|
# node-http-signature changelog |
|
|
|
## not yet released |
|
|
|
(nothing yet) |
|
|
|
## 1.3.6 |
|
|
|
* Update jsprim due to vulnerability in json-schema (#123) |
|
|
|
## 1.3.5 |
|
|
|
* Add keyPassphrase option to signer (#115) |
|
* Add support for created and expires values (#110) |
|
|
|
## 1.3.4 |
|
|
|
* Fix breakage in v1.3.3 with the setting of the "algorithm" field in the |
|
Authorization header (#102) |
|
|
|
## 1.3.3 |
|
|
|
**Bad release. Use 1.3.4.** |
|
|
|
* Add support for an opaque param in the Authorization header (#101) |
|
* Add support for adding the keyId and algorithm params into the signing string (#100) |
|
|
|
## 1.3.2 |
|
|
|
* Allow Buffers to be used for verifyHMAC (#98) |
|
|
|
## 1.3.1 |
|
|
|
* Fix node 0.10 usage (#90) |
|
|
|
## 1.3.0 |
|
|
|
**Known issue:** This release broken http-signature with node 0.10. |
|
|
|
* Bump dependency `sshpk` |
|
* Add `Signature` header support (#83) |
|
|
|
## 1.2.0 |
|
|
|
* Bump dependency `assert-plus` |
|
* Add ability to pass a custom header name |
|
* Replaced dependency `node-uuid` with `uuid` |
|
|
|
## 1.1.1 |
|
|
|
* Version of dependency `assert-plus` updated: old version was missing |
|
some license information |
|
* Corrected examples in `http_signing.md`, added auto-tests to |
|
automatically validate these examples |
|
|
|
## 1.1.0 |
|
|
|
* Bump version of `sshpk` dependency, remove peerDependency on it since |
|
it now supports exchanging objects between multiple versions of itself |
|
where possible |
|
|
|
## 1.0.2 |
|
|
|
* Bump min version of `jsprim` dependency, to include fixes for using |
|
http-signature with `browserify` |
|
|
|
## 1.0.1 |
|
|
|
* Bump minimum version of `sshpk` dependency, to include fixes for |
|
whitespace tolerance in key parsing. |
|
|
|
## 1.0.0 |
|
|
|
* First semver release. |
|
* #36: Ensure verifySignature does not leak useful timing information |
|
* #42: Bring the library up to the latest version of the spec (including the |
|
request-target changes) |
|
* Support for ECDSA keys and signatures. |
|
* Now uses `sshpk` for key parsing, validation and conversion. |
|
* Fixes for #21, #47, #39 and compatibility with node 0.8 |
|
|
|
## 0.11.0 |
|
|
|
* Split up HMAC and Signature verification to avoid vulnerabilities where a |
|
key intended for use with one can be validated against the other method |
|
instead. |
|
|
|
## 0.10.2 |
|
|
|
* Updated versions of most dependencies. |
|
* Utility functions exported for PEM => SSH-RSA conversion. |
|
* Improvements to tests and examples. |
|
|