UNPKG

http-signature/CHANGES.md

Version:

2.25 kBMarkdownView Raw

1# node-http-signature changelog
2
3## not yet released
4
5(nothing yet)
6
7## 1.3.6
8
9* Update jsprim due to vulnerability in json-schema (#123)
10
11## 1.3.5
12
13* Add keyPassphrase option to signer (#115)
14* Add support for created and expires values (#110)
15
16## 1.3.4
17
18* Fix breakage in v1.3.3 with the setting of the "algorithm" field in the
19  Authorization header (#102)
20
21## 1.3.3
22
23**Bad release. Use 1.3.4.**
24
25* Add support for an opaque param in the Authorization header (#101)
26* Add support for adding the keyId and algorithm params into the signing string (#100)
27
28## 1.3.2
29
30* Allow Buffers to be used for verifyHMAC (#98)
31
32## 1.3.1
33
34* Fix node 0.10 usage (#90)
35
36## 1.3.0
37
38**Known issue:** This release broken http-signature with node 0.10.
39
40* Bump dependency `sshpk`
41* Add `Signature` header support (#83)
42
43## 1.2.0
44
45* Bump dependency `assert-plus`
46* Add ability to pass a custom header name
47* Replaced dependency `node-uuid` with `uuid`
48
49## 1.1.1
50
51* Version of dependency `assert-plus` updated: old version was missing
52  some license information
53* Corrected examples in `http_signing.md`, added auto-tests to
54  automatically validate these examples
55
56## 1.1.0
57
58* Bump version of `sshpk` dependency, remove peerDependency on it since
59  it now supports exchanging objects between multiple versions of itself
60  where possible
61
62## 1.0.2
63
64* Bump min version of `jsprim` dependency, to include fixes for using
65  http-signature with `browserify`
66
67## 1.0.1
68
69* Bump minimum version of `sshpk` dependency, to include fixes for
70  whitespace tolerance in key parsing.
71
72## 1.0.0
73
74* First semver release.
75* #36: Ensure verifySignature does not leak useful timing information
76* #42: Bring the library up to the latest version of the spec (including the
77       request-target changes)
78* Support for ECDSA keys and signatures.
79* Now uses `sshpk` for key parsing, validation and conversion.
80* Fixes for #21, #47, #39 and compatibility with node 0.8
81
82## 0.11.0
83
84* Split up HMAC and Signature verification to avoid vulnerabilities where a
85  key intended for use with one can be validated against the other method
86  instead.
87
88## 0.10.2
89
90* Updated versions of most dependencies.
91* Utility functions exported for PEM => SSH-RSA conversion.
92* Improvements to tests and examples.

1	`# node-http-signature changelog`
2
3	`## not yet released`
4
5	`(nothing yet)`
6
7	`## 1.3.6`
8
9	`* Update jsprim due to vulnerability in json-schema (#123)`
10
11	`## 1.3.5`
12
13	`* Add keyPassphrase option to signer (#115)`
14	`* Add support for created and expires values (#110)`
15
16	`## 1.3.4`
17
18	`* Fix breakage in v1.3.3 with the setting of the "algorithm" field in the`
19	`Authorization header (#102)`
20
21	`## 1.3.3`
22
23	`Bad release. Use 1.3.4.`
24
25	`* Add support for an opaque param in the Authorization header (#101)`
26	`* Add support for adding the keyId and algorithm params into the signing string (#100)`
27
28	`## 1.3.2`
29
30	`* Allow Buffers to be used for verifyHMAC (#98)`
31
32	`## 1.3.1`
33
34	`* Fix node 0.10 usage (#90)`
35
36	`## 1.3.0`
37
38	`Known issue: This release broken http-signature with node 0.10.`
39
40	* Bump dependency `sshpk`
41	* Add `Signature` header support (#83)
42
43	`## 1.2.0`
44
45	* Bump dependency `assert-plus`
46	`* Add ability to pass a custom header name`
47	* Replaced dependency `node-uuid` with `uuid`
48
49	`## 1.1.1`
50
51	* Version of dependency `assert-plus` updated: old version was missing
52	`some license information`
53	* Corrected examples in `http_signing.md`, added auto-tests to
54	`automatically validate these examples`
55
56	`## 1.1.0`
57
58	* Bump version of `sshpk` dependency, remove peerDependency on it since
59	`it now supports exchanging objects between multiple versions of itself`
60	`where possible`
61
62	`## 1.0.2`
63
64	* Bump min version of `jsprim` dependency, to include fixes for using
65	http-signature with `browserify`
66
67	`## 1.0.1`
68
69	* Bump minimum version of `sshpk` dependency, to include fixes for
70	`whitespace tolerance in key parsing.`
71
72	`## 1.0.0`
73
74	`* First semver release.`
75	`* #36: Ensure verifySignature does not leak useful timing information`
76	`* #42: Bring the library up to the latest version of the spec (including the`
77	`request-target changes)`
78	`* Support for ECDSA keys and signatures.`
79	* Now uses `sshpk` for key parsing, validation and conversion.
80	`* Fixes for #21, #47, #39 and compatibility with node 0.8`
81
82	`## 0.11.0`
83
84	`* Split up HMAC and Signature verification to avoid vulnerabilities where a`
85	`key intended for use with one can be validated against the other method`
86	`instead.`
87
88	`## 0.10.2`
89
90	`* Updated versions of most dependencies.`
91	`* Utility functions exported for PEM => SSH-RSA conversion.`
92	`* Improvements to tests and examples.`