v2.0.6 - 25 Aug 2022
[Bug fixes][Security]
* [jwe] Agreement Party UInfo and VInfo (apv/apu) were not properly being
passed to the functions to compute the aad when encrypting using ECDH-ES
family of algorithms. Therefore, when using apu/apv, messages encrypted
via this module would have failed to be properly decrypted.
Please note that bogus encrypted messages would not have succeed being
decrypted (i.e. this problem does not allow spoofed messages to be decrypted).
Therefore this would not have caused unwanted data to to creep in --
however it did pose problems for data to be sent and decrypted from this module
when using ECDH-ES with apu/apv.
While not extensively tested, we believe this regression was introduced
with the v2 release.