v4.0.0: Update changelog (#96)

go-jose · Feb 24, 2024 · 9f884ea · 9f884ea
1 parent d37a508
commit 9f884ea
Showing 1 changed file with 53 additions and 1 deletion.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,6 1,58 @@
 # v4.0.0
 
 This release makes some breaking changes in order to more thoroughly
 address the vulnerabilities discussed in [Three New Attacks Against JSON Web
 Tokens][1], "Sign/encrypt confusion", "Billion hash attack", and "Polyglot
 token".
 
 ## Changed
 
  - Limit JWT encryption types (exclude password or public key types) (#78)
  - Enforce minimum length for HMAC keys (#85)
  - jwt: match any audience in a list, rather than requiring all audiences (#81)
  - jwt: accept only Compact Serialization (#75)
  - jws: Add expected algorithms for signatures (#74)
  - Require specifying expected algorithms for ParseEncrypted,
  ParseSigned, ParseDetached, jwt.ParseEncrypted, jwt.ParseSigned,
  jwt.ParseSignedAndEncrypted (#69, #74)
  - Usually there is a small, known set of appropriate algorithms for a program
  to use and it's a mistake to allow unexpected algorithms. For instance the
  "billion hash attack" relies in part on programs accepting the PBES2
  encryption algorithm and doing the necessary work even if they weren't
  specifically configured to allow PBES2.
  - Revert "Strip padding off base64 strings" (#82)
  - The specs require base64url encoding without padding.
 
 ## Added
 
  - ParseSignedCompact, ParseSignedJSON, ParseEncryptedCompact, ParseEncryptedJSON.
  - These allow parsing a specific serialization, as opposed to ParseSigned and
  ParseEncrypted, which try to automatically detect which serialization was
  provided. It's common to require a specific serialization for a specific
  protocol - for instance JWT requires Compact serialization.
 
 [1]: https://i.blackhat.com/BH-US-23/Presentations/US-23-Tervoort-Three-New-Attacks-Against-JSON-Web-Tokens.pdf
 
 # v3.0.2
 
 ## Fixed
 
  - DecryptMulti: handle decompression error (#19)
 
 ## Changed
 
  - jwe/CompactSerialize: improve performance (#67)
  - Increase the default number of PBKDF2 iterations to 600k (#48)
  - Return the proper algorithm for ECDSA keys (#45)
 
 ## Added
 
  - Add Thumbprint support for opaque signers (#38)
 
 # v3.0.1
 
-Fixed:
 ## Fixed
 
  - Security issue: an attacker specifying a large "p2c" value can cause
  JSONWebEncryption.Decrypt and JSONWebEncryption.DecryptMulti to consume large
  amounts of CPU, causing a DoS. Thanks to Matt Schwager (@mschwager) for the