11# Change Log
2+
23All notable changes to this project will be documented in this file.
34
5+ ## [ 3.2.3]
6+
7+ ### Changed
8+
9+ - Fix advisory GHSA-869p -cjfg-cm3x: createSign and createVerify now require
10+ that a non empty secret is provided (via opts.secret, opts.privateKey or opts.key)
11+ when using HMAC algorithms.
12+ - Upgrading JWA version to 1.4.2, adressing a compatibility issue for Node >= 25.
13+
414## [ 3.0.0]
15+
516### Changed
17+
618- ** BREAKING** : ` jwt.verify ` now requires an ` algorithm ` parameter, and
719 ` jws.createVerify ` requires an ` algorithm ` option. The ` "alg" ` field
820 signature headers is ignored. This mitigates a critical security flaw
@@ -12,7 +24,9 @@ All notable changes to this project will be documented in this file.
1224 for details.
1325
1426## [ 2.0.0] - 2015-01-30
27+
1528### Changed
29+
1630- ** BREAKING** : Default payload encoding changed from ` binary ` to
1731 ` utf8 ` . ` utf8 ` is a is a more sensible default than ` binary ` because
1832 many payloads, as far as I can tell, will contain user-facing
@@ -21,14 +35,13 @@ All notable changes to this project will be documented in this file.
2135- Code reorganization, thanks [ @fearphage ] ! (<code >[ 7880050] </code >)
2236
2337### Added
38+
2439- Option in all relevant methods for ` encoding ` . For those few users
2540 that might be depending on a ` binary ` encoding of the messages, this
2641 is for them. (<code >[ 6b6de48] </code >)
2742
2843[ unreleased ] : https://github.com/brianloveswords/node-jws/compare/v2.0.0...HEAD
2944[ 2.0.0 ] : https://github.com/brianloveswords/node-jws/compare/v1.0.1...v2.0.0
30-
3145[ 7880050 ] : https://github.com/brianloveswords/node-jws/commit/7880050
3246[ 6b6de48 ] : https://github.com/brianloveswords/node-jws/commit/6b6de48
33-
3447[ @fearphage ] : https://github.com/fearphage
0 commit comments