Not a bug JWT Signature Algorithms are no longer available

Kirby

Well-known member
Affected version
2.3.0 Beta 2
XenForo 2.3 removed the code for JWT Signature Algorithm types EDDSA, RSA and HMAC.
Unless there is a compelling reason to do so, could this BC breaking change be reversed?

We are actively using RSA as well as HMAC and at least RSA might be difficult to switch to ECDSA due external service dependencies.

(I can of course bundle them again for our code but that feels a bit like reinventing the wheel ...)
 
Last edited:
It was only ever a transitive dependency (pulled in via older versions minishlink/web-push), so its inclusion and removal are incidental as we don't use it ourselves. Our transitive dependencies are liable to change across minor versions and a policy of retaining them is likely to become burdensome in the long term.
 
Fair enough. But at least it would be nice if this was documented (like other developer relevant changes) in a HYS :)
 
Back
Top Bottom