All Versions
31
Latest Version
Avg Release Cycle
3235 days
Latest Release
-65255 days ago
Changelog History
Page 3
Changelog History
Page 3
-
v4.0.0 Changes
September 16, 2017- Bump minimum PHP version to 7.2.0, which will be available before the end of 2017
- ๐ New methods:
encryptWithAd()
anddecryptWithAd()
, for satisfying true AEAD needs - Encrypted password hashing through our
Password
class can also accept an optional, additional data parameter HiddenString
objects can now be directly compared$hiddenString->equals($otherHiddenString)
- โ Added Psalm to our Continuous Integration to assure Halite is fully type-safe
- โก๏ธ Updated unit tests to be compatible with PHPUnit 6
-
v3.4.1 Changes
March 27, 2018๐ Fixes #105.
๐ Please upgrade to Halite 4 as soon as possible. We are not providing support for older versions of Halite any more. See https://github.com/paragonie/halite/releases/tag/v3.4.0
-
v3.2.0 Changes
December 08, 2016- Resolved #49, which
requested making
HiddenString
defend againstserialize()
leaks. - ๐ Fixed an encoding issue which broke legacy passwords. (Discovered in the course of CMS Airship development.)
- ๐ The
File
API now supports different encodings for signatures and checksums (more than just hex and binary).
- Resolved #49, which
requested making
-
v3.1.1 Changes
October 26, 2016- ๐ Fixed #44, which caused Halite to be unusable for Symfony users. Thanks, Usman Zafar.
-
v3.1.0 Changes
August 22, 2016- โ Added an
export()
method toKeyFactory
, and congruentimport*()
methods. For example:export($key)
returns aHiddenString
with a versioned and checksummed, hex-encoded string representing the key material.importEncryptionKey($hiddenString)
expects anEncryptionKey
object or throws aTypeError
- โ Added an
-
v3.0.0 Changes
July 30, 2016- Use paragonie/constant_time_encoding
- 0๏ธโฃ We now default to URL-safe Base 64 encoding (RFC 4648)
- API change: Plaintext and password inputs must be a
HiddenString
object. - โฌ๏ธ Dropped support for version 1.
- We no longer offer or use scrypt anywhere. Everything is Argon2 now.
KeyFactory
no longer accepts a$legacy
argument.
- โ Added
TrimmedMerkleTree
toStructures
. - Use
is_callable()
instead offunction_exists()
for better compatibility with Suhosin.
-
v2.1.2 Changes
July 11, 2016- ๐ Better docblocks, added unit test to prevent regressions.
-
v2.1.1 Changes
May 15, 2016- Prevent an undefined index error when calculating the root of an empty MerkleTree.
-
v2.1.0 Changes
May 07, 2016- Key derivation (via
KeyFactory
) can now accept an extra argument to specify the security level of the derived key.- Scrypt:
INTERACTIVE
orSENSITIVE
- Argon2i:
INTERACTIVE
,MODERATE
, orSENSITIVE
- Scrypt:
- ๐
Password
can now accept a security level argument. We recommend sticking withINTERACTIVE
for end users, but if you'd rather make administrative accounts cost more to attack, now you can make that happen within Halite. MerkleTree
can now accept a personalization string for the hash calculation.MerkleTree
can output a specific hash length (between 16 and 64).- Both
MerkleTree
andNode
now lazily calculate the Merkle root rather than calculating it eagerly. This results in less CPU waste. - Cleaned up the legacy cruft in the
Key
classes. Now they only accept a string in their constructor.
- Key derivation (via
-
v2.0.1 Changes
April 20, 2016- ๐ Fixed conflict with PHP 7 string optimizations that was causing
File::decrypt()
to fail in PHP-FPM. - โก๏ธ Introduced a new method,
Util::safeStrcpy()
, to facilitate safe string duplication without triggering the optimizer.
- ๐ Fixed conflict with PHP 7 string optimizations that was causing