Skip to content

v2.3.0 Add an Option to Skip Webhook Signature Verification

Latest
Latest
Compare
Choose a tag to compare
@habara-k habara-k released this 24 Sep 01:53
· 7 commits to master since this release
Immutable release. Only release title and notes can be modified.
v2.3.0
9eb91a6
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

What's Changed

✨ Add an Option to Skip Webhook Signature Verification

With this release, developers can now optionally skip signature verification when parsing incoming webhook requests. This new capability is especially useful in scenarios where the channel secret may change, potentially causing temporary signature mismatches.

Example Usage:

def parser
  @parser ||= Line::Bot::V2::WebhookParser.new(
    channel_secret: ENV.fetch("LINE_CHANNEL_SECRET"),
    skip_signature_verification: -> { ENV['SKIP_SIGNATURE_VERIFICATION'] == 'true' }
  )
end

When signature verification is skipped, the signatureValidator will not be invoked. This allows webhook requests to be processed even if their signatures do not match the current channel secret used for verification.

This feature is particularly helpful in high-availability systems where avoiding downtime or message loss during configuration updates is critical.

Dependency updates

  • Update dependency rubocop to v1.80.1 by @renovate[bot] in #651
  • Update ruby/setup-ruby action to v1.257.0 by @renovate[bot] in #653
  • Update dependency rack to v3.2.1 by @renovate[bot] in #654
  • Update dependency rubocop to v1.80.2 by @renovate[bot] in #655
  • Update actions/setup-node action to v5 by @renovate[bot] in #656
  • Update actions/stale action to v10 by @renovate[bot] in #657
  • Update actions/github-script action to v7.1.0 by @renovate[bot] in #658
  • Update actions/github-script action to v8 by @renovate[bot] in #659
  • Update dependency rbs to v3.9.5 by @renovate[bot] in #660
  • Update dependency org.apache.maven.plugins:maven-shade-plugin to v3.6.1 by @renovate[bot] in #662
  • Update dependency org.apache.maven.plugins:maven-surefire-plugin to v3.5.4 by @renovate[bot] in #663
  • Update ruby/setup-ruby action to v1.258.0 by @renovate[bot] in #666

Other Changes

  • Set minimumReleaseAge to 7 days to avoid merge renovate PR quickly by @Yang-33 in #661
  • Use github actor id instead of bot name to avoid renaming issues by @Yang-33 in #665

Full Changelog: v2.2.0...v2.3.0

Contributors

renovate, Yang-33, and habara-k
Assets 2
Loading