From c13362dafaff6eae1bb80817d0dbe79449e3375e Mon Sep 17 00:00:00 2001
From: Les Hazlewood <les@hazlewood.com>
Date: Mon, 12 Sep 2016 17:20:47 -0700
Subject: [PATCH 1/3] Added release notes and doc update for the 0.7.0 release.

---
 CHANGELOG.md | 54 ++++++++++++++++++++++++++++++++++++++++++++++++++++
 README.md    |  4 ++--
 2 files changed, 56 insertions(+), 2 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 188b2c585..21a6d1d07 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,59 @@
 ## Release Notes
 
+### 0.7.0
+
+This is a minor feature enhancement and bugfix release.  One of the bug fixes is particularly important if using
+elliptic curve signatures.
+
+#### Elliptic Curve Signature Length Bug Fix
+
+Previous versions of JJWT safely calculated and verified Elliptic Curve signatures (no security risks), however, the
+ signatures were encoded using the JVM's default ASN.1/DER format.  The JWS specification however 
+requires EC signatures to be in a R + S format.  JJWT >= 0.7.0 now correctly represents newly computed EC signatures in 
+this spec-compliant format.
+
+What does this mean for you?
+
+Signatures created from previous JJWT versions can still be verified, so your existing tokens will still be parsed 
+correctly. HOWEVER, new JWTs with EC signatures created by JJWT >= 0.7.0 are now spec compliant and therefore can only 
+be verified by JJWT >= 0.7.0 (or any other spec compliant library).
+
+**This means that if you generate JWTs using Elliptic Curve Signatures after upgrading to JJWT >= 0.7.0, you _must_ 
+also upgrade any applications that parse these JWTs to upgrade to JJWT >= 0.7.0 as well.**
+
+#### Clock Skew Support
+
+When parsing a JWT, you might find that `exp` or `nbf` claims fail because the clock on the parsing machine is not 
+perfectly in sync with the clock on the machine that created the JWT.  You can now account for these differences 
+(usually no more than a few minutes) when parsing using the new `setAllowedClockSkewSeconds` method on the parser.
+For example:
+
+```java
+long seconds = 3 * 60; //3 minutes
+Jwts.parser().setAllowedClockSkewSeconds(seconds).setSigningKey(key).parseClaimsJws(jwt);
+```
+
+This ensures that clock differences between machines can be ignored.  Two or three minutes should be more than enough; it
+would be very strange if a machine's clock was more than 5 minutes difference from most atomic clocks around the world.
+
+#### Custom Clock Support
+
+Timestamps created during parsing can now be obtained via a custom time source via an implementation of
+ the new `io.jsonwebtoken.Clock` interface.  The default implementation simply returns `new Date()` to reflect the time
+  when parsing occurs, as most would expect.  However, supplying your own clock could be useful, especially during test 
+  cases to guarantee deterministic behavior.
+
+#### Android RSA Private Key Support
+
+Previous versions of JJWT required RSA private keys to implement `java.security.interfaces.RSAPrivateKey`, but Android 
+6 RSA private keys do not implement this interface.  JJWT now asserts that RSA keys are instances of both 
+`java.security.interfaces.RSAKey` and `java.security.PrivateKey` which should work fine on both Android and all other
+'standard' JVMs as well.
+
+#### Library version updates
+
+The few dependencies JWWT has (e.g. Jackson) have been updated to their latest stable versions at the time of release.
+
 ### 0.6.0
 
 #### Enforce JWT Claims when Parsing
diff --git a/README.md b/README.md
index aaa50c54a..6e16008ac 100644
--- a/README.md
+++ b/README.md
@@ -66,7 +66,7 @@ Maven:
 <dependency>
     <groupId>io.jsonwebtoken</groupId>
     <artifactId>jjwt</artifactId>
-    <version>0.6.0</version>
+    <version>0.7.0</version>
 </dependency>
 ```
 
@@ -74,7 +74,7 @@ Gradle:
 
 ```groovy
 dependencies {
-    compile 'io.jsonwebtoken:jjwt:0.6.0'
+    compile 'io.jsonwebtoken:jjwt:0.7.0'
 }
 ```
 

From 0da903f2144db02bc284ff47457b326f49d1712e Mon Sep 17 00:00:00 2001
From: Les Hazlewood <les@hazlewood.com>
Date: Mon, 12 Sep 2016 17:22:41 -0700
Subject: [PATCH 2/3] Added release notes and doc update for the 0.7.0 release.

---
 CHANGELOG.md | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 21a6d1d07..c702ad848 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -54,6 +54,10 @@ Previous versions of JJWT required RSA private keys to implement `java.security.
 
 The few dependencies JWWT has (e.g. Jackson) have been updated to their latest stable versions at the time of release.
 
+#### Issue List
+
+For all completed issues, please see the [0.7.0 Milestone List](https://github.com/jwtk/jjwt/milestone/7?closed=1)
+
 ### 0.6.0
 
 #### Enforce JWT Claims when Parsing

From cfeeb6e5cd4bf92216b2ce3ba7163d512d59a3c7 Mon Sep 17 00:00:00 2001
From: Les Hazlewood <les@hazlewood.com>
Date: Mon, 12 Sep 2016 17:23:18 -0700
Subject: [PATCH 3/3] Added release notes and doc update for the 0.7.0 release.

---
 CHANGELOG.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index c702ad848..68022b8e9 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -3,7 +3,7 @@
 ### 0.7.0
 
 This is a minor feature enhancement and bugfix release.  One of the bug fixes is particularly important if using
-elliptic curve signatures.
+elliptic curve signatures, please see below.
 
 #### Elliptic Curve Signature Length Bug Fix