New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Token validation related security updates in previous versions #540
Comments
@snekbaev By default we require signed tokens and do not allow 'none'. What issues are you having with 5.x compatibility? |
@brentschmaltz if I remember correctly it was Basically I'm using Katana with WebAPI 2 and apparently some crucial type was moved to a different namespace in v5 thus it doesn't work :) |
@snekbaev yes, 5.x does not work with Katana. Currently we are committed to supporting 4.x and 5.x. I was just wondering if it related to Katana or some other issue. |
@brentschmaltz well, wherever the issue is, one thing for sure is that it will make a lot of people happy not to have that dependency hanging in the nuget's updates with a note in a readme file saying "DO NOT UPDATE!" :))) |
@snekbaev @brockallen and others, we are aware of that this is causing headaches, we are investigating a fix. Hopefully it will show up soon. |
Issue is resolved pertaining to security risk. Back-compat is a separate issue. |
Hi,
just discovered: https://auth0.com/blog/critical-vulnerabilities-in-json-web-token-libraries and wanted to ask in which version this has been addressed, I'm using .NET 4.6.1 with
System.IdentityModel.Tokens.Jwt
and can't upgrade it to 5.x because is it not compatible, thus, I'm stuck with4.0.3.308261200
.And question is: am I safe? :)
Thank you!
The text was updated successfully, but these errors were encountered: