jwx

v2.0.8 - 25 Nov 2022
[Security Fixes]
  * [jws][jwe] Starting from go 1.19, code related to elliptic algorithms
    panics (instead of returning an error) when certain methods
    such as `ScalarMult` are called using points that are not on the
    elliptic curve being used.

    Using inputs that cause this condition, and you accept unverified JWK
    from the outside it may be possible for a third-party to cause panics
    in your program.

    This has been fixed by verifying that the point being used is actually
    on the curve before such computations (#840)
[Miscellaneous]
  * `jwx.GuessFormat` now returns `jwx.InvalidFormat` when the heuristics
    is sure that the buffer format is invalid.

v2.0.7 - 15 Nov 2022
[New features]
  * [jwt] Each `jwt.Token` now has an `Options()` method
  * [jwt] `jwt.Settings(jwt.WithFlattenedAudience(true))` has a slightly
    different semantic than before. Instead of changing a global variable,
    it now specifies that the default value of each per-token option for
    `jwt.FlattenAudience` is true.

    Therefore, this is what happens:

       // No global settings
       tok := jwt.New()
       tok.Options.IsEnabled(jwt.FlattenAudience) // false

       // With global settings
       jwt.Settings(jwt.WithFlattenedAudience(true))
       tok := jwt.New()
       tok.Options.IsEnabled(jwt.FlattenAudience) // true
       // But you can still turn FlattenAudience off for this
       // token alone
       tok.Options.Disable(jwt.FlattenAudience)

    Note that while unlikely to happen for users relying on the old behavior,
    this change DOES introduce timing issues: whereas old versions switched the
    JSON marshaling for ALL tokens immediately after calling `jwt.Settings`,
    the new behavior does NOT affect tokens that have been created before the
    call to `jwt.Settings` (but marshaled afterwards).

    So the following may happen:

      // < v2.0.7
      tok := jwt.New()
      jwt.Settings(jwt.WithFlattenedAudience(true))
      json.Marshal(tok) // flatten = on

      // >= v2.0.7
      tok := jwt.New() // flatten = off
      jwt.Settings(jwt.WithFlattenedAudience(true))
      json.Marshal(tok) // flatten = on

      // >= v2.0.7
      tok := jwt.New() // flatten = off
      jwt.Settings(jwt.WithFlattenedAudience(true))
      json.Marshal(tok) // flatten is still off

    It is recommended that you only set the global setting once at the
    very beginning of your program to avoid problems.

    Also note that `Clone()` copies the settings as well.

v2.0.6 - 25 Aug 2022
[Bug fixes][Security]
  * [jwe] Agreement Party UInfo and VInfo (apv/apu) were not properly being
    passed to the functions to compute the aad when encrypting using ECDH-ES
    family of algorithms. Therefore, when using apu/apv, messages encrypted
    via this module would have failed to be properly decrypted.

    Please note that bogus encrypted messages would not have succeed being
    decrypted (i.e. this problem does not allow spoofed messages to be decrypted).
    Therefore this would not have caused unwanted data to to creep in --
    however it did pose problems for data to be sent and decrypted from this module
    when using ECDH-ES with apu/apv.

    While not extensively tested, we believe this regression was introduced
    with the v2 release.

v2.0.5 - 11 Aug 2022
[Bug fixes]
  * [jwt] Remove stray debug log
  * [jwk] Fix x5u field name, caused by a typo
  * [misc] Update golangci-lint action to v3; v2 was causing weird problems

v2.0.4 - 19 Jul 2022
[Bug Fixes]
  * [jwk] github.com/lestrrat-go/httprc, which jwk.Cache depends on,
    had a problem with inserting URLs to be re-fetched into its queue.
    As a result it could have been the case that some JWKS were not
    updated properly. Please upgrade if you use jwk.Cache.

  * [jwk] cert.Get could fail with an out of bounds index look up

  * [jwk] Fix doc buglet in `KeyType()` method

[New Features]
  * [jws] Add `jws.WithMultipleKeysPerKeyID()` sub-option to allow non-unique
    key IDs in a given JWK set. By default we assume that a key ID is unique
    within a key set, but enabling this option allows you to handle JWK sets
    that contain multiple keys that contain the same key ID.

  * [jwt] Before v2.0.1, sub-second accuracy for time based fields
    (i.e. `iat`, `exp`, `nbf`) were not respected. Because of this the code
    to evaluate this code had always truncated any-subsecond portion
    of these fields, and therefore no sub-second comparisons worked.
    A new option for validation `jwt.WithTruncation()` has been added
    to workaround this. This option controls the value used to truncate
    the time fields. When set to 0, sub-second comparison would be
    possible.
    FIY, truncatation will still happen because we do not want to
    use the monotonic clocks when making comparisons. It's just that
    truncating using `0` as its argument effectively only strips out
    the monotonic clock

v2.0.3 - 13 Jun 2022
[Bug Fixes]
  * [jwk] Update dependency on github.com/lestrrat-go/httprc to v1.0.2 to
    avoid unintended blocking in the update goroutine for jwk.Cache

v2.0.2 - 23 May 2022
[Bug Fixes][Security]
  * [jwe] An old bug from at least 7 years ago existed in handling AES-CBC unpadding,
    where the unpad operation might remove more bytes than necessary (#744)
    This affects all jwx code that is available before v2.0.2 and v1.2.25.

[New Features]
  * [jwt] RFC3339 timestamps are also accepted for Numeric Date types in JWT tokens.
    This allows users to parse servers that errnously use RFC3339 timestamps in
    some pre-defined fields. You can change this behavior by setting
    `jwt.WithNumericDateParsePedantic` to `false`
  * [jwt] `jwt.WithNumericDateParsePedantic` has been added. This is a global
    option that is set using `jwt.Settings`

v1.2.25 23 May 2022
[Bug Fixes][Security]
  * [jwe] An old bug from at least 7 years ago existed in handling AES-CBC unpadding,
    where the unpad operation might remove more bytes than necessary (#744)
    This affects all jwx code that is available before v2.0.2 and v1.2.25.

v1.2.24 05 May 2022
[Security]
  * Upgrade golang.org/x/crypto (#724)

v2.0.1 - 06 May 2022
  * [jwk] `jwk.Set` had erronously been documented as not returning an error
    when the same key already exists in the set. This is a behavior change
    since v2, and it was missing in the docs (#730)
  * [jwt] `jwt.ErrMissingRequiredClaim` has been deprecated. Please use
    `jwt.ErrRequiredClaim` instead.
  * [jwt] `jwt.WithNumericDateParsePrecision` and `jwt.WithNumericDateFormatPrecision`
    have been added to parse and format fractional seconds. These options can be
    passed to `jwt.Settings`.
    The default precision is set to 0, and fractional portions are not parsed nor
    formatted. The precision may be set up to 9.
  * `golang.org/x/crypto` has been upgraded (#724)
  * `io/ioutil` has been removed from the source code.

v2 has many incompatibilities with v1. To see the full list of differences between
v1 and v2, please read the Changes-v2.md file (https://github.com/lestrrat-go/jwx/blob/develop/v2/Changes-v2.md)

v2.0.0 - 24 Apr 2022
  * This i the first v2 release, which represents a set of design changes
    that were learnt over the previous 2 years. As a result the v2 API
    should be much more consistent and uniform across packages, and
    should be much more flexible to accomodate real-world needs.

    For a complete list of changes, please see the Changes-v2.md file,
    or check the diff at https://github.com/lestrrat-go/jwx/compare/v1...v2

[Miscellaneous]
  * Minor house cleaning on code generation tools

[jwt]
  * `jwt.ErrMissingRequiredClaim()` has been added

v2.0.0-beta2 - 16 Apr 2022
[jwk]
  * Updated `jwk.Set` API and reflected pending changes from v1 which were
    left over. Please see Changes-v2.md file for details.

  * Added `jwk.CachedSet`, a shim over `jwk.Cache` that allows you to
    have to write wrappers around `jwk.Cache` that retrieves a particular
    `jwk.Set` out of it. You can use it to, for example, pass `jwk.CachedSet`
    to a `jws.Verify`

      cache := jwk.NewCache(ctx)
      cache.Register(ctx, jwksURL)
      cachedSet := jwk.NewCachedSet(cache, jwksURL)
      jws.Verify(signed, jws.WithKeySet(cachedSet))

v1.2.23 13 Apr 2022
[Bug fixes]
  * [jwk] jwk.AutoRefresh had a race condition when `Configure()` was
    called concurrently (#686)
    (It has been patched correctly, but we may come back to revisit
     the design choices in the near future)

v2.0.0-beta1 - 09 Apr 2022
[Miscellaneous]
  * Renamed Changes.v2 to Changes-v2.md
  * Housecleaning for lint action.
  * While v2 was not affected, ported over equivalent test for #681 to catch
    regressions in the future.
  * Please note that there is no stability guarantees on pre-releases.

v1.2.22 08 Apr 2022
[Bug fixes]
  * [jws] jws.Verify was ignoring the `b64` header when it was present
    in the protected headers (#681). Now the following should work:

      jws.Sign(..., jws.WithDetachedPayload(payload))
      // previously payload had to be base64 encoded
      jws.Verify(..., jws.WithDetachedPayload(payload))

    (note: v2 branch was not affected)

v2 has many incompatibilities with v1. To see the full list of differences between
v1 and v2, please read the Changes.v2 file

v2.0.0-alpha1 - 4 Apr 2022
  * Initial pre-release of v2 line. Please note that there is no stability guarantees
    on pre-releases.

v1.2.21 30 Mar 2022
[Bug fixes]
  * [jwk] RSA keys without p and q can now be parsed.

v1.2.20 03 Mar 2022
[Miscellaneous]
  * Dependency on golang.org/x/crypto has been upgraded to
    v0.0.0-20220214200702-86341886e292 to address
    https://nvd.nist.gov/vuln/detail/CVE-2020-14040 (#598)

v1.2.19 22 Feb 2022
[New Feature]
  * [jwk] jwk.Parse (and (jwk.AutoRefresh).Configure) can accept a new
    option `jwk.WithIgnoreParseError(bool)`, which allows users to ignore
    errors during parsing of each key contained in the JWKS, allowing
    you to "skip" invalid keys.

    This option should not be used lightly, as it hides the presence of
    possibly faulty keys. However, this can be an escape hatch if you are
    faced with a faulty JWKS that you do not control.

v1.2.18 23 Jan 2022
[Bug fixes]
  * [jwe] When presented with jwk.Key with a key ID, the jwe encryption
    code path did not assign this key ID to the resulting data structure.
    This has been fixed, and now the key ID is properly applied to the
    `kid` field.
  * [jws] Use for `crypto.Signer`s were implemented for signing, but verification was
    never properly implemented. This has been fixed.

[Miscellaneous]
  * [jws] Because of fixes to code path that deals with `crypto.Signer`s, we are
    now able to fully integrate with Cloud services, such as Google's Cloud KMS
    and AWS KMS, that provide key management and signing payloads

    An implementation for these are available at https://github.com/jwx-go/crypto-signer.

    Suppot `crypto.Signer` in JWE encryption has not been implemented.