python-jose is a Python project hosted on GitHub by mpdavis, likely providing tools for working with JSON Web Tokens (JWT) and related JOSE standards. Useful for developers who need to parse, create, or validate JWT/JWS/JWE data in Python applications.
Project status
- Actively maintained, as indicated by a recent upstream push on 2026-04-14 and an update stream that includes python 3.12 and 3.13 support in version 3.5.0 (2025-05-28).
- Apparent update cadence, from the most recent tags, 3.4.0 (2025-02-14) to 3.5.0 (2025-05-28) is roughly 3.5 months, with earlier history showing longer gaps.
AI summary generated 2 weeks ago
Recent updates
3.5.0
5/28/2025Release 3.5.0 modernizes supported Python versions, updates dev and test tooling, and makes a few focused JWT and JWK behavior changes. It adds Python 3.12 and 3.13 support, allows private RSA keys in `jwk.construct()`, removes sensitive data from JWK errors, and simplifies random byte and UTC time handling internally.
BreakingSecurityFeatures3.4.0
2/14/2025python-jose 3.4.0 drops Python 3.6 and 3.7, adds Python 3.10 and 3.11 support, and includes several security and correctness fixes around JWE size handling, JWT signing, AES-GCM IV generation, and key comparison logic. The release also modernizes the build and CI toolchain with updated GitHub Actions, tox 4, and packaging metadata.
BreakingSecurityFeatures3.3.0
6/5/2021python-jose 3.3.0 updates the supported runtime to Python 3.6+ and adds Python 3.9 support, while dropping Python 2.7 and 3.5 plus the PyCrypto backend. The release also modernizes the project infrastructure, and the code diff reveals a new JWE surface area and broader backend plumbing than the release notes mention.
BreakingFeatures3.2.0
7/30/2020Release 3.2.0 is a maintenance-focused update that hardens signature handling, makes JWK serialization JSON-safe, and trims backend loading behavior. It also announces that support for Python 2.7, Python 3.5, and the PyCrypto backend will be dropped in the next release.
Security3.1.0
12/10/2019This release is mostly a backend and packaging overhaul for python-jose. It adds X509 certificate support, improves JWT.decode() and header serialization, and refactors crypto backend selection and dependency handling so the available cryptographic backends can operate more independently.
Features3.0.1
8/30/2018Release 3.0.1 looks like a maintenance release with no substantive published release notes. The diff adds certificate-based RSA key handling in the cryptography backend, expands JWS/JWT key handling toward JWK sets and multiple candidate keys, and updates test and packaging metadata.
Features3.0.0
5/4/2018python-jose 3.0.0 switches RSA signing and verification to the pure-Python `rsa` backend by default, while keeping faster backends available through optional extras. The release also modernizes RSA handling and key serialization, but the diff shows a few behavior changes that are not mentioned in the notes, especially around PEM output defaults and JWT `at_hash` verification.
BreakingFeatures2.0.2
5/4/2018This release is a minimal maintenance bump from 2.0.1 to 2.0.2. No runtime library code changed, only packaging metadata, including the package version and pycryptodome dependency declarations.
2.0.1
1/21/2018Release 2.0.1 is a very small maintenance update. The published note only mentions a pycryptodome dependency bump, while the code also changes backend selection behavior and updates package metadata.
2.0.0
1/16/2018Release 2.0.0 changes the default RSA signing backend used by python-jose to pycryptodome. It also expands the information included in exceptions raised by decode(), and adds optional backend support via setup.py extras (for example, pycrypto or cryptography).
BreakingFeatures