Releases: 99designs/http-signatures-php
Releases · 99designs/http-signatures-php
4.0.0
3.1.2
Fix potential time attack vulnerability in HMAC signature comparison for 2.x
Fixes a potential timing attack vulnerability in our HMAC signature comparison using a double HMAC approach. This fix has already been applied to v3.1.1, this is a backport for 2.x. Thanks to @afk11 for submitting this.
Fix potential time attack vulnerability in HMAC signature comparison
Fixes a potential timing attack vulnerability in our HMAC signature comparison using a double HMAC approach. Thanks to @afk11 for submitting this.
Use RequestInterface
This release:
- Replaces usages of
MessageInterface
withRequestInterface
- Removes type hinting for PSR-7 interfaces in methods
PSR-7 support
This release updates the library to expect PSR-7 messages for signing and verification.
Note: This change means that this library is not backwards compatible with previous versions. Please understand what PSR-7 is and how it applies to your application before upgrading.
Widen Symfony version constraints
This version further widens the installable Symfony versions
Widen Symfony version constraints
Merge pull request #23 from 99designs/symfony-constraint-update Widen installable versions of Symfony component