Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Consider upgrading to github.com/go-jose/go-jose/v4 #797

Open
3 of 5 tasks
mitar opened this issue Mar 7, 2024 · 1 comment
Open
3 of 5 tasks

Consider upgrading to github.com/go-jose/go-jose/v4 #797

mitar opened this issue Mar 7, 2024 · 1 comment
Labels
feat New feature or request.

Comments

@mitar
Copy link
Contributor

mitar commented Mar 7, 2024

Preflight checklist

Ory Network Project

No response

Describe your problem

github.com/go-jose/go-jose/v3 dependency has made a new github.com/go-jose/go-jose/v4 version. It breaks backwards compatibility to improve security:

This release makes some breaking changes in order to more thoroughly address the vulnerabilities discussed in Three New Attacks Against JSON Web Tokens, "Sign/encrypt confusion", "Billion hash attack", and "Polyglot token".

I think it is not critical, but it would be beneficial to do so sooner than later.

Describe your ideal solution

We upgrade.

Workarounds or alternatives

We do not.

Version

latest master

Additional Context

No response
@mitar mitar added the feat New feature or request. label Mar 7, 2024
@mitar
Copy link
Contributor Author

mitar commented May 27, 2024

@aeneasr: What about this?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
feat New feature or request.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@mitar