| Version | Message |
| 2.0.23 | - PHP 8.0.x compatibility. |
| 2.0.22 |
- Security: the sodium_crypto_generichash_init() function used to return a partially uninitialized buffer. This has been fixed. Thanks to @CiPHPerCoder for spotting this. - SODIUM_CRYPTO_PWHASH_STRBYTES has been added |
| 2.0.21 | - Detached signature strings were not properly terminated. This has been fixed. |
| 2.0.20 | - Restore compatibility with PHP |
| 2.0.19 | - Restore compatibility with 7.3 |
| 2.0.18 | - Restore compatibility with PHP before 7.3 |
| 2.0.17 | - PHP 7.3 compatibility. |
| 2.0.16 | - PHP 7.3 compatibility. |
| 2.0.15 |
- The version displayed in `phpinfo()` wasn't updated in the previous release. This has been fixed. Nothing else has changed. |
| 2.0.14 | - Some Base64-encoded values couldn't be decoded when using unpadded variants. This has been fixed. |
| 2.0.13 | - Security fix: sodium_pad() used to read extra memory when given an empty string |
| 2.0.12 |
- Bug fix: sodium_pad() din't support block sizes over 255 bytes - Bug fix: file descriptors were not properly closed when using PHP as an Apache module, and Apache was reloaded |
| 2.0.11 |
- Added a workaround for a PHP vulnerability affecting all PHP7 versions up to and including 7.2.5. - Bindings for crypto_aead_*_detached() functions have been added. |
| 2.0.10 | No code change. Fixes an installation issue with PECL. |
| 2.0.9 | No code change. This release was made to ensure that the stable channel installs version 2.x. |
| 2.0.8 | Support for libsodium 1.0.15 was implemented. |
| 2.0.7 | Requires at least php 7.0 and libsodium 1.0.9. |
| 2.0.6 | Requires at least php 7.0 and libsodium 1.0.9. |
| 2.0.5 | Requires at least php 7.0 and libsodium 1.0.9. |
| 2.0.4 | Requires at least php 7.0 and libsodium 1.0.9. |
| 2.0.3 | Requires at least php 7.0 and libsodium 1.0.9. |
| 2.0.2 |
Version 2.0.0 couldn't be compiled on old libsodium versions. This has been fixed. |
| 2.0.1 |
Version 2.0.0 couldn't be compiled on old libsodium versions. This has been fixed. |
| 2.0.0 |
This is a major release, featuring a new API identical to the one of sodium extension included with PHP 7.2. Functions are now in the global namespace, and return exceptions. Note that PHP 5 is not supported any more. Support for the key exchange API (crypto_kx), key derivation (crypto_kdf) and for the xchacha20-poly1305 construction have been added. Many bugs have been squashed. |
| 1.0.7 | This is a maintenance release, compatible with libsodium 1.0.15+ |
| 1.0.6 | - The PWHASH_MEMLIMIT_{MODERATE,SENSITIVE} constants are correctly defined |
| 1.0.5 | - The IETF variant of the ChaCha20-Poly1305 construction has been added |
| 1.0.4 | - Fixed compatibility with old libsodium versions |
| 1.0.3 | - The Argon2 function is now available for password hashing |
| 1.0.2 | - Compatibility with old distros and old versions of libsodium |
| 1.0.1 |
- Added crypto_aead_aes256gcm_*() - Added crypto_box_seed_keypair() - Added crypto_sign_ed25519_sk_to_curve25519() and crypto_sign_ed25519_pk_to_curve25519() - Added compare() - On PHP7, make memzero() and increment() avoid zeroing an object if it is not a reference or if its reference count is > 1 |
| 1.0.0 |
- The extension can now be statically compiled. - crypto_sign_publickey_from_secretkey(), and crypto_auth() have been added. - The extension and its API are now marked stable. |
| 0.2.1 |
- Fixed support for old versions of libsodium - New helper function: increment() |
| 0.2.0 |
- Methods were moved to functions in a \Sodium\ namespace. - PHP 7 is now fully supported. - crypto_aead_chacha20poly1305_decrypt() now returns FALSE instead of a PHP error if verification fails. - multi-part hashing was implemented (crypto_generichash_{init|update|final}) - sealed boxes have been implemented (crypto_seal) |
| 0.1.3 | crypto_scalarmult() has been added. |
| 0.1.2 | Initial release |
| 0.1.1 | Initial release |