Drop support for Python 2 and 3.5.
JWS support (
TimedJSONWebSignatureSerializer) is deprecated. Use a dedicated JWS/JWT library such as authlib instead. #129
itsdangerous.jsonis deprecated. Import Python’s
jsonmodule instead. #152
Simplejson is no longer used if it is installed. To use a different library, pass it as
datetimevalues are timezone-aware with
timezone.utc. Code using
BadTimeSignature.date_signedmay need to change. #150
If a signature has an age less than 0, it will raise
SignatureExpiredrather than appearing valid. This can happen if the timestamp offset is changed. #126
BadTimeSignature.date_signedis always a
datetimeobject rather than an
intin some cases. #124
Added support for key rotation. A list of keys can be passed as
secret_key, oldest to newest. The newest key is used for signing, all keys are tried for unsigning. #141
Removed the default SHA-512 fallback signer from
Add type information for static typing tools. #186
Change default signing algorithm back to SHA-1. #113
Added a default SHA-512 fallback for users who used the yanked 1.0.0 release which defaulted to SHA-512. #114
Add support for fallback algorithms during deserialization to support changing the default in the future without breaking existing signatures. #113
Changed capitalization of packages back to lowercase as the change in capitalization broke some tooling. #113
Note: This release was yanked from PyPI because it changed the default algorithm to SHA-512. This decision was reverted in 1.1.0 and it remains at SHA1.
Drop support for Python 2.6 and 3.3.
Refactor code from a single module to a package. Any object in the API docs is still importable from the top-level
itsdangerousname, but other imports will need to be changed. A future release will remove many of these compatibility imports. #107
Optimize how timestamps are serialized and deserialized. #13
BadDatawhen it is passed invalid data. #27
Ensure value is bytes when signing to avoid a
TypeErroron Python 3. #29
Serializer, which is passed to
More compact JSON dumps for unicode strings. #38
Use the full timestamp rather than an offset, allowing dates before 2011. #46
To retain compatibility with signers from previous versions, consider using this shim when unsigning.
sepcharacter that may show up in the signature itself and raise a
Change default intermediate hash from SHA-1 to SHA-512. #80
Convert JWS exp header to an int when loading. #99
BadHeaderexception that is used for bad headers that replaces the old
BadPayloadexception that was reused in those cases.
Fixed a packaging mistake that caused the tests and license files to not be included.
Added support for
Made it possible to override the signature verification function to allow implementing asymmetrical algorithms.
Fixed an issue on Python 3 which caused invalid errors to be generated.
Fixed an incorrect call into
want_bytesthat broke some uses of ItsDangerous on Python 2.6.
Dropped support for 2.5 and added support for 3.3.
Added support for JSON Web Signatures (JWS).
Fixed a name error when overriding the digest method.
Made it possible to pass unicode values to
load_payloadto make it easier to debug certain things.
load_payloadmore robust by raising one specific error if something goes wrong.
Refactored exceptions to catch more cases individually, added more attributes.
Fixed an issue that caused
load_payloadnot work in some situations with timestamp based serializers
API refactoring to support different key derivations.
Added attributes to exceptions so that you can inspect the data even if the signature check failed.
Small API change that enables customization of the digest module.
Fixed a problem with the local timezone being used for the epoch calculation. This might invalidate some of your signatures if you were not running in UTC timezone. You can revert to the old behavior by monkey patching
Fixed an uncaught value error.
Refactored interface that the underlying serializers can be swapped by passing in a module instead of having to override the payload loaders and dumpers. This makes the interface more compatible with Django’s recent changes.