Erlang Jose Versions Save

• Fixes
  • Various type spec fixes; see #165 and #166.

• Fixes
  • Removes use of dynamic() type spec so OTP 24 and OTP 25 are still supported for now.

• Security Patches
  • CVE-2023-50966: Add jose:pbes2_count_maximum/0. By default, the maximum iterations are set to 10,000 and it will raise an error if p2c is larger than this value.
• Changes
  • Declare Poison as an optional dependency, thanks to [@lnikkila][https://github.com/lnikkila]; see #144.
  • Ensure jiffy:encode/1 returns a binary, thanks to @ssepml; see #145.
  • Various type spec additions and dialyzer/dialyxir integrations, thanks to @whatyouhide and @maennchen.
  • Doc updates and fixes, thanks to @aymanosman and @adamu; see #158 and #159.

1.11.6 (2023-07-18)

• Fixes
  • Use sha256 instead of sha when validating RSA signing supportability, thanks to @pavledjo; see #142.

• Fixes
  • Remove dependency on parse_transform for jose_base64 and jose_base64url.

• Enhancements
  • Add support for native crypto operations for Ed25519 and Ed448, thanks to @brettbeatty; see #123.
  • Add support for native crypto operations for ChaCha20-Poly1305 and XChaCha20-Poly1305, when available.
  • Add support for libsodium operations for XChaCha20-Poly1305, when available.
  • Add support for thoas JSON encode/decode, thanks to @michaelklishin; see #126.
  • Add support for ES256K which uses the secp256k1 curve and RS1 signatures (see 291dbb8).
  • Add support for ECDH-1PU JOSE.JWK.box_encrypt_ecdh_1pu and ECDH-ES JOSE.JWK.box_encrypt_ecdh_es and document the deprecated JOSE.JWK.box_encrypt.
  • Add support for ECDH-SS JOSE.JWK.box_encrypt_ecdh_ss.
  • Hide kty field when inspecting %JOSE.JWK{} strict, thanks to @spencerdcarlson; see #139
• Fixes
  • Version mismatch causing rebar3 to constantly try to update; see #122.
  • Fix Ed25519 and Ed448 key DER/PEM encode/decode for OTP 25.
  • Fix Ed25519ctx, Ed25519ph, Ed448, and Ed448ph when dealing with contexts so the implementation matches IETF RFC 8032.
  • Drop direct usage of crypto:hmac/4, thanks to @thalesmg; see #136
  • Replace incorrect usage of -include_lib with -include, thanks to @Richiban; see #140
  • Update the CI jobs so they actually run the Elixir tests, thanks to @moogle19; see #137
  • Change the master branch to main.

• Fixes
  • Add PEM/DER compatibility layer for PKCS-8 incompatibilities with various versions of OTP, crypto, and public_key; see #82

• Enhancements

  • Remove base64url dependency and include embedded version.
  • Add support for C20P and XC20P encryption based on draft-amringer-jose-chacha (ChaCha20/Poly1305 and XChaCha20/Poly1305).
  • Add support for ECDH-ES keywrapping for AES-GCM, ChaCha20/Poly1305, and XChaCha20/Poly1305.
  • Add support for PBES2 keywrapping for AES-GCM, ChaCha20/Poly1305, and XChaCha20/Poly1305.
  • Add support for ECDH-1PU encryption based on draft-madden-jose-ecdh-1pu.
  • Add support for reading/writing DER format (or PKCS8 format).

• Fixes

  • Fix PSS salt length (thanks to @ntrepid8, see #65)
  • Speed up and stabilize tests on CI environment.

• Enhancements

  • Add support for Jason JSON encoding and decoding.
  • Add support for Poison 4.x and lexical ordering.
  • Use public_key over cutkey for RSA key generation if available.
  • Drop support for older versions of OTP (19+ now required).
  • Relicense library under MIT license.

• Fixes

  • Add macro so the application compiles without warnings after erlang:get_stacktrace/0 has been deprecated.
  • Extra sanity check for RSA padding modes when falling back.

• Enhancements
  • Add support for reading and writing PEM files for Ed25519, Ed448, X25519, and X448 keys based on draft-ietf-curdle-pkix.
  • Add support for ojson adapter for encoding/decoding JSON.