v3.2.0
📦 jwt-librariesView on GitHub →
✨ 1 features🐛 3 fixes
Summary
Version v3.2.0 introduces a new configuration option for HMAC key length enforcement and resolves critical security issues related to empty HMAC keys, alongside general compatibility fixes.
✨ New Features
- Added the configuration option `enforce_hmac_key_length`.
🐛 Bug Fixes
- Rejected `nil` and empty HMAC keys during signing and verification (addressed CVE-2026-45363).
- Fixed compatibility issues with the openssl 4.0 gem.
- Fixed a type error that occurred when the header was not a JSON object.