Changelog for jose-0.11
Version 0.11 (2023-10-31)
-
Migrate to the crypton library ecosystem. crypton was a hard fork of cryptonite, which was no longer maintained. With this change, the minimum supported version of GHC increased to 8.8. There are no other notable changes in this release.
-
The
v0.10
series is the last release series to support cryptonite. It will continue to receive important bug fixes until the end of 2024.
Version 0.10 (2022-09-01)
-
Introduce
newtype JOSE e m a
which behaves likeExceptT e m a
but also hasinstance (MonadRandom m) => MonadRandom (JOSE e m)
. The orphanMonadRandom
instances were removed. (#91) -
Parameterise
JWT
over the claims data type. This is a cleaner mechanism to support applications that use additional claims beyond those registered by RFC 7519.unregisteredClaims
andaddClaim
are deprecated and will be removed in a future release. (#39) -
Add Ed448 and X448 support. (#74)
-
Add secp256k1 curve support (RFC 8812).
-
Added
checkJWK :: (MonadError e m, AsError e) => JWK -> m ()
. This action performs some key usability checks. In particular it identifies too-small symmetric keys. (#46) -
Removed
QuickCheck
instances. jose no longer depends onQuickCheck
. (#106) -
Removed orphan
ToJSON
andFromJSON
instances forURI
. -
Fail signature verification when curve does not match algorithm. This is an additional defence against curve substitution attacks.
-
Improved error reporting when constructing a JWK from an X.509 certificate with ECDSA key.
-
Make compatible with
mtl == 2.3.*
(#107) -
Make compatible with
monad-time == 0.4
Older versions
See Git commit history