A couple of API changes necessitated an major version number change. The changes where concerned with non-xml signing and signature verification.
The API of the functions verify_redirect_signature (sigver.py) and http_redirect_message (pack.py) was changes. As where the method use_http_get of the class HTTPBase (httpbase.py)
3.0.2
Not secure
Maintenance release
3.0.0
Not secure
Three major changes:
1) Now supports Python 3.X at the same time the support for Python 2.6 is lost. 2) All parts of the package is now collected in one module. This is a change that breaking change compared to earlier releases hence the major version change. 3) Significant overhaul of the encryption/signing parts.
2.4.0
Not secure
A couple of security fixes plus maintenance updates.