Skip to content

Update to JWT v5 to fix vulnerability #281

New issue
New issue
Closed
Closed
Update to JWT v5 to fix vulnerability#281
@matthiasthomas

Description

@matthiasthomas
matthiasthomas
opened on Mar 27, 2025

The current version uses github.com/golang-jwt/jwt v3.2.2+incompatible which has a vulnerability (GO-2025-3553) related to excessive memory allocation during header parsing.

We should update to github.com/golang-jwt/jwt/v5 which fixes this vulnerability.

This affects the following files in the generates package:

  • jwt_access.go
  • jwt_access_test.go

The changes required are:

  1. Update the import path to github.com/golang-jwt/jwt/v5
  2. Update the code to use the new JWT v5 API
  3. Update tests to use the new JWT v5 API

I'll submit a PR with these changes.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions