PHP OAuth 2.0 Server v8.3.3 Release Notes

Release Date: 2021-10-11 // 9 months ago
  • ๐Ÿ”’ Security

    • โœ‚ Removed the use of LocalFileReference() in lcobucci/jwt. Function deprecated as per GHSA-7322-jrq4-x5hf (PR #1249)

Previous changes from v8.3.2

  • ๐Ÿ”„ Changed

    • ๐Ÿ‘ Conditionally support the StrictValidAt() method in lcobucci/jwt so we can use version 4.1.x or greater of the library (PR #1236)
    • When providing invalid credentials, the library now responds with the error message The user credentials were incorrect (PR #1230)
    • Keys are always stored in memory now and are not written to a file in the /tmp directory (PR #1180)
    • The regex for matching the bearer token has been simplified (PR #1238)