Skip to content

Latest commit

 

History

History
468 lines (339 loc) · 27.5 KB

CHANGELOG.md

File metadata and controls

468 lines (339 loc) · 27.5 KB

Change Log

4.5.0 (2025-01-22)

Full Changelog

Added

Fixed

  • empty expected audience array should throw InvalidClaimException #679 (jimmyjames)

4.4.0 (2023-03-31)

Full Changelog

Changed

4.3.0 (2023-02-10)

Full Changelog

Changed

  • Improve JWT parse/decode performance #620 (noetro)

Fixed

4.2.2 (2023-01-11)

Full Changelog

This patch release does not contain any functional changes, but is being released using an updated signing key for verification as part of our commitment to best security practices. Please review the README note for additional details.

4.2.1 (2022-10-24)

Full Changelog

Security

4.2.0 (2022-10-19)

Full Changelog

Changed

Fixed

4.1.0 (2022-10-06)

Full Changelog

⚠️ BREAKING CHANGES

Added

Changed

Fixed

4.0.0 (2022-06-24)

Full Changelog

This is a major release and contains breaking changes!

  • Check the Migration Guide to understand the changes required to migrate your application to v4.

Main features

  • Predicates based claim verification
  • Support for Instant API and Lambda functions
  • Improved Exceptions API
  • Consistent null handling

See the changelog entries for additional details.

4.0.0-beta.0 (2022-05-06)

Full Changelog

💡 Check the Migration Guide to understand the changes required to migrate your application to v4.

Added

Changed

Deprecated

Removed

Fixed

Security

  • Updated documentation regarding HMAC Key length #580 (poovamraj)

Breaking changes

3.19.2 (2022-05-05)

Full Changelog

Security

  • [SDK-3311] Added protection against CVE-2022-21449 #579 (poovamraj)

3.19.1 (2022-03-30)

Full Changelog

Security

  • Security: Bump jackson-databind to 2.13.2.2 #566 (evansims)

3.19.0 (2022-03-14)

Full Changelog

Deprecated

Fixed

Security

  • Bump jackson-databind dependency to 2.13.2 #542 (evansims)

3.18.3 (2022-01-13)

Full Changelog

Security

3.18.2 (2021-09-16)

Full Changelog

Fixed

3.18.1 (2021-07-06)

Full Changelog

Fixed

3.18.0 (2021-07-05)

Full Changelog

Changed

3.17.0 (2021-06-25)

Full Changelog

Added

3.16.0 (2021-05-10)

Full Changelog

Changed

3.15.0 (2021-04-05)

Full Changelog

Changed

3.14.0 (2021-02-26)

Full Changelog

Added

3.13.0 (2021-02-05)

Full Changelog

Added

  • Add ability to verify audience contains at least one of those expected #472 (jimmyjames)
  • Add toString to Claim objects [SDK-2225] #469 (jimmyjames)

3.12.1 (2021-01-20)

Full Changelog

Changed

3.12.0 (2020-12-18)

Full Changelog

Changed

  • Thread-safe classes should be Shared statically #462 (LeeHainie)

Security

Breaking changes

3.11.0 (2020-09-25)

Full Changelog

Added

Fixed

3.10.3 (2020-04-24)

Full Changelog

Fixed

3.10.2 (2020-03-27)

Full Changelog

Fixed

3.10.1 (2020-03-13)

Full Changelog

Changed

Security

3.10.0 (2020-02-14)

Full Changelog Closed issues

  • NullPointerException when the claim doesn't exist in the token #384

Added

Changed

Fixed

3.9.0 (2020-01-02)

Full Changelog

Added

Fixed

  • Fixing JwtCreator builder when setting headers as a map #320 (maxbalan)

3.8.3 (2019-09-25)

Full Changelog

Security

  • Fix: updated jackson-databind to 2.10.0.pr3 to block CVE #356 (danbrodsky)

3.8.2 (2019-08-15)

Full Changelog

Security

  • Fix: updated jackson-databind to 2.9.9.3 to block CVE #347 (danbrodsky)

3.8.1 (2019-05-22)

Full Changelog

Security

3.8.0 (2019-03-14)

Full Changelog

Added

3.7.0 (2019-01-29)

Full Changelog

Added

3.6.0 (2019-01-24)

Full Changelog

Added

3.5.0 (2019-01-03)

Full Changelog

Added

Changed

Fixed

  • Remove unnecessary cast between long/double and floor call #296 (jhorstmann)

Security

3.4.1 (2018-10-24)

Full Changelog

Security

3.4.0 (2018-06-13)

Full Changelog

Breaking Changes

  • Fix for #236 - refactored HMACAlgorithm so that it doesn't throw an UnsupportedEncodingException #242 (obecker).

Clients using the following methods may need to update their code to not catch an UnsupportedEncodingException:

  • public static Algorithm HMAC384(String secret)
  • public static Algorithm HMAC256(String secret)
  • public static Algorithm HMAC512(String secret)

Changed

  • Throw JWTDecodeException when date claim format is invalid #241 (lbalmaceda)

Security

3.3.0 (2017-11-06)

Full Changelog Closed issues

  • Wrong ES256 signature length #187

Fixed

3.2.0 (2017-05-04)

Full Changelog Closed issues

  • Claim.isNull() returns true for JSON Object constructed claims #160
  • Incorrectly rejects whitespace after JSON header as invalid #144
  • No token type #136
  • Timestamps are limited by Integer/int to 2038-01-19T04:14:07.000+0100 #132

Added

Changed

Fixed

3.1.0 (2017-01-04)

Full Changelog

Added

3.0.2 (2016-12-13)

Full Changelog

Fixed

3.0.1 (2016-12-05)

Full Changelog

Update to allow sync with Maven Central

3.0.0 (2016-12-05)

Reimplemented java-jwt to improve API and include more signing algorithms

Installation

Maven

<dependency>
    <groupId>com.auth0</groupId>
    <artifactId>java-jwt</artifactId>
    <version>3.0.0</version>
</dependency>

Gradle

compile 'com.auth0:java-jwt:3.0.0'

Available Algorithms

The library implements JWT Verification and Signing using the following algorithms:

JWS Algorithm Description
HS256 HMAC256 HMAC with SHA-256
HS384 HMAC384 HMAC with SHA-384
HS512 HMAC512 HMAC with SHA-512
RS256 RSA256 RSASSA-PKCS1-v1_5 with SHA-256
RS384 RSA384 RSASSA-PKCS1-v1_5 with SHA-384
RS512 RSA512 RSASSA-PKCS1-v1_5 with SHA-512
ES256 ECDSA256 ECDSA with curve P-256 and SHA-256
ES384 ECDSA384 ECDSA with curve P-384 and SHA-384
ES512 ECDSA512 ECDSA with curve P-521 and SHA-512