stdbWeb/jwt/ChangeLog_jws322.txt

ChangeLog for jsjws

* 3.2.2 Release (2015-Apr-26)
 - isSafeJSONString undefined bugfix
 - readSafeJSONString undefined bugfix
 - sample codes bugfix

* 3.2.0 Release (2015-Apr-19)
 - JWS.verify method updated to mitigate signature replacement
   attacks:
   - add optional acceptAlgs argument to specify accepted
     signature algorithms to verify.
   - strict key type checking
   
remove alg=none signature validation support.
 - jsjws will be merged into jsrsasign near in the future.

* 3.1.0 Release (2015-Apr-03)
 - remove alg=none signature validation support.
 - jsjws will be merged into jsrsasign near in the future.

* 3.0.2 Release (2013-Sep-24)
 - add HS384 support with jsrsasign 4.1.4 or later.
   Please use 
     'http://kjur.github.io/jsrsasign/ext/cryptojs-312-core-fix.js' or 
     'http://kjur.github.io/jsrsasign/ext/cryptojs-312-core-fix-min.js' or 
     'http://kjur.github.io/jsrsasign/jsrsasign-4.1.4-all-min.js'
   instead of orignal 'core.js' of CryptoJS.

* 3.0.1 Release (2013-Aug-28)
 - jws 3.0.0 to 3.0.1
   - new KJUR.jws.IntDate class for time format of JWT
 - new online tool "tool_jwt.html" to generate and verify signed JWT

* 3.0.0 Release (2013-Aug-27)
 - easy and powerful sign and verify methods available
 - now supports HS{256,512},RS{256,384,512},ES{256,384},PS{256,384,512},none
   (i.e. supports all algorithms except HS384 and ES512.)
 - other existing signing and verfying methods are deprecated.
 - now supports signing by following keys:
   - PEM plain RSA PKCS#5 private key (NEW)
   - PEM encrypted RSA PKCS#5 private key (NEW)
   - PEM plain RSA/ECC PKCS#8 private key (NEW)
   - PEM encrypted RSA/ECC PKCS#8 private key (NEW)
   - RSAKey object of private key
   - KJUR.crypto.ECDSA object of private key (NEW)
 - now supports verifying by following keys:
   - PEM RSA/ECC PKCS#8 public key (NEW)
   - PEM RSA/ECC X.509 certificate
   - RSAKey object of public key
   - KJUR.crypto.ECDSA object of public key (NEW)
- now supports following asymmetoric key algorithms
   - RSA
   - ECDSA (NEW)
   - RSAPSS
 - QUnit unit tests added.

* 2.0.2 Release (2013-Jul-30)
 - jws-2.0.js 2.0.2 to 2.0.3
   - support for rsasign 1.2.5 (verifyStringPSS arg bi to hex change)

* 2.0.2 Release [Jul 29, 2013]
 - small fix for jws-2.0.js (2.0.1 -> 2.0.2)

* 2.0.1 Release [Jul 23, 2013]
 - fix RSAPSS by David (github.com/davedoesdev)
   (jws-2.0.js, sample_{generate,verify}3.html)

* 2.0.0 Release [Jul 21, 2013]
 - merge David Halls's contribution. (https://github.com/davedoesdev, Thanks! Dave.)
  - class implementation was chagned
  - supports PS{256,512} signature algorithm
    NOTE: however still having issue on PS{256,512} support
  - jsrsasign codes are not included from this release

* 1.2.1 Release [May 7, 2013]
 - merge David Halls's contribution. (https://github.com/davedoesdev, Thanks! Dave.)
  - rsa.js: update for PKCS#1 OAEP support
  - rsa2.js: update for PKCS#1 OAEP support
  - rsasign-1.2.js: add PSS support
  - jsbn.js: small fix
  - jsbn2.js: update for probable prime fix, bnSquare
  - base64.js: small fix
  - base64x-1.1.js: small update on utf8tob64u, b64utoutf8

* 1.2 Release [Mar 19, 2012]
 - 'JWSJS' class is now available for JSON Web Signature JSON Serialization 
   (JWS-JS) which is a kind of parallel signature.
 - 'readSafeJSONString' method added to 'JWS' class.
 - utf8/Base64, utf8/Hex converting functions are added to 'base64x.js'.
 - New online tools for converting Base64URL added.

* 1.1 Relasse [Mar 07, 2012]
 - following features are added.
   - UTF-8 string support in JWS Header and Payload
   - sign JWS with PEM formatted PKCS# RSA private key without passcode
   - verify JWS with PEM formatted X.509 certificate

* 1.0.1 Relasse [Mar 06, 2012]
 - API document is added.

* 1.0 Initial Relasse [Mar 04, 2012]