775ac7b58c
you must login with an BTP account in order to see the app
1.4 KiB
1.4 KiB
Change Log
All notable changes to this project will be documented in this file.
[3.0.0]
Changed
- BREAKING:
jwt.verify
now requires analgorithm
parameter, andjws.createVerify
requires analgorithm
option. The"alg"
field signature headers is ignored. This mitigates a critical security flaw in the library which would allow an attacker to generate signatures with arbitrary contents that would be accepted byjwt.verify
. See https://auth0.com/blog/2015/03/31/critical-vulnerabilities-in-json-web-token-libraries/ for details.
2.0.0 - 2015-01-30
Changed
-
BREAKING: Default payload encoding changed from
binary
toutf8
.utf8
is a is a more sensible default thanbinary
because many payloads, as far as I can tell, will contain user-facing strings that could be in any language. (6b6de48
) -
Code reorganization, thanks @fearphage! (
7880050
)
Added
- Option in all relevant methods for
encoding
. For those few users that might be depending on abinary
encoding of the messages, this is for them. (6b6de48
)