Workflow

Python-jwt

Latest version: v4.1.0

Safety actively analyzes 629639 Python packages for vulnerabilities to keep your Python projects secure.

Scan your dependencies

Page 5 of 5

1.2.0

Not secure
--------------------------------------------------------------------

Fixed
~~~~~

- Added back ``verify_expiration=`` argument to ``jwt.decode()`` that
was erroneously removed in
`v1.1.0 <https://github.com/jpadilla/pyjwt/compare/1.0.1...1.1.0>`__.

Changed
~~~~~~~

- Refactored JWS-specific logic out of PyJWT and into PyJWS superclass.
`141 <https://github.com/jpadilla/pyjwt/pull/141>`__

Deprecated
~~~~~~~~~~

- ``verify_expiration=`` argument to ``jwt.decode()`` is now deprecated
and will be removed in a future version. Use the ``option=`` argument
instead.

1.1.0

Not secure
--------------------------------------------------------------------

Added
~~~~~

- Added support for PS256, PS384, and PS512 algorithms.
`132 <https://github.com/jpadilla/pyjwt/pull/132>`__
- Added flexible and complete verification options during decode.
`131 <https://github.com/jpadilla/pyjwt/pull/131>`__
- Added this CHANGELOG.md file.

Deprecated
~~~~~~~~~~

- Deprecated usage of the .decode(..., verify=False) parameter.

Fixed
~~~~~

- Fixed command line encoding.
`128 <https://github.com/jpadilla/pyjwt/pull/128>`__

1.0.1

Not secure
--------------------------------------------------------------------

Fixed
~~~~~

- Include jwt/contrib' and jwt/contrib/algorithms\` in setup.py so that
they will actually be included when installing.
`882524d <https://github.com/jpadilla/pyjwt/commit/882524d>`__
- Fix bin/jwt after removing jwt.header().
`bd57b02 <https://github.com/jpadilla/pyjwt/commit/bd57b02>`__

1.0.0

Not secure
--------------------------------------------------------------------

Changed
~~~~~~~

- Moved ``jwt.api.header`` out of the public API.
`85 <https://github.com/jpadilla/pyjwt/pull/85>`__
- Added README details how to extract public / private keys from an
x509 certificate.
`100 <https://github.com/jpadilla/pyjwt/pull/100>`__
- Refactor api.py functions into an object (``PyJWT``).
`101 <https://github.com/jpadilla/pyjwt/pull/101>`__
- Added support for PyCrypto and ecdsa when cryptography isn't
available. `101 <https://github.com/jpadilla/pyjwt/pull/103>`__

Fixed
~~~~~

- Fixed a security vulnerability where ``alg=None`` header could bypass
signature verification.
`109 <https://github.com/jpadilla/pyjwt/pull/109>`__
- Fixed a security vulnerability by adding support for a whitelist of
allowed ``alg`` values ``jwt.decode(algorithms=[])``.
`110 <https://github.com/jpadilla/pyjwt/pull/110>`__

Page 5 of 5

Links

Releases

Has known vulnerabilities

Previous

© 2024 Safety CLI Cybersecurity Inc. All Rights Reserved.