Commit Graph

41 Commits

Author SHA1 Message Date
Les Hazlewood 877960fe04
Added additional guards for JVM CVE-2022-21449 per review, accompanied by corresponding regression tests (#733) 2022-04-28 12:11:36 -04:00
Les Hazlewood 9c0ea0d0eb
Prep for 0.11.4 release (#732)
- Updated README.md version numbers to reflect the 0.11.4 release
- Added 0.11.4 release/changelog notes to CHANGELOG.md
2022-04-26 19:16:04 -04:00
Les Hazlewood b78473262d
0.11.3 to master (#728)
Merged 0.11.3 patch release into mainline development branch
2022-04-23 17:32:28 -04:00
Brian Demers 4b3e2c9315 Update Jackson Databind to 2.12.6.1
Fixes: #716
Fixes: #614
2022-04-18 13:38:09 -04:00
Brian Demers 9007ae7c98 Add notes about Jackson version update in release notes: #642 2021-07-09 17:17:13 -04:00
Brian Demers 6c25d67978 Update CHANGELOG with better description of JSON error handling 2021-07-09 17:08:56 -04:00
Brian Demers 8a11a4ed18 Adds handling for common JSON parsing exceptions and wraps them in a `JwtException`
Move the parser error handling logic out of DefaultJwtParser into the new JwtDeserializer and wraps them with developer freiendly exceptions
Add check for common JSON parsing exceptions like stack overflow when parsing deeply nested (or malformed) JSON
2021-07-09 17:08:56 -04:00
Les Hazlewood 5c8064bbd1 Updated changelog to link to the 0.11.2 milestone 2020-06-11 14:21:03 -04:00
Les Hazlewood 2f897cbb4d Updated the changelog for the upcoming 0.11.2 release 2020-06-11 14:14:42 -04:00
Brian Demers 43de9a34e3
Add parameterized return type to Maps.and() (#597)
Fixes: #591
2020-06-08 13:59:41 -04:00
Les Hazlewood 2349d4dce3
Upgraded Jackson dependency to 2.9.10.3. Resolves #567. (#576) 2020-03-12 16:40:52 -04:00
Les Hazlewood 6565bdc019
Minor JavaDoc fix and changelog updates. Fixes #535 (#575) 2020-03-12 16:25:12 -04:00
Brian Demers 9e65ab7be0 Services now checks the contextClassLoader, Services.class.classLoader, and the system classloader
Fixes: #568
2020-03-12 15:43:37 -04:00
Brian Demers 111633fa88 Gson Serializer/Deserializer are now correctly registered service when found on the classpath
Added test to other serializer implementations as well

Fixes: #563
2020-03-05 14:11:34 -05:00
Brian Demers e115085b14 Allow JacksonDeserializer to work with Java 9+ Map.of
and other maps that do NOT allow null keys
2020-02-24 16:01:18 -05:00
Les Hazlewood b4363e1572
- Update README to use `parserBuilder()` instead of `parser()` (#499) (#559)
- Docs: Adds section to README covering custom object parsing (#500)
- Docs: Add note about JwtParserBuilder creating an immutable JwtParser (#508)
Doc: #486
Fixes: #494
Doc: #495
Fixes: #171

Updated documentation and changelog to reflect the new Gson extension. Fixes #410. (#476)

Co-authored-by: Brian Demers <brian.demers@gmail.com>
2020-02-05 12:08:18 -08:00
Les Hazlewood c38f4af239
Ensured DeflateCompressionCodec could fallback to <= 0.10.6 implementation if encountering an IOException. This allows compressed JWTs created before 0.10.7 to still work. Fixes #536 (#556) (#557) 2020-02-04 14:29:16 -08:00
Les Hazlewood 950e6fbcc7
cherry-pick 4821395c06b0786e19b1a3153be65f39a2a524d9: Ensured SignatureAlgorithm `PS256`, `PS384`, and `PS512` worked properly on JDK 11 and later without requiring BouncyCastle. (#555) 2020-02-04 00:10:39 -08:00
Brian Demers 94d151129d
Add JwtParserBuilder as the preferred way to create a JwtParser instance (#486)
- Added new JwtParserBuilder
- Copied mutator methods from JwtParser into new JwtParserBuilder
- Marked said methods as deprecated in JwtParser
- Copied JwtParserTest and JwtsTest to Deprecated*, as to retain coverage on methods that will be removed in 1.0
- Added ImmutableJwtParser
  This is a stop gap until 1.0, all of the mutable methods will now throw a IllegalStateException.
  NOTE: this only comes into place when using the new Jwts.parserBuilder(), Jwts.parser() is unchanged.

Fixes: #473
2019-10-01 12:03:20 -04:00
Brian Demers 7090bf39c3
Add support for custom type deserialization with Jackson (#495)
- Adds new constructor JacksonDeserializer(Map<String, Class> claimTypeMap), which will enable later calls Claims.get("key", CustomType.class) to work as expectd
 - Adds new Maps utility class to make map creation fluent

Fixes: #369
2019-09-30 17:24:57 -04:00
Brian Demers 6e74be0b8d
Fix split package issue in extensions/jackson and extensions/orgjson (#488)
* Fix split package issue in extensions/jackson and extensions/orgjson

This moves the implementation specific classes:
- `io.jsonwebtoken.io.Jackson*` to `io.jsonwebtoken.jackson.io.Jackson*`
- `io.jsonwebtoken.io.OrgJson*` to `io.jsonwebtoken.orgjson.io.OrgJson*`

* Add Backwards Compatibility Warning to CHANGELOG
* Add `jjwt-jackson:deprecated` and `jjwt-orgjson:deprecated` modules to retain backward-compatible versions of the Jackson and OrgJson Serializers (this is built with the shade plugin and binary compatibility validated with japicmp)

Fixes: #399
2019-09-27 17:11:19 -04:00
Brian Demers c246385be1
Updating to jackson-databind 2.9.10 (#498) 2019-09-25 14:28:34 -04:00
Les Hazlewood 6b39e5bb72 Issue 450: prepping docs for the 0.10.7 release. Fixes #450. 2019-07-11 19:57:19 -04:00
Les Hazlewood 4ae8f6d9c9 Issue 461: upgraded Jackson version to 2.9.9.1. Fixes #461. 2019-07-11 16:05:52 -04:00
Les Hazlewood af72fabbf3 Refactored DeflateCompressionCodec to eliminate memory leak. Refactored GzipCompressionCodec and AbstractCompressionCodec to utilize consistent logic across compression algorithms. Resolves #392. 2019-03-10 12:01:37 -04:00
Micah Silverman 3425390b14 Added changelog notes for 0.10.6 2019-02-25 13:27:30 -05:00
Les Hazlewood 77f1a69c72 Addressed issue where org.json.JSONString and org.json.JSONWriter are not available on Android. Resolves #388. 2018-08-15 17:49:13 -04:00
Les Hazlewood 33a3107213 added 0.10.4 changelog notes 2018-08-14 12:35:46 -04:00
Les Hazlewood 85d8920d79 Ensured symmetric logic between the Keys and SignatureAlgorithm helper methods for hmac key lengths.
Updated Android dependencies and ProGuard exclusion definitions
Updating docs to reflect 0.10.3 release
Resolves #381, #382
2018-08-13 20:26:14 -04:00
Les Hazlewood f19c34a763 Ensured JJWT's org.json use is compatible with Android's org.json API as defined in https://developer.android.com/reference/org/json/package-summary. Resolves #380. 2018-08-07 13:32:20 -04:00
Les Hazlewood 7f662627cc Ensured BouncyCastle was optional. Also ensured EllipticCurve algorithms could be used without BouncyCastle since the JDK supports EC by default. Moved RuntimeEnvironment.enableBouncyCastleIfPossible() call out of SignatureAlgorithm into RsaProvider since BC is only necessary for RSASSA-PSS algorithms (PS256, PS384, PS512) and nothing else in JJWT's codebase.
Resolves #372
2018-08-02 16:59:59 -04:00
Les Hazlewood 8b3f6cac53 Finally proper documentation! Updated changelog as well. Resolves #355. 2018-08-01 16:41:41 -04:00
Les Hazlewood 6e1415c441 - Implemented new Base64 encoder forked from MigBase64 to guarantee deterministic behavior on all JDK and Android platforms
- Allowed pluggable Encoder/Decoder for JWT building and parsing via new Encoder/Decoder and JwtBuilder#base64UrlEncodeWith
  and JwtParser#base64UrlDecodeWith methods respectively
- added RFC 4648 Base64 test vectors per code review
- Added tests for all new code to retain 100% code coverage, verified by Clover and Coveralls
- Enabled oraclejdk10 and openjdk10 builds in TravisCI
- Replaced gmaven plugin with gmavenplus to work on JDK >= 9
- Upgraded surefire and failsafe plugins to 2.22.0 to ensure build works on JDK >= 10
- Ensured JavaDoc linter wouldn't fail the build for JDK >= 8 (was previously only 1.8)
- Updated changelog doc to reflect new Base64 functionality
2018-07-08 20:29:49 -04:00
Les Hazlewood d0e9e7a2bd Modified docs to reflect upcoming 0.9.1 release 2018-07-05 18:22:23 -04:00
Micah Silverman 314fe4d8c8 Updated changelog. 2017-10-10 15:04:34 -04:00
Micah Silverman 395128eae6 updated changelog 2017-09-26 13:08:01 -04:00
Les Hazlewood cfeeb6e5cd Added release notes and doc update for the 0.7.0 release. 2016-09-12 17:23:18 -07:00
Les Hazlewood 0da903f214 Added release notes and doc update for the 0.7.0 release. 2016-09-12 17:22:41 -07:00
Les Hazlewood c13362dafa Added release notes and doc update for the 0.7.0 release. 2016-09-12 17:20:47 -07:00
Micah Silverman 78cb1707d7 moved older jackson section back into readme 2016-07-03 12:29:13 -04:00
Micah Silverman 0899261074 Separated CHANGELOG from README 2016-07-03 12:29:13 -04:00