Skip to content

Latest commit

 

History

History
270 lines (169 loc) · 8.68 KB

File metadata and controls

270 lines (169 loc) · 8.68 KB

[Unreleased]

[0.8.0.beta2] - 2026-05-20

  • Add Web Bot Auth support, implementing the current IETF draft (draft-meunier-web-bot-auth-architecture-05). Includes recommended signature parameter defaults, nonce generation, and optional Signature-Agent header handling.

[0.8.0.beta1] - 2026-05-07

  • Optimize signature parsing, serialization, and validation performance across signing and verifying flows, improving sign! throughput by 473% and verify! by 136% by minimizing Starry usage in hot paths where possible.

  • Add comprehensive benchmarking and profiling infrastructure across all supported algorithms.

  • Make Rack an optional dependency.

[0.7.9] - 2026-04-30

(No changes since the last beta release, this new stable release just bundles all the features/changes introduced during 0.7.9 beta releases)

  • Add support for http gem 6.x while maintaining compatibility with 5.x. Handles API differences introduced in 6.0.

  • Improve README clarity and align it with current behavior and production usage.

  • Enforce expires signature parameter validation in Verifier.

  • Add Faraday middleware and adapters for HTTP message signatures.

  • Add support for multiple signatures on a single HTTP message This fixes a bug on multi-signature header overwrite when calling sign! multiple times.

[0.7.9.beta3] - 2026-04-27

  • Enforce expires signature parameter validation in Verifier.

  • Add Faraday middleware and adapters for HTTP message signatures.

[0.7.9.beta2] - 2026-04-19

  • Add support for http gem 6.x while maintaining compatibility with 5.x. Handles API differences introduced in 6.0.
  • Improve README clarity and align it with current behavior and production usage.

[0.7.9.beta1] - 2026-03-03

(Beta release to test gem release automation; no functional changes)

[0.7.8] - 2026-03-03

  • Security fix: HMAC signature verification now uses constant-time comparison to prevent timing attacks.

[0.7.7] - 2025-07-08

(No changes since the last beta release, this new stable release just bundles all the features/changes introduced during 0.7.7.beta1 release)

  • Introduce generic adapters for typical requests and responses. This allows adapter classes to stop inheriting functionality from totally unrelated implementations by relying on a saner hierarchy class.

[0.7.7.beta1] - 2025-07-07

  • Introduce generic adapters for typical requests and responses. This allows adapter classes to stop inheriting functionality from totally unrelated implementations by relying on a saner hierarchy class.

[0.7.6] - 2025-07-03

  • Fix a bug in the Linzer::Message::Adapter::HTTPGem::Response class where the serialized id of fields like derived @status were not recognized. This issue caused signature creation and verification to fail for HTTP::Response instances. (Issue #16)

[0.7.5] - 2025-06-30

  • No changes since 0.7.4. 0.7.4 was released by mistake from my laptop instead of from Github Actions as expected.

[0.7.4] - 2025-06-30

  • Add validation routines on key instances before performing signing and verifying operations. This will catch obvious errors like trying to sign a request with a public key.

  • Fix bug with incorrect signature generation and verification on messages with HTTP field identifiers including parameters. Those fields were not serialized correctly and messages were being signed with incorrect signature base.

[0.7.3] - 2025-06-01

  • Fix broken retrieval of header names from Rack responses. Previously, this caused signatures attached to Rack response instances to use incorrect header names, making them unverifiable.

  • Add Linzer.signature_base method.

  • Add initial support for JWS algorithms. See Linzer::JWS module for more details. In this initial preview, only EdDSA algorithm (Ed25519) is supported).

  • Add a simple integration test to verify signatures on HTTP responses.

[0.7.2] - 2025-05-21

  • Add a few integration tests against CloudFlare test server.

  • Fix bug when accessing headers in http adapter classes. Pull request #14 by oneiros.

[0.7.1] - 2025-05-18

  • Introduce specific exception classes for message signing errors and signature verification exceptions (i.e. Linzer::SigningError and Linzer::VerifyError)

  • Fix bug in Linzer::HTTP client that prevented it from working with https URLs.

[0.7.0] - 2025-05-17

(No changes since the last beta release, this new stable release just bundles all the features/changes introduced during 0.7.0 beta releases)

  • Introduce Rack::Auth::Signature middleware.

  • Refactor and improve Rack::Auth::Signature code organization.

  • Do not expose secret material on HMAC SHA-256 key when #inspect method is used.

  • Update Rack::Auth::Signature configuration file options.

  • Validate and test Rack::Auth::Signature with example Rails and Sinatra apps.

  • Refactor to improve Linzer APIs and streamline its usage along with different HTTP libraries. (Issues #6 and #11)

  • Provide integration with http.rb gem to allow signing outgoing HTTP requests.

  • Add simple HTTP client module.

[0.7.0.beta4] - 2025-05-17

  • Provide integration with http.rb gem to allow signing outgoing HTTP requests.
  • Add simple HTTP client module.

[0.7.0.beta3] - 2025-05-06 (aka the "MiniDebConf Hamburg 2025" release)

  • Refactor to improve Linzer APIs and streamline its usage along with different HTTP libraries.

[0.7.0.beta2] - 2025-04-13

  • Refactor and improve Rack::Auth::Signature code organization.
  • Do not expose secret material on HMAC SHA-256 key when #inspect method is used.
  • Update Rack::Auth::Signature configuration file options.
  • Validate and test Rack::Auth::Signature with example Rails and Sinatra apps.

[0.7.0.beta1] - 2025-04-12

  • Introduce Rack::Auth::Signature middleware.

[0.6.5] - 2025-04-09

  • Add support for RSA (RSASSA-PKCS1-V1_5) and improve RSASSA-PSS handling. Pull request #10 by oneiros.

[0.6.4] - 2025-04-04

  • Allow validating the created parameter to mitigate the risk of replay attacks. Pull request #8 by oneiros.

[0.6.3] - 2025-03-29

  • Parse signature structured fields values as ASCII string.

[0.6.2] - 2024-12-10

  • Remove dependency on ed25519 gem. Pull request #5 by oneiros.

  • Run unit tests against Ruby 3.4.

[0.6.1] - 2024-12-02

  • Add more validation checks on HTTP field component identifiers and parameters.

  • Relax rack version requirements. Pull request #4 by oneiros.

  • Update uri dependency to the latest version. Pull request #3 by oneiros.

[0.6.0] - 2024-04-06

  • Support parameters on HTTP field component identifiers.

  • Add a work-around for failed unit-tests in ruby HEAD CI jobs.

  • Set up simplecov and improve unit-tests coverage.

[0.5.2] - 2024-04-02

  • Make all unit tests pass on Ruby 3.0:
    • Set minimum required version on openssl and uri gems.
  • Small refactor on ECDSA module.

[0.5.1] - 2024-04-01

  • Add support for additional derived components: @target-uri, @scheme, @request-target, @query and @query-param.

[0.5.0] - 2024-03-30

  • Build Linzer::Message instances from Rack request and response objects instead of unspecified/ad-hoc hashes with HTTP request and response parameters.

  • Update README examples.

[0.4.1] - 2024-03-25

  • Fix one-off error on ECDSA P-256 and P-384 curve signature generation. In some cases, an invalid signature of 63 or 95 bytes could be generated.

[0.4.0] - 2024-03-16

  • Add support for capitalized HTTP header names.

[0.3.2] - 2024-03-16

  • Force signature component name strings to be encoded as ASCII. Otherwise in some scenarios, this could to signature verification errors for valid signatures.

[0.3.1] - 2024-03-02

  • Fix incorrect signing and verifying for ECDSA P-256 and P-384 curves.

[0.3.0] - 2024-02-28

  • Add support for the following algorithms: Ed25519, HMAC-SHA256 and ECDSA (P-256 and P-384 curves).

[0.2.0] - 2024-02-23

  • Add signature signing functionality. RSASSA-PSS using SHA-512 is still the only supported algorithm.

[0.1.0] - 2024-02-18

  • Initial release
  • It barely passes unit tests to verify signatures with RSASSA-PSS using SHA-512.