[SECURITY] v1.2.26 #940

lestrrat · 2023-06-14T08:17:32Z

lestrrat
Jun 14, 2023
Maintainer

v1.2.26 - 14 Jun 2023
[Security]
  * Potential Padding Oracle Attack Vulnerability and Timing Attack Vulnerability
    for JWE AES-CBC encrypted payloads affecting all v2 releases up to v2.0.10,
    all v1 releases up to v1.2.25, and all v0 releases up to v0.9.2 have been reported by
    @shogo82148.

    Please note that v0 versions will NOT receive fixes.
    This release fixes these vulnerabilities for the v1 series.

This discussion was created from the release [SECURITY] v1.2.26.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[SECURITY] v1.2.26 #940

{{title}}

Replies: 0 comments

Select a reply

[SECURITY] v1.2.26 #940

lestrrat Jun 14, 2023 Maintainer

Replies: 0 comments

lestrrat
Jun 14, 2023
Maintainer