All Versions
Latest Version
Avg Release Cycle
3235 days
Latest Release
-65490 days ago

Changelog History
Page 1

  • v5.1.0 Changes

    May 23, 2202
    • โฌ‡๏ธ Dropped PHP 8.0 support, increased minimum PHP version to 8.1.
      • This is due to the significant performance difference between ext/sodium and sodium_compat, and the functions we use in 5.x aren't available until PHP 8.1. See #178.
    • The 5.0.x branch will continue to function on PHP 8.0 but performance is not guaranteed.
  • v5.0.0 Changes

    January 19, 2022
    • Increased minimum PHP version to 8.0.
    • ๐Ÿ”’ Security: Asymmetric encryption now uses HKDF-BLAKE2b to extract a 256-bit uniformly random bit string for the encryption key, rather than using the raw X25519 output directly as an encryption key. This is important because Elliptic Curve Diffie-Hellman results in a random group element, but that isn't necessarily a uniformly random bit string.
      • Because Halite v4 and earlier did not perform this step, it's superficially susceptible to Cheon's attack. This reduces the effective security from 125 bits (Pollard's rho) to 123 bits, but neither is a practical concern today.
    • ๐Ÿ”’ Security: Halite v5 uses the PAE strategy from PASETO to prevent canonicalization attacks.
    • ๐Ÿ”’ Security: Halite v5 appends the random salt to HKDF's info parameter instead of the salt parameter. This allows us to meet the KDF Security Definition (which is stronger than a mere Pseudo-Random Function).
    • Encryption now uses XChaCha20 instead of XSalsa20.
    • ๐Ÿ‘ The File class no longer supports the resource type. To migrate code, wrap your resource arguments in a ReadOnlyFile or MutableFile object.
    • โž• Added File::asymmetricEncrypt() and File::asymmetricDecrypt().
  • v4.8.0 Changes

    April 18, 2021
    • ๐Ÿ”€ Merged #158, which removes the final access modifier from private methods and guarantees PHP 8 support.
    • โœ… Migrated tests off of Travis CI, onto Github Actions instead.
  • v4.7.1 Changes

    December 06, 2020
    • ๐Ÿ‘ Allow v2 of paragonie/hidden-string to be installed.
  • v4.7.0 Changes

    December 03, 2020
    • ๐Ÿ”€ Merged #154, which supports the SameSite cookie arguments on PHP 7.3+.
    • ๐Ÿ‘ Create a wrapper for sodium_memzero() to support sodium_compat.
    • โž• Added support for PHP 8.
    • #146, #155, #156 -- Various documentation improvements.
  • v4.6.0 Changes

    September 12, 2019
    • ๐Ÿ”€ Merged #138, which adds remote stream support to ReadOnlyFile.
    • ๐Ÿ”€ Merged #140, which saves some overhead on hash recalculation.
    • ๐Ÿ”€ Merged #136 and #137, which updated the sodium stub files. These aren't strictly necessary anymore; with the adoption of libsodium in PHP 7.2 and sodium_compat, most IDEs autocomplete correctly. But fixing nits is always appreciated.
    • โšก๏ธ Update minimum sodium_compat to v1.11.0.
  • v4.5.4 Changes

    June 05, 2019
    • ๐Ÿ”€ Merged #132, which ensures all Halite exceptions implement Throwable.
    • ๐Ÿ“š Merged #133, which updates the documentation for the File API. Thanks @elliot-sawyer.
    • ๐Ÿ”€ Merged #134, which allows MutableFile to be used on resources opened in wb mode. Thanks @christiaanbaartse.
    • ๐Ÿ“š Other minor documentation improvements.
  • v4.5.3 Changes

    March 11, 2019
    • ๐Ÿ›  Fixed some minor nuisances with Psalm and PHPUnit.
    • โž• Added reference to Halite-Legacy to the README.
    • โšก๏ธ Updated docblocks.
  • v4.5.2 Changes

    February 11, 2019
    • ๐Ÿ›  Fixed #116. If the output file
      ๐Ÿ‘ป doesn't exist, it will be created. If it cannot be created, an exception will
      still be thrown.
  • v4.5.1 Changes

    January 08, 2019
    • ๐Ÿ‘‰ Use class_alias() for ParagonIE\Halite\HiddenString to the outsourced library.
      ๐Ÿ—„ This is deprecated and will be removed in version 5.