1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
|
# Version 0.18
## Version 0.18.1 (Mar 25, 2024)
### New Features
* Added support for the draft `Partitioned` attribute.
The new `CookieBuilder::partition()`, `Cookie::partitioned()`, and
`Cookie::set_partitioned()` methods allow enabling and/or disabling the
attribute. Additionally, the attribute is recognized during parsing.
* Added `CookieBuilder::removal()`, counterpart to `Cookie::make_removal()`.
## Version 0.18.0 (Oct 9, 2023)
### Breaking Changes
* The MSRV is now 1.56.
* `Cookie::value()` no longer trims surrounding double quotes. (89eddd)
Use `Cookie::value_trimmed()` for the previous behavior.
* Many methods now expect a `T: Into<Cookie>` in place of `Cookie`. (49ff7b)
Functions and methods that previously accepted a `Cookie` now accept any `T:
Into<Cookie>`. This particularly affects the `CookieJar` API, which now allows
simpler addition and removal of cookies:
* `jar.add(("foo", "bar"));`
* `jar.add(Cookie::build(("foo", "bar")).path("/"));`
* `jar.remove("foo");`
* `jar.remove(Cookie::build("foo").path("/"));`
* `CookieJar::force_remove()` now expects a `T: AsRef<str>` in place of
`&Cookie`.
Force-removal never requires more information than a cookie's name. The API
has been simplified to reflect this.
* `CookieBuilder::finish()` was deprecated in favor of
`CookieBuilder::build()`.
This largely serves as a compile-time notice that calling `finish()` or
`build()` is largely unnecessary given that `CookieBuilder` implements
`Into<Cookie>`.
* `Cookie::named()` was deprecated in favor of using `Cookie::build()` or
`Cookie::from()`.
* `Cookie::named("foo")` is equivalent to `Cookie::from("foo")`.
* `Cookie::build("foo")` begins building a cookie equivalent to
`Cookie::named("foo")`.
### New Features
* Added `Cookie::value_trimmed()` and `Cookie::name_value_trimmed()`.
These versions of `Cookie::value()` and `Cookie::name_value()`,
respectively, trim a matching pair of surrounding double quotes from the
cookie's value, if any are present.
* String-like types, tuples of string-like types, and `CookieBuilder`
implement `Into<Cookie>`.
Implementations of `Into<Cookie>` for string-like types (`&str`, `String`,
`Cow<str>`), tuples of string-like types `(name: string, value: string)`,
and `CookieBuilder` were added. The former implementations create a cookie
with a name corresponding to the string and an empty value. The tuple
implementation creates a cookie with the given name and value strings. The
`CookieBuilder` implementation returns the built cookie.
* `Key` implements `Debug`.
To not leak sensitive information, the representation is simply `"Key"`.
* `CookieBuilder` implements `Borrow{Mut}<Cookie>`, `As{Ref,Mut}<Cookie>`,
`Display`.
* Added `CookieBuilder::inner{_mut}()` to (mutably) borrow cookies being
built.
* Added `PrefixedJar` and `CookieJar::prefixed{_mut}()`, which implement the
cookie prefixes HTTP draft.
## Version 0.18.0.rc.0 (Sep 27, 2023)
See the entry above for 0.18.0.
# Version 0.17
## Version 0.17.0 (Jan 22, 2022)
### Breaking Changes
* Cookie parsing no longer removes a `.` `Domain` prefix. `Cookie::domain()`
now removes a `.` prefix before returning.
As these changes are inverses, they are not likely observable. The change
only affects manually set `domain` values via the `.domain()` builder
method, the `set_domain()` setter method, or similar, which will now have a
prefix of `.` removed when returned by `Cookie::domain()`. This results in
more consistent treatment of `Domain` values.
### New Features
* Added `Cookie::split_parse()` and `Cookie::split_parse_encoded()` methods.
The methods split a `;`-joined cookie string and parse/decode the split
values. They return a newly introduced iterator value of type `SplitCookies`
over the parse results.
### General Changes and Fixes
* Parsing fuzzers were introduced and run for 48 CPU hours without failure.
* `base64` was updated to `0.21`.
# Version 0.16
## Version 0.16.2 (Dec 16, 2022)
### General Changes
* `base64` was updated to `0.20`.
## Version 0.16.1 (Sep 25, 2022)
### Changes and Fixes
* The `,`, `(`, and `)` are percent-encoded/decoded when encoding is used.
* The `aes-gcm` dependency was updated to 0.10.
## Version 0.16.0 (Dec 28, 2021)
### Breaking Changes
* The MSRV is now `1.53`, up from `1.41` in `0.15`.
* `time` has been updated to `0.3` and is reexported from the crate root.
### General Changes
* `rust-crypto` dependencies were updated to their latest versions.
# Version 0.15
## Version 0.15.1 (Jul 14, 2021)
### Changes and Fixes
* A panic that could result from non-char boundary indexing was fixed.
* Stale doc references to version `0.14` were updated.
## Version 0.15.0 (Feb 25, 2021)
### Breaking Changes
* `Cookie::force_remove()` takes `&Cookie` instead of `Cookie`.
* Child jar methods split into immutable and mutable versions
(`Cookie::{private{_mut}, signed{_mut}}`).
* `Cookie::encoded()` returns a new `Display` struct.
* Dates with year `<= 99` are handled like Chrome: range `0..=68` maps to
`2000..=2068`, `69..=99` to `1969..=1999`.
* `Cookie::{set_}expires()` operates on a new `Expiration` enum.
### New Features
* Added `Cookie::make_removal()` to manually create expired cookies.
* Added `Cookie::stripped()` display variant to print only the `name` and
`value` of a cookie.
* `Key` implements a constant-time `PartialEq`.
* Added `Key::master()` to retrieve the full 512-bit master key.
* Added `PrivateJar::decrypt()` to manually decrypt an encrypted `Cookie`.
* Added `SignedJar::verify()` to manually verify a signed `Cookie`.
* `Cookie::expires()` returns an `Option<Expiration>` to allow distinguishing
between unset and `None` expirations.
* Added `Cookie::expires_datetime()` to retrieve the expiration as an
`OffsetDateTime`.
* Added `Cookie::unset_expires()` to unset expirations.
### General Changes and Fixes
* MSRV is 1.41.
# Version 0.14
## Version 0.14.3 (Nov 5, 2020)
### Changes and Fixes
* `rust-crypto` dependencies were updated to their latest versions.
## Version 0.14.2 (Jul 22, 2020)
### Changes and Fixes
* Documentation now builds on the stable channel.
* `rust-crypto` dependencies were updated to their latest versions.
* Fixed 'interator' -> 'iterator' documentation typo.
## Version 0.14.1 (Jun 5, 2020)
### Changes and Fixes
* Updated `base64` dependency to 0.12.
* Updated minimum `time` dependency to correct version: 0.2.11.
* Added `readme` key to `Cargo.toml`, updated `license` field.
## Version 0.14.0 (May 29, 2020)
### Breaking Changes
* The `Key::from_master()` method was deprecated in favor of the more aptly
named `Key::derive_from()`.
* The deprecated `CookieJar::clear()` method was removed.
### New Features
* Added `Key::from()` to create a `Key` structure from a full-length key.
* Signed and private cookie jars can be individually enabled via the new
`signed` and `private` features, respectively.
* Key derivation via key expansion can be individually enabled via the new
`key-expansion` feature.
### General Changes and Fixes
* `ring` is no longer a dependency: `RustCrypto`-based cryptography is used in
lieu of `ring`. Prior to their inclusion here, the `hmac` and `hkdf` crates
were audited.
* Quotes, if present, are stripped from cookie values when parsing.
# Version 0.13
## Version 0.13.3 (Feb 3, 2020)
### Changes
* The `time` dependency was unpinned from `0.2.4`, allowing any `0.2.x`
version of `time` where `x >= 6`.
## Version 0.13.2 (Jan 28, 2020)
### Changes
* The `time` dependency was pinned to `0.2.4` due to upstream breaking changes
in `0.2.5`.
## Version 0.13.1 (Jan 23, 2020)
### New Features
* Added the `CookieJar::reset_delta()` method, which reverts all _delta_
changes to a `CookieJar`.
## Version 0.13.0 (Jan 21, 2020)
### Breaking Changes
* `time` was updated from 0.1 to 0.2.
* `ring` was updated from 0.14 to 0.16.
* `SameSite::None` now writes `SameSite=None` to correspond with updated
`SameSite` draft. `SameSite` can be unset by passing `None` to
`Cookie::set_same_site()`.
* `CookieBuilder` gained a lifetime: `CookieBuilder<'c>`.
### General Changes and Fixes
* Added a CHANGELOG.
* `expires`, `max_age`, `path`, and `domain` can be unset by passing `None` to
the respective `Cookie::set_{field}()` method.
* The "Expires" field is limited to a date-time of Dec 31, 9999, 23:59:59.
* The `%` character is now properly encoded and decoded.
* Constructor methods on `CookieBuilder` allow non-static lifetimes.
|
