This repository has been archived by the owner on Feb 27, 2023. It is now read-only.
Critical Vulnerability in JSON Web Encryption? #141
Labels
Comments
|
Thanks for the prompt response. For anyone else looking, version >= 1.1.0 should be good. |
|
Hi @arekkas! Yes, 1.1.0 and greater should have all the fixes. All of these vulnerabilities were actually originally reported to Square's Open Source bug bounty by the researcher that discovered them, and were fixed by us at that time. We encourage responsible disclosure of vulnerabilities in our products and pay rewards for bugs reported to us. |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
According to this blog post there is a critical vulnerability in this library. The blog post is 3 days old and mentions go-jose, but there does not seem to be any mention of this issue in the changelog or in the PRs. Is this a thing and if so, which version introduced a fix?
The text was updated successfully, but these errors were encountered: