Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Upgrade jwt library #387

Merged
merged 1 commit into from
Jul 28, 2021
Merged

Upgrade jwt library #387

merged 1 commit into from
Jul 28, 2021

Conversation

yarlson
Copy link
Contributor

@yarlson yarlson commented Jul 19, 2021

Fixes #343

https://github.com/dgrijalva/jwt-go has been abondoned (see dgrijalva/jwt-go#462). In order to fix the vulnarability we have to switch to a community driven fork https://github.com/golang-jwt/jwt . The issue has been fixed in golang-jwt/jwt#12

@yarlson
Upgrade jwt library
fff481a 
andygrunwald#343

 https://github.com/dgrijalva/jwt-go has been abondoned (see dgrijalva/jwt-go#462). In order to fix the vulnarability we have to switch to a community driven fork https://github.com/golang-jwt/jwt . The issue has been fixed in golang-jwt/jwt#12
@chipaca chipaca mentioned this pull request Jul 28, 2021
Closed
perrito666
perrito666 reviewed Jul 28, 2021
View reviewed changes
Copy link

@perrito666 perrito666 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hey @benjivesterby @andygrunwald sorry to be that annoying person :) but this seems to address CVE-2020-26160 and since this is a very used library the update might pluck several holes for people :)

@benjivesterby
Copy link
Collaborator

Hey @benjivesterby @andygrunwald sorry to be that annoying person :) but this seems to address CVE-2020-26160 and since this is a very used library the update might pluck several holes for people :)

Hey Horacio, long time. Looks good to me, if the tests pass I'll merge it.

@benjivesterby benjivesterby merged commit cd21164 into andygrunwald:master Jul 28, 2021
@perrito666
Copy link

Hey @benjivesterby @andygrunwald sorry to be that annoying person :) but this seems to address CVE-2020-26160 and since this is a very used library the update might pluck several holes for people :)

Hey Horacio, long time. Looks good to me, if the tests pass I'll merge it.

tx a lot, nice to find you here in a stranger's PR :) hope to bump in person again :D

@antoineco antoineco mentioned this pull request Oct 6, 2021
Merged
@ankitm123 ankitm123 mentioned this pull request Jul 17, 2022
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@perrito666 perrito666 perrito666 left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Consider upgrading version of jwt-go to fix security vulnerability
3 participants
@yarlson @benjivesterby @perrito666