From c6ac59bc9524cf5907371400a5d42eb47241190a Mon Sep 17 00:00:00 2001 From: Alistair Watts Date: Wed, 12 Feb 2025 11:29:26 +0000 Subject: [PATCH 1/2] Prepare 3.4.0 release (#332) --- CHANGELOG.md | 12 ++++++++++-- jose/__init__.py | 2 +- 2 files changed, 11 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 0a325fb6..d55e02a5 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,14 +4,22 @@ ### News ### -* Remove support for python 3.6 +* Remove support for Python 3.6 and 3.7 +* Added support for Python 3.10 and 3.11 + +### Bug fixes and Improvements ### +* Updating `CryptographyAESKey::encrypt` to generate 96 bit IVs for GCM block + cipher mode +* Fix for PEM key comparisons caused by line lengths and new lines +* Fix for CVE-2024-33664 - JWE limited to 250KiB +* Fix for CVE-2024-33663 - signing JWT with public key is now forbidden ### Housekeeping ### * Updated Github Actions Workflows * Updated to use tox 4.x * Revise codecov integration - +* Fixed DeprecationWarnings ## 3.3.0 -- 2021-06-04 ## diff --git a/jose/__init__.py b/jose/__init__.py index 054baa73..10bd7cdf 100644 --- a/jose/__init__.py +++ b/jose/__init__.py @@ -1,4 +1,4 @@ -__version__ = "3.3.0" +__version__ = "3.4.0" __author__ = "Michael Davis" __license__ = "MIT" __copyright__ = "Copyright 2016 Michael Davis" From ac4f761fa0309cf53ae0272285d264516c75834f Mon Sep 17 00:00:00 2001 From: Asher Foa Date: Thu, 13 Feb 2025 16:24:49 -0500 Subject: [PATCH 2/2] Update CHANGELOG.md --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index d55e02a5..08285c26 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -13,6 +13,7 @@ * Fix for PEM key comparisons caused by line lengths and new lines * Fix for CVE-2024-33664 - JWE limited to 250KiB * Fix for CVE-2024-33663 - signing JWT with public key is now forbidden +* Replace usage of deprecated datetime.utcnow() with datetime.now(UTC) ### Housekeeping ###