Skip to content
This repository has been archived by the owner on Feb 27, 2023. It is now read-only.

Version 1.0.4
Compare
Choose a tag to compare
@csstaub csstaub released this 31 Aug 22:28
· 38 commits to v1 since this release
v1.0.4
This tag was signed with the committer’s verified signature. The key has expired.
csstaub Cedric Staub
GPG key ID: E0F193D384208FD0
Expired
Verified
Learn about vigilant mode.
6e6deda
This commit was signed with the committer’s verified signature. The key has expired.
csstaub Cedric Staub
GPG key ID: E0F193D384208FD0
Expired
Verified
Learn about vigilant mode.

Security fixes
For ECDH-ES key derivation (in JWE), ensure that received public key (from an "epk" header field on an encrypted message) is on expected elliptic curve before performing any cryptographic operations. This also adds various sanity checks for EC keys other places, e.g. when parsing JWK blobs with embedded EC keys. See commits c758193, 03c5c6e, d163d44.

Other changes
Fix expand command in jose-util (c18180c)
Remove support for std_json build tag (1f36a88)

Assets 2
Loading