# node-http-signature changelog ## not yet released (nothing yet) ## 1.3.4 - Fix breakage in v1.3.3 with the setting of the "algorithm" field in the Authorization header (#102) ## 1.3.3 **Bad release. Use 1.3.4.** - Add support for an opaque param in the Authorization header (#101) - Add support for adding the keyId and algorithm params into the signing string (#100) ## 1.3.2 - Allow Buffers to be used for verifyHMAC (#98) ## 1.3.1 - Fix node 0.10 usage (#90) ## 1.3.0 **Known issue:** This release broken http-signature with node 0.10. - Bump dependency `sshpk` - Add `Signature` header support (#83) ## 1.2.0 - Bump dependency `assert-plus` - Add ability to pass a custom header name - Replaced dependency `node-uuid` with `uuid` ## 1.1.1 - Version of dependency `assert-plus` updated: old version was missing some license information - Corrected examples in `http_signing.md`, added auto-tests to automatically validate these examples ## 1.1.0 - Bump version of `sshpk` dependency, remove peerDependency on it since it now supports exchanging objects between multiple versions of itself where possible ## 1.0.2 - Bump min version of `jsprim` dependency, to include fixes for using http-signature with `browserify` ## 1.0.1 - Bump minimum version of `sshpk` dependency, to include fixes for whitespace tolerance in key parsing. ## 1.0.0 - First semver release. - #36: Ensure verifySignature does not leak useful timing information - #42: Bring the library up to the latest version of the spec (including the request-target changes) - Support for ECDSA keys and signatures. - Now uses `sshpk` for key parsing, validation and conversion. - Fixes for #21, #47, #39 and compatibility with node 0.8 ## 0.11.0 - Split up HMAC and Signature verification to avoid vulnerabilities where a key intended for use with one can be validated against the other method instead. ## 0.10.2 - Updated versions of most dependencies. - Utility functions exported for PEM => SSH-RSA conversion. - Improvements to tests and examples.