Version 0.11 (2023-10-31)

• Migrate to the crypton library ecosystem. crypton was a hard fork of cryptonite, which was no longer maintained. With this change, the minimum supported version of GHC increased to 8.8. There are no other notable changes in this release.

• The v0.10 series is the last release series to support cryptonite. It will continue to receive important bug fixes until the end of 2024.

Version 0.10 (2022-09-01)

• Introduce newtype JOSE e m a which behaves like ExceptT e m a but also has instance (MonadRandom m) => MonadRandom (JOSE e m). The orphan MonadRandom instances were removed. (#91)

• Parameterise JWT over the claims data type. This is a cleaner mechanism to support applications that use additional claims beyond those registered by RFC 7519. unregisteredClaims and addClaim are deprecated and will be removed in a future release. (#39)

• Add Ed448 and X448 support. (#74)

• Add secp256k1 curve support (RFC 8812).

• Added checkJWK :: (MonadError e m, AsError e) => JWK -> m (). This action performs some key usability checks. In particular it identifies too-small symmetric keys. (#46)

• Removed QuickCheck instances. jose no longer depends on QuickCheck. (#106)

• Removed orphan ToJSON and FromJSON instances for URI.

• Fail signature verification when curve does not match algorithm. This is an additional defence against curve substitution attacks.

• Improved error reporting when constructing a JWK from an X.509 certificate with ECDSA key.

• Make compatible with mtl == 2.3.* (#107)

• Make compatible with monad-time == 0.4

Older versions

See Git commit history