Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[release/2.7] github.com/golang-jwt/jwt v3.2.2 #3466

Merged
merged 1 commit into from Nov 23, 2021
Merged

[release/2.7] github.com/golang-jwt/jwt v3.2.2 #3466

merged 1 commit into from Nov 23, 2021

Commits on Aug 10, 2021

  1. [release/2.7] vendor: github.com/golang-jwt/jwt v3.2.1 

    to address CVE-2020-26160

full diff: golang-jwt/jwt@a601269...v3.2.2

3.2.1 release notes
---------------------------------------

- Import Path Change: See MIGRATION_GUIDE.md for tips on updating your code
  Changed the import path from github.com/dgrijalva/jwt-go to github.com/golang-jwt/jwt
- Fixed type confusion issue between string and []string in VerifyAudience.
  This fixes CVE-2020-26160

3.2.2 release notes
---------------------------------------

- Starting from this release, we are adopting the policy to support the most 2
  recent versions of Go currently available. By the time of this release, this
  is Go 1.15 and 1.16.
- Fixed a potential issue that could occur when the verification of exp, iat
  or nbf was not required and contained invalid contents, i.e. non-numeric/date.
  Thanks for @thaJeztah for making us aware of that and @giorgos-f3 for originally
  reporting it to the formtech fork.
- Added support for EdDSA / ED25519.
- Optimized allocations.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
    @thaJeztah
    thaJeztah committed Aug 10, 2021
    Copy the full SHA
    c5679da View commit details
    Browse the repository at this point in the history