Sourced from oauth2's releases.

v2.0.20

2.0.20 - 2026-05-20

• TAG: v2.0.20
• COVERAGE: 99.62% -- 525/527 lines in 15 files
• BRANCH COVERAGE: 98.88% -- 176/178 branches in 15 files
• 88.35% documented

Added

• OAuth2::VERSION (Traditional Constant Location)

Changed

• auth-sanitizer v0.1.3

Fixed

• gh!721 Load auth-sanitizer through an internal isolated loader so requiring oauth2 does not add top-level Auth or AuthSanitizer constants that may collide with downstream applications by @​pboling

Security

Official Discord 👉️ [![Live Chat on Discord][✉️discord-invite-img]][✉️discord-invite]

Many paths lead to being a sponsor or a backer of this project. Are you on such a path?

[![Donate on PayPal][🖇paypal-img]][🖇paypal]

[][🖇buyme]

... (truncated)

Sourced from oauth2's changelog.

[2.0.20] - 2026-05-20

• TAG: [v2.0.20][2.0.20t]
• COVERAGE: 99.62% -- 525/527 lines in 15 files
• BRANCH COVERAGE: 98.88% -- 176/178 branches in 15 files
• 88.35% documented

Added

• OAuth2::VERSION (Traditional Constant Location)

Changed

• auth-sanitizer v0.1.3

Fixed

• gh!721 Load auth-sanitizer through an internal isolated loader so requiring oauth2 does not add top-level Auth or AuthSanitizer constants that may collide with downstream applications by @​pboling

Security

[2.0.19] - 2026-05-15

• TAG: [v2.0.19][2.0.19t]
• COVERAGE: 100.00% -- 515/515 lines in 14 files
• BRANCH COVERAGE: 100.00% -- 174/174 branches in 14 files
• 89.11% documented

Added

• gh!707 Add OAuth2.config[:filtered_label] to configure the placeholder used for filtered sensitive values in inspected objects and debug logging output by @​pboling
• gh!707 Add OAuth2.config[:filtered_debug_keys] to configure which key names have their values redacted from debug logging output by @​pboling

Changed

• gh!707 Make inspect-time and debug-log filters snapshot their configuration at initialization time rather than tracking later config changes by @​pboling
• [gh!714][gh!714]Refactor sensitive-value filtering to use auth-sanitizer while preserving OAuth2::FilteredAttributes as a permanent API alias by @​pboling

Removed

• Remove the internal OAuth2::ThingFilter and OAuth2::SanitizedLogger implementations now provided by auth-sanitizer by @​pboling

Security

• gh!707 Redact sensitive values from debug logging output, including Authorization headers and common token/secret fields in headers, query strings, form bodies, and JSON payloads by @​pboling
  • NOTE: debug logging has always been, and remains, opt-in. It is turned off by default.

... (truncated)

• e2d5097 🔧 :nocov: for unreachable error states
• 30650b2 🔖 Prepare release v2.0.20
• 23f2855 Merge pull request #721 from ruby-oauth/fix/top-level-namespace-pollution
• 5e4c988 Fix RuboCop Gradual offenses
• 89397f6 Constrain auth-sanitizer loader lookup
• 8e71e19 📝 CHANGELOG.md
• 6082a21 ⬆️ snaky_hash, faraday-net_http, zeitwerk, bundler-audit
• 350da42 Avoid auth-sanitizer top-level namespaces
• 0bc1903 Merge pull request #719 from step-security-bot/chore/GHA-182236-stepsecurity-...
• 148d716 Switch pre-commit hook to rubocop_gradual
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)