Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Use constant-time string comparison for sigs #36

Merged
merged 1 commit into from Dec 19, 2017

Conversation

anfedorov
Copy link
Contributor

Fixed #12

@anfedorov
Copy link
Contributor Author

@jasongoodwin can I get an ack you saw this / comment on what to do with it? would prefer not to branch / publish our own version but not having a timing attack seems important.

@anfedorov
Copy link
Contributor Author

/poke @jasongoodwin

@jasongoodwin
Copy link
Owner

having a peak. sincerest apologies - started a new role and been neck deep in code.

@jasongoodwin jasongoodwin merged commit 9edb740 into jasongoodwin:master Dec 19, 2017
@anfedorov
Copy link
Contributor Author

anfedorov commented Dec 21, 2017 via email

@anfedorov
Copy link
Contributor Author

@jasongoodwin please cut an updated release to mvn so folks can benefit from this fix

@anfedorov
Copy link
Contributor Author

@jasongoodwin this vuln has been rated "critical" by NVD (source). please cut a new release.

@jasongoodwin
Copy link
Owner

jasongoodwin commented May 14, 2018 via email

@anfedorov
Copy link
Contributor Author

no worries, thanks, and looking forward to updating!

@jasongoodwin
Copy link
Owner

Hey I'm having some troubles with my pgp keys :( I nuked my sbt config.
I'll give it a whirl tomorrow.

@anfedorov
Copy link
Contributor Author

yeah, old keys do that sometimes. can you still deploy without them? let me know if I can help — haven't actually deployed anything to mvn but can help figure out specific questions if you have any?

@madhead
Copy link

madhead commented Jun 10, 2021

I know it's quite of time passed, but are there any news on releasing 0.4.6?

@oloushkin-ah
Copy link

@sfc-gh-afedorov
Copy link

the release is a separate issue #39

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

add option to do full comparison to prevent time based guessing of the private key
5 participants