All Versions
Latest Version
Avg Release Cycle
3235 days
Latest Release
-64985 days ago

Changelog History
Page 3

  • v4.0.0 Changes

    September 16, 2017
    • Bump minimum PHP version to 7.2.0, which will be available before the end of 2017
    • ๐Ÿ†• New methods: encryptWithAd() and decryptWithAd(), for satisfying true AEAD needs
    • Encrypted password hashing through our Password class can also accept an optional, additional data parameter
    • HiddenString objects can now be directly compared
      • $hiddenString->equals($otherHiddenString)
    • โž• Added Psalm to our Continuous Integration to assure Halite is fully type-safe
    • โšก๏ธ Updated unit tests to be compatible with PHPUnit 6
  • v3.4.1 Changes

    March 27, 2018

    ๐Ÿ›  Fixes #105.

    ๐Ÿš€ Please upgrade to Halite 4 as soon as possible. We are not providing support for older versions of Halite any more. See

  • v3.2.0 Changes

    December 08, 2016
    • Resolved #49, which requested making HiddenString defend against serialize() leaks.
    • ๐Ÿ›  Fixed an encoding issue which broke legacy passwords. (Discovered in the course of CMS Airship development.)
    • ๐Ÿ‘ The File API now supports different encodings for signatures and checksums (more than just hex and binary).
  • v3.1.1 Changes

    October 26, 2016
    • ๐Ÿ›  Fixed #44, which caused Halite to be unusable for Symfony users. Thanks, Usman Zafar.
  • v3.1.0 Changes

    August 22, 2016
    • โž• Added an export() method to KeyFactory, and congruent import*() methods. For example:
      • export($key) returns a HiddenString with a versioned and checksummed, hex-encoded string representing the key material.
      • importEncryptionKey($hiddenString) expects an EncryptionKey object or throws a TypeError
  • v3.0.0 Changes

    July 30, 2016
    • Use paragonie/constant_time_encoding
    • 0๏ธโƒฃ We now default to URL-safe Base 64 encoding (RFC 4648)
    • API change: Plaintext and password inputs must be a HiddenString object.
    • โฌ‡๏ธ Dropped support for version 1.
      • We no longer offer or use scrypt anywhere. Everything is Argon2 now.
      • KeyFactory no longer accepts a $legacy argument.
    • โž• Added TrimmedMerkleTree to Structures.
    • Use is_callable() instead of function_exists() for better compatibility with Suhosin.
  • v2.1.2 Changes

    July 11, 2016
    • ๐Ÿ‘ Better docblocks, added unit test to prevent regressions.
  • v2.1.1 Changes

    May 15, 2016
    • Prevent an undefined index error when calculating the root of an empty MerkleTree.
  • v2.1.0 Changes

    May 07, 2016
    • Key derivation (via KeyFactory) can now accept an extra argument to specify the security level of the derived key.
    • ๐Ÿ”’ Password can now accept a security level argument. We recommend sticking with INTERACTIVE for end users, but if you'd rather make administrative accounts cost more to attack, now you can make that happen within Halite.
    • MerkleTree can now accept a personalization string for the hash calculation.
    • MerkleTree can output a specific hash length (between 16 and 64).
    • Both MerkleTree and Node now lazily calculate the Merkle root rather than calculating it eagerly. This results in less CPU waste.
    • Cleaned up the legacy cruft in the Key classes. Now they only accept a string in their constructor.
  • v2.0.1 Changes

    April 20, 2016
    • ๐Ÿ›  Fixed conflict with PHP 7 string optimizations that was causing File::decrypt() to fail in PHP-FPM.
    • โšก๏ธ Introduced a new method, Util::safeStrcpy(), to facilitate safe string duplication without triggering the optimizer.