v2.6.0

What's Changed

New Features

• Add Faraday middleware support by @fredericmangano-ticketmaster
• Add MD5 compatibility option in authentic? method by @samiralicherif

Improvements

• Add support for Ruby 3.1 and Rails 7.0 by @fwininger
• Update Grape to v2.0+ for Rails 7/Rack 3 compatibility
• Update Rubocop to v1.50+ and Curb to v1.0+ for Ruby 3.x compatibility

Bug Fixes

• Fix HTTPS URL handling by @fwininger
• Fix Ruby 2.6 compatibility with Rails 6.x (Logger loading issue)
• Add drb gem dependency (2.0.4-2.0.5) for Ruby 3.4+ compatibility

Breaking Changes

• Drop support for Rails 5 and Ruby 2.5

Supported Versions

• Ruby: 2.6, 2.7, 3.0, 3.1, 3.4+
• Rails: 6.0, 6.1, 7.0

Full Changelog: v2.5.1...v2.6.0

v2.1.0 (2016-12-22)

• Fixed a NoMethodError that might occur when using the NetHttp Driver (#130 grahamkenville)
• More securely compare signatures in a way that prevents timing attacks (#56 leishman, #133 will0)
• Remove support for MD2 and MD4 hashing algorithms since they are insecure (#134 will0)
• Disallow requests that are too far in the future to limit the time available for a brute force signature guess (#119 fwininger)

v2.0.1 (2016-07-25)

• Support of api_auth_options in ActiveResource integration (#102 fwininger)
• Replace use of #blank? with #nil? to not depend on ActiveSupport (#114 packrat386)
• Fix Auth header matching to not match invalid SHA algorithms (#115 packrat386)
• Replace alias_method_chain with alias_method in the railtie since
  alias_method_chain is deprecated in Rails 5 (#118 mlarraz)

v2.0.0

• IMPORTANT: 2.0.0 is backwards incompatible with the default settings of v1.x
  v2.0.0 always includes the http method in the canonical string.
  You can use the upgrade strategy in v1.4.x and above to migrate to v2.0.0
  without any down time. Please see the 1.4.0 release nodes for more info
• Added support for other digest algorithms like SHA-256 (#98 fwininger)