Changes¶
Version 1.1.0¶
Released 2018-10-26
- Change default signing algorithm back to SHA-1. (#113)
- Added a default SHA-512 fallback for users who used the yanked 1.0.0 release which defaulted to SHA-512. (#114)
- Add support for fallback algorithms during deserialization to support changing the default in the future without breaking existing signatures. (#113)
- Changed capitalization of packages back to lowercase as the change in capitalization broke some tooling. (#113)
Version 1.0.0¶
Released 2018-10-18
YANKED
Note: This release was yanked from PyPI because it changed the default algorithm to SHA-512. This decision was reverted in 1.1.0 and it remains at SHA1.
- Drop support for Python 2.6 and 3.3.
- Refactor code from a single module to a package. Any object in the
API docs is still importable from the top-level
itsdangerous
name, but other imports will need to be changed. A future release will remove many of these compatibility imports. (#107) - Optimize how timestamps are serialized and deserialized. (#13)
base64_decode
raisesBadData
when it is passed invalid data. (#27)- Ensure value is bytes when signing to avoid a
TypeError
on Python 3. (#29) - Add a
serializer_kwargs
argument toSerializer
, which is passed todumps
duringdump_payload
. (#36) - More compact JSON dumps for unicode strings. (#38)
- Use the full timestamp rather than an offset, allowing dates before 2011. (#46)
- Detect a
sep
character that may show up in the signature itself and raise aValueError
. (#62) - Use a consistent signature for keyword arguments for
Serializer.load_payload
in subclasses. (#74, #75) - Change default intermediate hash from SHA-1 to SHA-512. (#80)
- Convert JWS exp header to an int when loading. (#99)
Version 0.24¶
Released 2014-03-28
- Added a
BadHeader
exception that is used for bad headers that replaces the oldBadPayload
exception that was reused in those cases.
Version 0.23¶
Released 2013-08-08
- Fixed a packaging mistake that caused the tests and license files to not be included.
Version 0.22¶
Released 2013-07-03
- Added support for
TimedJSONWebSignatureSerializer
. - Made it possible to override the signature verification function to allow implementing asymmetrical algorithms.
Version 0.21¶
Released 2013-05-26
- Fixed an issue on Python 3 which caused invalid errors to be generated.
Version 0.20¶
Released 2013-05-23
- Fixed an incorrect call into
want_bytes
that broke some uses of itsdangerous on Python 2.6.
Version 0.16¶
Released 2012-07-11
- Made it possible to pass unicode values to
load_payload
to make it easier to debug certain things.
Version 0.15¶
Released 2012-07-11
- Made standalone
load_payload
more robust by raising one specific error if something goes wrong. - Refactored exceptions to catch more cases individually, added more attributes.
- Fixed an issue that caused
load_payload
not work in some situations with timestamp based serializers - Added an
loads_unsafe
method.
Version 0.14¶
Released 2012-06-29
- API refactoring to support different key derivations.
- Added attributes to exceptions so that you can inspect the data even if the signature check failed.
Version 0.12¶
Released 2012-02-22
- Fixed a problem with the local timezone being used for the epoch
calculation. This might invalidate some of your signatures if you
were not running in UTC timezone. You can revert to the old behavior
by monkey patching
itsdangerous.EPOCH
.
Version 0.10¶
Released 2011-06-25
- Refactored interface that the underlying serializers can be swapped by passing in a module instead of having to override the payload loaders and dumpers. This makes the interface more compatible with Django’s recent changes.