Not a bug JWT Signature Algorithms are no longer available

K

Kirby

Well-known member
Affected version
2.3.0 Beta 2
XenForo 2.3 removed the code for JWT Signature Algorithm types EDDSA, RSA and HMAC.
Unless there is a compelling reason to do so, could this BC breaking change be reversed?

We are actively using RSA as well as HMAC and at least RSA might be difficult to switch to ECDSA due external service dependencies.

(I can of course bundle them again for our code but that feels a bit like reinventing the wheel ...)
 
Last edited:
It was only ever a transitive dependency (pulled in via older versions minishlink/web-push), so its inclusion and removal are incidental as we don't use it ourselves. Our transitive dependencies are liable to change across minor versions and a policy of retaining them is likely to become burdensome in the long term.
 
Fair enough. But at least it would be nice if this was documented (like other developer relevant changes) in a HYS :)
 

Similar threads

N
XF 2.2 Safari 16.4.1 causing error 'page no longer available'
Replies
0
Views
193
Nigel Nelson
N
N
  • Question Question
XF 2.2 Safari 16.4.1 causing error 'page no longer available'
Replies
1
Views
430
Nigel Nelson
N
Krave
  • Question Question
XF 1.3 Fatal Error: Directive 'allow_call_time_pass_reference' is no longer available in PHP
Replies
7
Views
2K
TPerry
TPerry
epigram
  • Question Question
XF 1.2 Fatal Error 'allow_call_time_pass_reference' is no longer available in PHP
Replies
3
Views
7K
Jeremy
Jeremy
Top Bottom