- SECURITY FIX: related to JWS signature validation
issue reported by Jeremy Choi (CVE later)
- (JWS) using a key from 'jwk' header requires to explicitly set
'key_from_jwk_header => 1' and works only for RSA/ECDSA public keys
- (JWS+JWE) when 'kid_keys' specified it croaks if header does not
contain 'kid' value or if 'kid' was not found in 'kid_keys'
Crypt-JWT
0.023
on Perl CPAN
latest releases:
0.035, 0.034, 0.033...
6 years ago