Crypt-JWT
9 results

 view release on metacpan or  search on metacpan

Changes  view on Meta::CPAN 

Changes for Crypt-JWT distribution

0.038   2026-05-16
        - SECURITY:
            * constant-time MAC compare;
            * enforce JWK alg/use/key_ops and EC alg/crv consistency;
            * reject mixed-symmetry or duplicate-kid keysets;
            * cap PBES2 p2c and inflated payload size;
            * new $MIN_HMAC_KEY_LEN (4) and $MIN_RSA_BITS (2048);
            * new section SECURITY CONSIDERATIONS in POD
        - fix: ConcatKDF: INTEROP BREAK with <=0.037 for ECDH-ES + A192CBC-HS384 / A256CBC-HS512 only
        - fix: ECDH-ES apu/apv header values are base64url-decoded before KDF input
        - fix: AAD bit-length encoding (only diverged at AAD >= 512 MB)
        - fix: accepted_alg / accepted_enc now croak on unsupported types
        - aes_key_wrap/unwrap:
            * strict RFC 3394 (KW) vs RFC 5649 (KWP) modes;
            * ct length validation
            * fix unwrap of aligned KWP messages
        - require Compress::Raw::Zlib >= 2.057
        - new author-only Wycheproof harness t/wycheproof.t (AUTHOR_MODE=1)

0.037   2025-04-27
        - fix #43 Fails to decode JWT from AWS Application Load Balancers
        - fix #44 Allow decoding JWS with Base64 padding characters
        - added tolerate_padding parameter for decode_jwt

0.036   2025-01-26
        - fix #35 support aud claim as an array of strings
        - added verify_typ - verify 'typ' header parameter

0.035   2023-10-03
        - PR #37 Speed up decode_jwt

0.034   2021-11-28
        - fix #32 ensure payload is serialized consistently (canonical)

0.033   2021-05-01
        - fix #31 verify_xxx options do not work properly with decode_payload=0

0.032   2021-03-18
        - fix #30 use lower uid/gid in release tarball

0.031   2021-01-10
        - fix #29 Broken JWS support for ES256K "alg" type

0.030   2021-01-08
        - fix #28 Using "kid_keys" with PS256 fails

0.029   2020-06-22
        - verify_iss, verify_aud, verify_sub, verify_jti accept Scalar

0.028   2020-06-14
        - switch to JSON from JSON::MaybeXS

0.027   2020-06-05
        - fix #25 more intuitive exceptions
        - support for ES256K

0.026   2019-02-02
        - added support for EdDSA/ed25519 + ECDH/x25519
        - fix #21 Potentially wrong IV in gcm_key_wrap

0.025   2019-09-29
        - fix #19 Empty payload in JWS JSON token
        - PR #18 _verify_claims: Refactor iss, sub, aud, and jti checks

0.024   2019-03-26
        - fix #16 - INCOMPATIBLE CHANGES
          * croak if verify_iss is specified and claim iss is missing
          * croak if verify_aud is specified and claim aud is missing
          * croak if verify_sub is specified and claim sub is missing
          * croak if verify_jti is specified and claim jti is missing



( run in 0.675 second using v1.01-cache-2.11-cpan-0bb4e1dffa6 )