1.11.12 (2025-11-20)

1.11.12 (2025-11-20)

• Fixes
  • Properly handle nil from Elixir maps when encoding with the builtin json Erlang/OTP module; see #184
  • Drop required Elixir version back from 1.16 -> 1.13; see #185

1.11.11 (2025-11-17)

1.11.11 (2025-11-17)

• Fixes
  • EC key decode/encode issues in OTP 28; see #180, #181, #182, #179
  • EdDSA key issues with OTP 27.1.3+; see #177
• Notes
  • This will hopefully be one of the last 1.x releases, next release will be 2.x

1.11.10 (2024-04-17)

• Fixes
  • Various type spec fixes; see #165 and #166.

1.11.8 (2024-04-07)

• Fixes
  • Removes use of dynamic() type spec so OTP 24 and OTP 25 are still supported for now.

1.11.7 (2024-04-07)

• Security Patches
  • CVE-2023-50966: Add jose:pbes2_count_maximum/0. By default, the maximum iterations are set to 10,000 and it will raise an error if p2c is larger than this value.
• Changes
  • Declare Poison as an optional dependency, thanks to [@lnikkila][https://github.com/lnikkila]; see #144.
  • Ensure jiffy:encode/1 returns a binary, thanks to @ssepml; see #145.
  • Various type spec additions and dialyzer/dialyxir integrations, thanks to @whatyouhide and @maennchen.
  • Doc updates and fixes, thanks to @aymanosman and @adamu; see #158 and #159.

1.11.6 (2023-07-18)

1.11.6 (2023-07-18)

• Fixes
  • Use sha256 instead of sha when validating RSA signing supportability, thanks to @pavledjo; see #142.

1.11.5 (2022-12-16)

• Fixes
  • Remove dependency on parse_transform for jose_base64 and jose_base64url.

1.11.4 (2022-12-15)

• Enhancements
  • Add support for native crypto operations for Ed25519 and Ed448, thanks to @brettbeatty; see #123.
  • Add support for native crypto operations for ChaCha20-Poly1305 and XChaCha20-Poly1305, when available.
  • Add support for libsodium operations for XChaCha20-Poly1305, when available.
  • Add support for thoas JSON encode/decode, thanks to @michaelklishin; see #126.
  • Add support for ES256K which uses the secp256k1 curve and RS1 signatures (see 291dbb8).
  • Add support for ECDH-1PU JOSE.JWK.box_encrypt_ecdh_1pu and ECDH-ES JOSE.JWK.box_encrypt_ecdh_es and document the deprecated JOSE.JWK.box_encrypt.
  • Add support for ECDH-SS JOSE.JWK.box_encrypt_ecdh_ss.
  • Hide kty field when inspecting %JOSE.JWK{} strict, thanks to @spencerdcarlson; see #139
• Fixes
  • Version mismatch causing rebar3 to constantly try to update; see #122.
  • Fix Ed25519 and Ed448 key DER/PEM encode/decode for OTP 25.
  • Fix Ed25519ctx, Ed25519ph, Ed448, and Ed448ph when dealing with contexts so the implementation matches IETF RFC 8032.
  • Drop direct usage of crypto:hmac/4, thanks to @thalesmg; see #136
  • Replace incorrect usage of -include_lib with -include, thanks to @Richiban; see #140
  • Update the CI jobs so they actually run the Elixir tests, thanks to @moogle19; see #137
  • Change the master branch to main.

1.10.1 (2020-01-08)

• Fixes
  • Add PEM/DER compatibility layer for PKCS-8 incompatibilities with various versions of OTP, crypto, and public_key; see #82

1.10.0 (2020-01-03)

• Enhancements

  • Remove base64url dependency and include embedded version.
  • Add support for C20P and XC20P encryption based on draft-amringer-jose-chacha (ChaCha20/Poly1305 and XChaCha20/Poly1305).
  • Add support for ECDH-ES keywrapping for AES-GCM, ChaCha20/Poly1305, and XChaCha20/Poly1305.
  • Add support for PBES2 keywrapping for AES-GCM, ChaCha20/Poly1305, and XChaCha20/Poly1305.
  • Add support for ECDH-1PU encryption based on draft-madden-jose-ecdh-1pu.
  • Add support for reading/writing DER format (or PKCS8 format).

• Fixes

  • Fix PSS salt length (thanks to @ntrepid8, see #65)
  • Speed up and stabilize tests on CI environment.