Releases: jwt/ruby-jwt
Releases · jwt/ruby-jwt
jwt-2.10.2
jwt-3.1.2
jwt-3.1.1
jwt-3.1.0
v3.1.0 (2025-06-23)
Features:
- Add support for x5t header parameter for X.509 certificate thumbprint verification #669 (@hieuk09)
- Raise an error if the ECDSA signing or verification key is not an instance of
OpenSSL::PKey::EC#688 (@anakinj) - Allow
OpenSSL::PKey::EC::Pointto be used as the verification key in ECDSA #689 (@anakinj) - Require claims to have been verified before accessing the
JWT::EncodedToken#payload#690 (@anakinj) - Support signing and verifying tokens using a JWK #692 (@anakinj)
jwt-3.0.0
v3.0.0 (2025-06-14)
Breaking changes:
- Require token signature to be verified before accessing payload #648 (@anakinj)
- Drop support for the HS512256 algorithm #650 (@anakinj)
- Remove deprecated claim verification methods #654 (@anakinj)
- Remove dependency to rbnacl #655 (@anakinj)
- Support only stricter base64 decoding (RFC 4648) #658 (@anakinj)
- Custom algorithms are required to include
JWT::JWA::SigningAlgorithm#660 (@anakinj) - Require RSA keys to be at least 2048 bits #661 (@anakinj)
- Base64 encode and decode the k value for HMAC JWKs #662 (@anakinj)
Take a look at the upgrade guide for more details.
Features:
- JWT::EncodedToken#verify! method that bundles signature and claim validation #647 (@anakinj)
- Do not override the alg header if already given #659 (@anakinj)
- Make
JWK::KeyFindercompatible withJWT::EncodedToken#663 (@anakinj)
Fixes and enhancements:
jwt-3.0.0.beta1
v3.0.0-beta1 (2025-01-25)
Breaking changes:
- Require token signature to be verified before accessing payload #648 (@anakinj)
- Drop support for the HS512256 algorithm #650 (@anakinj)
- Remove deprecated claim verification methods #654 (@anakinj)
- Remove dependency to rbnacl #655 (@anakinj)
- Support only stricter base64 decoding (RFC 4648) #658 (@anakinj)
- Custom algorithms are required to include
JWT::JWA::SigningAlgorithm#660 (@anakinj) - Require RSA keys to be at least 2048 bits #661 (@anakinj)
- Base64 encode and decode the k value for HMAC JWKs #662 (@anakinj)
Take a look at the upgrade guide for more details.
Features:
- JWT::EncodedToken#verify! method that bundles signature and claim validation #647 (@anakinj)
- Do not override the alg header if already given #659 (@anakinj)
- Make
JWK::KeyFindercompatible withJWT::EncodedToken#663 (@anakinj)
Fixes and enhancements:
jwt-2.10.1
v2.10.1 (2024-12-26)
Fixes and enhancements:
jwt-2.10.0
v2.10.0 (2024-12-25)
Features:
- JWT::Token and JWT::EncodedToken for signing and verifying tokens #621 (@anakinj)
- Detached payload support for JWT::Token and JWT::EncodedToken #630 (@anakinj)
- Skip decoding payload if b64 header is present and false #631 (@anakinj)
- Remove a few custom Rubocop configs #638 (@anakinj)
Fixes and enhancements:
- Deprecation warnings for deprecated methods and classes #629 (@anakinj)
- Improved documentation for public apis #629 (@anakinj)
- Use correct methods when raising error during signing/verification with EdDSA #633
- Fix JWT::EncodedToken behavior with empty string as token #640 (@ragalie)
- Deprecation warnings for rbnacl backed functionality #641 (@anakinj)