v2.5.3

• Remove function_exists check to fix psalm issues.

v2.5.2

• Update version constraints and dependencies.

v2.5.1

• Fix Psalm checks of getBundleFromCertainty() method.

v2.5.0

• Support dependency injection to allow specifying custom Guzzle Client, PSR-6 CacheItemPool and Certainty Bundle.
• Improved Certainty bundle retrieval to handle cases where verification checks would be very slow (32-bit systems without sodium extension installed) and/or the vendor directory is not writable.

v2.4.0

• Upgrade minimum PHP version to 5.6.
• Integration with paragonie/certainty for validated SSL/TLS certificates.
• Make docblocks type-safe.

Thanks to @paragonie-scott for security improvements.

v2.3.3

• Prevent full SHA1s being exposed in cache file names, by setting the cache key to the first 5 characters of the hash.
• Caching of the response body, rather than the exposed status.

Thanks to @symm for the original idea. :)

v2.3.2

• Use hash_equals to compare partial hashes. This should help mitigate timing attacks.
  • Thanks to @paragonie-scott.

This release also contains:

• Minor documentation improvements.

v2.3.1

• Handle additional connection issues and timeouts.
  • PasswordStatus::UNKNOWN will be returned.

v2.3.0

• Improvements to cache storage.

This release also includes:

• Minor text changes to documentation and composer package description.

v2.2.0

• Upgrade to use Pwned Passwords API v2. See https://www.troyhunt.com/ive-just-launched-pwned-passwords-version-2/
  • No rate limited requests.
  • Improved privacy via 'k-anonymity'.