Version 2.1.1

Contains fix for bug #142: preserves integers when normalizing JWT claims (fixed in #143).

Version 2.1.0

Notable changes
Support for custom/extra header values (#136) thanks to @hlandau. This is a slight change to the v2 interface, so the minor version has been bumped. Also includes a bug fix for symmetric keys to produce JWS objects (#139) thanks to @b1v1r.

Version 2.0.1

Notable changes
Support for nested (encrypted and signed) tokens in jwt package (#125)
Support for non-pointer JSONWebKey in base package (#124)

Version 2.0.0

Cleaner interface
The API for the base package has been reworked. In particular, encrypter/signer/decrypter/verifier objects are now immutable. An options struct can be passed to set various options when creating the object now. This is a bit more flexible and should make it easier to add new things in the future.

Support for JWT
Thanks to @shaxbee, go-jose now includes a new jwt sub-package with functions for dealing with encrypted/signed JWTs. See the documentation for the jwt package for more information.

Version 1.1.0

Fixes and improvements

• Add new VerifyMulti function to verify multi-signature JWS objects. The existing Verify function has been changed to only accept single-signature objects. This ensures that callers do not accidentally accept multi-signature objects in contexts where they are not expected (#111, 2c5656a).
• Add new DecryptMulti function to decrypt multi-recipient JWE messages. The existing Decrypt function has been changed to only accept single-recipient messages. This ensures callers do not accidentally accept multi-recipient messages in contexts where they are not expected (#111, 2c5656a).
• Add checks when deserializing JWS objects to ensure that any embedded JWK (if present) is valid and represents a public key (not private/symmetric key) as per spec. This is to ensure that callers don't accidentally end up accepting embedded JWKs that represent symmetric/private keys (#112, e8e21a9).

Note that this represents a subtle API change, as the Decrypt and Verify functions are now stricter than before and only accept single-signature/single-recipient inputs. To reflect this change, the minor version has been bumped.

Version 1.0.5

Security fixes
Cast all size calculations to uint64 to avoid int overflows on 32-bit architectures (789a4c4)

Other changes
Proper import paths on v1 branch to fix build (3bd67f4)

Version 1.0.4

Security fixes
For ECDH-ES key derivation (in JWE), ensure that received public key (from an "epk" header field on an encrypted message) is on expected elliptic curve before performing any cryptographic operations. This also adds various sanity checks for EC keys other places, e.g. when parsing JWK blobs with embedded EC keys. See commits c758193, 03c5c6e, d163d44.

Other changes
Fix expand command in jose-util (c18180c)
Remove support for std_json build tag (1f36a88)

Version 1.0.3

Notable changes
Added basic support for x5c header in JWKs (7cd6062)

Version 1.0.2

Notable changes
Switch jose-util to use alecthomas/kingpin for flag parsing (15af859)
Add JsonWebKey.Valid method to check key validity (h/t @rolandshoemaker, d2a8471)

Version 1.0.1

Notable changes
Allow setting kid header for symmetric signers (860ab58, see also #85)