Skip to content

v2.0.2
Compare
Choose a tag to compare
@lestrrat lestrrat released this 23 May 12:59
· 185 commits to develop/v2 since this release
v2.0.2
dc603b6
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode. 
v2.0.2 - 23 May 2022
[Bug Fixes][Security]
  * [jwe] An old bug from at least 7 years ago existed in handling AES-CBC unpadding,
    where the unpad operation might remove more bytes than necessary (#744)
    This affects all jwx code that is available before v2.0.2 and v1.2.25.

[New Features]
  * [jwt] RFC3339 timestamps are also accepted for Numeric Date types in JWT tokens.
    This allows users to parse servers that errnously use RFC3339 timestamps in
    some pre-defined fields. You can change this behavior by setting
    `jwt.WithNumericDateParsePedantic` to `false`
  * [jwt] `jwt.WithNumericDateParsePedantic` has been added. This is a global
    option that is set using `jwt.Settings`
Assets 2