Skip to content

v1.2.27
Compare
Choose a tag to compare
@lestrrat lestrrat released this 03 Dec 07:25
· 345 commits to develop/v2 since this release
v1.2.27
611567b
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode. 
v1.2.27 - 03 Dec 2023
[Security]
  * [jwe] A large number in p2c parameter for PBKDF2 based encryptions could cause a DoS attack,
    similar to https://nvd.nist.gov/vuln/detail/CVE-2022-36083.  All users should upgrade, as
    unlike v2, v1 attempts to decrypt JWEs on JWTs by default.
    [GHSA-7f9x-gw85-8grf]

[Bug Fixes]
  * [jwk] jwk.Set(jwk.KeyOpsKey, <jwk.KeyOperation>) now works (previously, either
     Set(.., <string>) or Set(..., []jwk.KeyOperation{...}) worked, but not a single
     jwk.KeyOperation
Assets 2