You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Feb 27, 2023. It is now read-only.
According to this blog post there is a critical vulnerability in this library. The blog post is 3 days old and mentions go-jose, but there does not seem to be any mention of this issue in the changelog or in the PRs. Is this a thing and if so, which version introduced a fix?
The text was updated successfully, but these errors were encountered:
Hi @arekkas! Yes, 1.1.0 and greater should have all the fixes. All of these vulnerabilities were actually originally reported to Square's Open Source bug bounty by the researcher that discovered them, and were fixed by us at that time. We encourage responsible disclosure of vulnerabilities in our products and pay rewards for bugs reported to us.
Sign up for freeto subscribe to this conversation on GitHub.
Already have an account?
Sign in.
According to this blog post there is a critical vulnerability in this library. The blog post is 3 days old and mentions go-jose, but there does not seem to be any mention of this issue in the changelog or in the PRs. Is this a thing and if so, which version introduced a fix?
The text was updated successfully, but these errors were encountered: