diff --git a/CHANGELOG.md b/CHANGELOG.md
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,3 +1,20 @@
+3.0.2.0
+-------
+
+- Fix definition for HTTP security scheme (see [#10](https://github.com/biocad/openapi3/pull/10));
+- Fix error message in `exclusiveMaximum` / `exclusiveMinimum` validation (see
+  [#15](https://github.com/biocad/openapi3/pull/15));
+
+3.0.1.0
+-------
+
+- Support polymorphic types in schema generator.
+
+3.0.0
+-----
+
+- Switch to OpenAPI 3.0 specification.
+
 2.6.1
 -----
 
diff --git a/openapi3.cabal b/openapi3.cabal
--- a/openapi3.cabal
+++ b/openapi3.cabal
@@ -1,6 +1,6 @@
 cabal-version:       >=1.10
 name:                openapi3
-version:             3.0.1.0
+version:             3.0.2.0
 
 synopsis:            OpenAPI 3.0 data model
 category:            Web, Swagger, OpenApi
@@ -76,13 +76,15 @@
     -- cookie 0.4.3 is needed by GHC 7.8 due to time>=1.4 constraint
     , cookie                    >=0.4.3    && <0.5
     , generics-sop              >=0.5.1.0  && <0.6
-    , hashable                  >=1.2.7.0  && <1.4
+      -- <1.3.1 is a temporary measure, until we fix doctests not to depend on key order
+      -- see https://github.com/haskell/aeson/issues/837
+    , hashable                  >=1.2.7.0  && <1.3.1
     , http-media                >=0.8.0.0  && <0.9
     , insert-ordered-containers >=0.2.3    && <0.3
-    , lens                      >=4.16.1   && <4.20
+    , lens                      >=4.16.1   && <5.1
     , network                   >=2.6.3.5  && <3.2
-    , optics-core               >=0.2      && <0.4
-    , optics-th                 >=0.2      && <0.4
+    , optics-core               >=0.2      && <0.5
+    , optics-th                 >=0.2      && <0.5
     , scientific                >=0.3.6.2  && <0.4
     , unordered-containers      >=0.2.9.0  && <0.3
     , uuid-types                >=1.0.3    && <1.1
diff --git a/src/Data/OpenApi.hs b/src/Data/OpenApi.hs
--- a/src/Data/OpenApi.hs
+++ b/src/Data/OpenApi.hs
@@ -91,6 +91,7 @@
   -- ** Security
   SecurityScheme(..),
   SecuritySchemeType(..),
+  HttpSchemeType(..),
   SecurityDefinitions(..),
   SecurityRequirement(..),
 
diff --git a/src/Data/OpenApi/Internal.hs b/src/Data/OpenApi/Internal.hs
--- a/src/Data/OpenApi/Internal.hs
+++ b/src/Data/OpenApi/Internal.hs
@@ -838,8 +838,33 @@
   , _oAuth2FlowsAuthorizationCode :: Maybe (OAuth2Flow OAuth2AuthorizationCodeFlow)
   } deriving (Eq, Show, Generic, Data, Typeable)
 
+type BearerFormat = Text
+
+data HttpSchemeType
+  = HttpSchemeBearer (Maybe BearerFormat)
+  | HttpSchemeBasic
+  | HttpSchemeCustom Text
+  deriving (Eq, Show, Generic, Data, Typeable)
+
+-- |
+--
+-- >>> encode (SecuritySchemeHttp (HttpSchemeBearer Nothing))
+-- "{\"scheme\":\"bearer\",\"type\":\"http\"}"
+--
+-- >>> encode (SecuritySchemeHttp (HttpSchemeBearer (Just "jwt")))
+-- "{\"scheme\":\"bearer\",\"type\":\"http\",\"bearerFormat\":\"jwt\"}"
+--
+-- >>> encode (SecuritySchemeHttp HttpSchemeBasic)
+-- "{\"scheme\":\"basic\",\"type\":\"http\"}"
+--
+-- >>> encode (SecuritySchemeHttp (HttpSchemeCustom "CANARY"))
+-- "{\"scheme\":\"CANARY\",\"type\":\"http\"}"
+--
+-- >>> encode (SecuritySchemeApiKey (ApiKeyParams "id" ApiKeyCookie))
+-- "{\"in\":\"cookie\",\"name\":\"id\",\"type\":\"apiKey\"}"
+--
 data SecuritySchemeType
-  = SecuritySchemeHttp
+  = SecuritySchemeHttp HttpSchemeType
   | SecuritySchemeApiKey ApiKeyParams
   | SecuritySchemeOAuth2 OAuth2Flows
   | SecuritySchemeOpenIdConnect URL
@@ -1229,8 +1254,19 @@
   toEncoding = sopSwaggerGenericToEncoding
 
 instance ToJSON SecuritySchemeType where
-  toJSON SecuritySchemeHttp
-      = object [ "type" .= ("http" :: Text) ]
+  toJSON (SecuritySchemeHttp ty) = case ty of
+    HttpSchemeBearer mFmt ->
+      object $ [ "type" .= ("http" :: Text)
+               , "scheme" .= ("bearer" :: Text)
+               ] <> maybe [] (\t -> ["bearerFormat" .= t]) mFmt
+    HttpSchemeBasic ->
+      object [ "type" .= ("http" :: Text)
+             , "scheme" .= ("basic" :: Text)
+             ]
+    HttpSchemeCustom t ->
+      object [ "type" .= ("http" :: Text)
+             , "scheme" .= t
+             ]
   toJSON (SecuritySchemeApiKey params)
       = toJSON params
     <+> object [ "type" .= ("apiKey" :: Text) ]
@@ -1379,7 +1415,12 @@
   parseJSON js@(Object o) = do
     (t :: Text) <- o .: "type"
     case t of
-      "http"   -> pure SecuritySchemeHttp
+      "http"   -> do
+          scheme <-  o .: "scheme"
+          SecuritySchemeHttp <$> case scheme of
+              "bearer" -> HttpSchemeBearer <$> (o .:! "bearerFormat")
+              "basic" -> pure HttpSchemeBasic
+              t -> pure $ HttpSchemeCustom t
       "apiKey" -> SecuritySchemeApiKey <$> parseJSON js
       "oauth2" -> SecuritySchemeOAuth2 <$> (o .: "flows")
       "openIdConnect" -> SecuritySchemeOpenIdConnect <$> (o .: "openIdConnectUrl")
diff --git a/src/Data/OpenApi/Internal/Schema/Validation.hs b/src/Data/OpenApi/Internal/Schema/Validation.hs
--- a/src/Data/OpenApi/Internal/Schema/Validation.hs
+++ b/src/Data/OpenApi/Internal/Schema/Validation.hs
@@ -315,11 +315,11 @@
 
   check maximum_ $ \m ->
     when (if exMax then (n >= m) else (n > m)) $
-      invalid ("value " ++ show n ++ " exceeds maximum (should be " ++ if exMax then "<" else "<=" ++ show m ++ ")")
+      invalid ("value " ++ show n ++ " exceeds maximum (should be " ++ (if exMax then "<" else "<=") ++ show m ++ ")")
 
   check minimum_ $ \m ->
     when (if exMin then (n <= m) else (n < m)) $
-      invalid ("value " ++ show n ++ " falls below minimum (should be " ++ if exMin then ">" else ">=" ++ show m ++ ")")
+      invalid ("value " ++ show n ++ " falls below minimum (should be " ++ (if exMin then ">" else ">=") ++ show m ++ ")")
 
   check multipleOf $ \k ->
     when (not (isInteger (n / k))) $
