Version 3.1.3

This release fixes a bug with base64 codecs when ext-sodium installed.

What's Changed

• FIX: Trim padding characters from encoded string before calling sodium decode by @peldax in #67
• Update .gitattributes for psalm files by @erikn69 in #68
• Revert #67 and fix padding stripping by @paragonie-security in #69
• Add test case to prevent regressions by @paragonie-security in #70

New Contributors

• @peldax made their first contribution in #67
• @erikn69 made their first contribution in #68

Full Changelog: v3.1.2...v3.1.3

Version 3.1.2

Thanks @TimWolla for identifying a performance hit caused by attempting to find global functions such as strlen() in the current namespace before the global namespace.

What's Changed

• Improve sodium implementation performance by @TimWolla in #64
• Replace qualifiers with imports by @paragonie-security in #65

Full Changelog: v3.1.1...v3.1.2

Version 2.8.2

Backported fix from https://github.com/paragonie/constant_time_encoding/releases/tag/v3.1.3

What's Changed

• Backport fix from v3 by @paragonie-security in #71

Full Changelog: v2.8.1...v2.8.2

Version 2.8.1

I'm going to continue backporting important fixes to v2.x for PHP 7 support while there is still significant v2 usage.

What's Changed

• Backport sodium perf enhancements to v2.x by @paragonie-security in #66

Full Changelog: v2.8.0...v2.8.1

Version 3.1.1

What's Changed

• Remove mbstring.func_overload compatibility layer by @TimWolla in #58
• Fixed #27 by making the test less redundant.

Full Changelog: v3.1.0...v3.1.1

Version 3.1.0

Important: If you enable ext-sodium, some codecs will now be faster with our library: hex, base64, base64url. This requires the actual extension be installed; sodium_compat will not provide these implementations.

As with the recent sodium_compat release, this library now incorporates fuzz-testing and mutation testing as part of our development strategy. Fuzz testing is enabled on pull requests; mutation tests on releases.

The current metrics for a mutation test run (using the latest version of Infection):

 1782 mutations were generated:
    1470 mutants were killed by Test Framework
     296 covered mutants were not detected
       5 errors were encountered
      11 time outs were encountered
Metrics:
         Mutation Code Coverage: 100%
         Covered Code MSI: 83%

We set the minimum MSI for covered code to 80% by policy, but will slowly be increasing it in future releases.

What's Changed

• Add parameter type to Base32::doEncode()’s $pad parameter by @TimWolla in #60
• Re-enable CI for Pull Requests by @TimWolla in #59
• Use ext-sodium (if available) to accelerate performance. by @paragonie-security in #61
• Test improvements (+PHP 8.5) by @paragonie-security in #62

Full Changelog: v3.0.0...v3.1.0

Version 2.8.0

This release backports the ext-sodium performance enhancement from v3.1.0.

What's Changed

• Backport ext-sodium enhancement to v2.x by @paragonie-security in #63

Full Changelog: v2.7.0...v2.8.0

Version 3.0.0

• New major bump due to increased minimum PHP requirements (from PHP 7 to PHP 8)
• Supports PHP 8.4 without deprecation warnings for implicit null

Version 2.7.0

What's Changed

• Apply PHP 8.2's SensitiveParameter attribute to all string parameters by @TimWolla in #48
• Remove obsolete psalm suppressions by @TimWolla in #47
• Fix typo by @krsriq in #51
• Add PHP 8.2 to ci.yml by @TimWolla in #49
• Make CanonicalTrait::getNextChar() an abstract method instead a `@m… by @TimWolla in #54
• Make PHPUnit data providers static by @TimWolla in #53
• Add PHP 8.3 to ci.yml by @TimWolla in #52
• chore: fix ci deprecations by @Chris53897 in #57
• Fix: unreachable code typo by @Grundik in #56

New Contributors

• @krsriq made their first contribution in #51
• @Chris53897 made their first contribution in #57
• @Grundik made their first contribution in #56

Full Changelog: v2.6.3...v2.7.0

Version 2.6.3

• #40 - Improved performance of Hex
• #43 / #46 - Add .gitattributes to .gitattributes
• #41 - Consistent use of \ global namespace qualifiers