibility layer for PKCS-8 incompatibilities with various versions of OTP, crypto, and public_key; see #82

1.10.0 (2020-01-03)

03 Jan 21:11
Compare
Choose a tag to compare
  • Enhancements

    • Remove base64url dependency and include embedded version.
    • Add support for C20P and XC20P encryption based on draft-amringer-jose-chacha (ChaCha20/Poly1305 and XChaCha20/Poly1305).
    • Add support for ECDH-ES keywrapping for AES-GCM, ChaCha20/Poly1305, and XChaCha20/Poly1305.
    • Add support for PBES2 keywrapping for AES-GCM, ChaCha20/Poly1305, and XChaCha20/Poly1305.
    • Add support for ECDH-1PU encryption based on draft-madden-jose-ecdh-1pu.
    • Add support for reading/writing DER format (or PKCS8 format).
  • Fixes

    • Fix PSS salt length (thanks to @ntrepid8, see #65)
    • Speed up and stabilize tests on CI environment.

1.9.0 (2018-12-31)

31 Dec 15:53
Compare
Choose a tag to compare
  • Enhancements

    • Add support for Jason JSON encoding and decoding.
    • Add support for Poison 4.x and lexical ordering.
    • Use public_key over cutkey for RSA key generation if available.
    • Drop support for older versions of OTP (19+ now required).
    • Relicense library under MIT license.
  • Fixes

    • Add macro so the application compiles without warnings after erlang:get_stacktrace/0 has been deprecated.
    • Extra sanity check for RSA padding modes when falling back.

1.8.4 (2017-05-18)

19 May 01:52
f8f97fb
Compare
Choose a tag to compare
  • Enhancements
    • Add support for reading and writing PEM files for Ed25519, Ed448, X25519, and X448 keys based on draft-ietf-curdle-pkix.
    • Add support for ojson adapter for encoding/decoding JSON.