Permalink
Comparing changes
Choose two branches to see what’s changed or to start a new pull request.
If you need to, you can also or
learn more about diff comparisons.
Open a pull request
Create a new pull request by comparing changes across two branches. If you need to, you can also .
Learn more about diff comparisons here.
...
- 5 commits
- 6 files changed
- 2 contributors
Commits on Aug 11, 2022
Commits on Aug 13, 2022
-
Add support for RFC 9278: JWK Thumbprint URI
Signed-off-by: Simo Sorce <[email protected]>
Commits on Sep 13, 2022
-
Make JWT require to know what to expect
This is needed to address CVE-2022-3102. Thanks to Tom tervoort from Secura for finding and reporting this issue. Also test that "unepxected" token types are not validated Signed-off-by: Simo Sorce <[email protected]>
-
Add global workaround for applications
Because the previous patch changes the behavoir of jwcrypto, this knob is a quick way for application developers to get back the old behavior temporarily without having to change the code immediately as it may require some significant refactoring, depending on how the application was written. This is not intended to be used in the long term and will be eventually deleted. Unfortunately I cannot decorate a simply global variable with the @deprecated decoration to make it clearer. Signed-off-by: Simo Sorce <[email protected]>
Loading
This comparison is taking too long to generate.
Unfortunately it looks like we can’t render this comparison for you right now. It might be too big, or there might be something weird with your repository.
You can try running this command locally to see the comparison on your machine:
git diff v1.3.1...v1.4.0