openbadgeslib 1.1.6
Patch release closing the security & correctness audit backlog accumulated since v1.1.5 — 49 fixes across OB2/OB3 verification, the JWS engine, config parsing, and the CLI entrypoints. No API changes, no new dependencies; a drop-in upgrade.
Security
- OB2 revocation no longer fails open on a falsy reason. A revoked serial whose issuer-published reason was
"",null,false, or0was reported VALID instead of REVOKED. A matched serial is now always honored as revoked. - JWS: a private key supplied where a public verify key is expected is treated as a failed signature (
SignatureError) instead of crashing with a rawAttributeError— closes a remotely-triggerable crash on the OB2 badge-embedded-key fallback path. - OB3 independently re-validates
vc.validUntil/vc.validFromagainst wall-clock time instead of trusting only the JWTexpclaim, so an expired or not-yet-valid credential is rejected even if the JWT claim is decoupled from the vc-level dates. download_file()rejects an HTTP redirect to a non-HTTPS target, closing a TLS scheme-downgrade gap in the HTTPS-only enforcement for the OB2 verify key, issuer document, and revocation list.download_file()caps the response body at 5 MiB, bounding memory use against an attacker-influenced URL.
Correctness & robustness
The verify/sign/CLI boundaries no longer leak raw KeyError/TypeError/AttributeError/ValueError/OSError tracebacks on malformed or hostile input. Highlights: every _jws exception now inherits LibOpenBadgesException; OB2 read_from_file / check_revocation / check_expiration and OB3 credential parsing reject non-object/non-string claims with typed errors; malformed config.ini (bad INI syntax, unresolvable ${...} interpolation, encoding mismatch, missing/empty [paths] base) exits every CLI cleanly with a [!] … message; openbadges-init/-publish exit cleanly on an existing target and restore the process umask in a try/finally; recipient mailto: binding is compared case-insensitively.
See Changelog.txt for the complete, itemized list.