1 | # node-http-signature changelog
|
2 |
|
3 | ## not yet released
|
4 |
|
5 | (nothing yet)
|
6 |
|
7 | ## 1.3.6
|
8 |
|
9 | * Update jsprim due to vulnerability in json-schema (#123)
|
10 |
|
11 | ## 1.3.5
|
12 |
|
13 | * Add keyPassphrase option to signer (#115)
|
14 | * Add support for created and expires values (#110)
|
15 |
|
16 | ## 1.3.4
|
17 |
|
18 | * Fix breakage in v1.3.3 with the setting of the "algorithm" field in the
|
19 | Authorization header (#102)
|
20 |
|
21 | ## 1.3.3
|
22 |
|
23 | **Bad release. Use 1.3.4.**
|
24 |
|
25 | * Add support for an opaque param in the Authorization header (#101)
|
26 | * Add support for adding the keyId and algorithm params into the signing string (#100)
|
27 |
|
28 | ## 1.3.2
|
29 |
|
30 | * Allow Buffers to be used for verifyHMAC (#98)
|
31 |
|
32 | ## 1.3.1
|
33 |
|
34 | * Fix node 0.10 usage (#90)
|
35 |
|
36 | ## 1.3.0
|
37 |
|
38 | **Known issue:** This release broken http-signature with node 0.10.
|
39 |
|
40 | * Bump dependency `sshpk`
|
41 | * Add `Signature` header support (#83)
|
42 |
|
43 | ## 1.2.0
|
44 |
|
45 | * Bump dependency `assert-plus`
|
46 | * Add ability to pass a custom header name
|
47 | * Replaced dependency `node-uuid` with `uuid`
|
48 |
|
49 | ## 1.1.1
|
50 |
|
51 | * Version of dependency `assert-plus` updated: old version was missing
|
52 | some license information
|
53 | * Corrected examples in `http_signing.md`, added auto-tests to
|
54 | automatically validate these examples
|
55 |
|
56 | ## 1.1.0
|
57 |
|
58 | * Bump version of `sshpk` dependency, remove peerDependency on it since
|
59 | it now supports exchanging objects between multiple versions of itself
|
60 | where possible
|
61 |
|
62 | ## 1.0.2
|
63 |
|
64 | * Bump min version of `jsprim` dependency, to include fixes for using
|
65 | http-signature with `browserify`
|
66 |
|
67 | ## 1.0.1
|
68 |
|
69 | * Bump minimum version of `sshpk` dependency, to include fixes for
|
70 | whitespace tolerance in key parsing.
|
71 |
|
72 | ## 1.0.0
|
73 |
|
74 | * First semver release.
|
75 | * #36: Ensure verifySignature does not leak useful timing information
|
76 | * #42: Bring the library up to the latest version of the spec (including the
|
77 | request-target changes)
|
78 | * Support for ECDSA keys and signatures.
|
79 | * Now uses `sshpk` for key parsing, validation and conversion.
|
80 | * Fixes for #21, #47, #39 and compatibility with node 0.8
|
81 |
|
82 | ## 0.11.0
|
83 |
|
84 | * Split up HMAC and Signature verification to avoid vulnerabilities where a
|
85 | key intended for use with one can be validated against the other method
|
86 | instead.
|
87 |
|
88 | ## 0.10.2
|
89 |
|
90 | * Updated versions of most dependencies.
|
91 | * Utility functions exported for PEM => SSH-RSA conversion.
|
92 | * Improvements to tests and examples.
|