All Versions
31
Latest Version
Avg Release Cycle
3235 days
Latest Release
-65490 days ago
Changelog History
Page 1
Changelog History
Page 1
-
v5.1.0 Changes
May 23, 2202- โฌ๏ธ Dropped PHP 8.0 support, increased minimum PHP version to 8.1.
- This is due to the significant performance difference between ext/sodium and sodium_compat, and the functions we use in 5.x aren't available until PHP 8.1. See #178.
- The 5.0.x branch will continue to function on PHP 8.0 but performance is not guaranteed.
- โฌ๏ธ Dropped PHP 8.0 support, increased minimum PHP version to 8.1.
-
v5.0.0 Changes
January 19, 2022- Increased minimum PHP version to 8.0.
- ๐ Security: Asymmetric encryption now uses HKDF-BLAKE2b to extract a 256-bit uniformly random bit string for the
encryption key, rather than using the raw X25519 output directly as an encryption key. This is important because
Elliptic Curve Diffie-Hellman results in a random group element, but that isn't necessarily a uniformly random bit
string.
- Because Halite v4 and earlier did not perform this step, it's superficially susceptible to Cheon's attack. This reduces the effective security from 125 bits (Pollard's rho) to 123 bits, but neither is a practical concern today.
- ๐ Security: Halite v5 uses the PAE strategy from PASETO to prevent canonicalization attacks.
- ๐ Security: Halite v5 appends the random salt to HKDF's
info
parameter instead of thesalt
parameter. This allows us to meet the KDF Security Definition (which is stronger than a mere Pseudo-Random Function). - Encryption now uses XChaCha20 instead of XSalsa20.
- ๐ The
File
class no longer supports theresource
type. To migrate code, wrap yourresource
arguments in aReadOnlyFile
orMutableFile
object. - โ Added
File::asymmetricEncrypt()
andFile::asymmetricDecrypt()
.
-
v4.8.0 Changes
April 18, 2021- ๐ Merged #158, which removes
the
final
access modifier from private methods and guarantees PHP 8 support. - โ Migrated tests off of Travis CI, onto Github Actions instead.
- ๐ Merged #158, which removes
the
-
v4.7.1 Changes
December 06, 2020- ๐ Allow v2 of
paragonie/hidden-string
to be installed.
- ๐ Allow v2 of
-
v4.7.0 Changes
December 03, 2020 -
v4.6.0 Changes
September 12, 2019- ๐ Merged #138, which adds
remote stream support to
ReadOnlyFile
. - ๐ Merged #140, which saves some overhead on hash recalculation.
- ๐ Merged #136 and #137, which updated the sodium stub files. These aren't strictly necessary anymore; with the adoption of libsodium in PHP 7.2 and sodium_compat, most IDEs autocomplete correctly. But fixing nits is always appreciated.
- โก๏ธ Update minimum sodium_compat to v1.11.0.
- ๐ Merged #138, which adds
remote stream support to
-
v4.5.4 Changes
June 05, 2019- ๐ Merged #132, which ensures all Halite exceptions implement
Throwable
. - ๐ Merged #133, which updates the documentation for the
File
API. Thanks @elliot-sawyer. - ๐ Merged #134, which allows
MutableFile
to be used on resources opened inwb
mode. Thanks @christiaanbaartse. - ๐ Other minor documentation improvements.
- ๐ Merged #132, which ensures all Halite exceptions implement
-
v4.5.3 Changes
March 11, 2019- ๐ Fixed some minor nuisances with Psalm and PHPUnit.
- โ Added reference to Halite-Legacy to the README.
- โก๏ธ Updated docblocks.
-
v4.5.2 Changes
February 11, 2019- ๐ Fixed #116. If the output file
๐ป doesn't exist, it will be created. If it cannot be created, an exception will
still be thrown.
- ๐ Fixed #116. If the output file
-
v4.5.1 Changes
January 08, 2019- ๐ Use
class_alias()
forParagonIE\Halite\HiddenString
to the outsourced library.
๐ This is deprecated and will be removed in version 5.
- ๐ Use