github lestrrat-go/jwx v2.0.6
on GitHub

latest releases: v3.0.0-alpha1, v2.1.2, v1.2.30...
2 years ago
v2.0.6 - 25 Aug 2022
[Bug fixes][Security]
  * [jwe] Agreement Party UInfo and VInfo (apv/apu) were not properly being
    passed to the functions to compute the aad when encrypting using ECDH-ES
    family of algorithms. Therefore, when using apu/apv, messages encrypted
    via this module would have failed to be properly decrypted.

    Please note that bogus encrypted messages would not have succeed being
    decrypted (i.e. this problem does not allow spoofed messages to be decrypted).
    Therefore this would not have caused unwanted data to to creep in --
    however it did pose problems for data to be sent and decrypted from this module
    when using ECDH-ES with apu/apv.

    While not extensively tested, we believe this regression was introduced
    with the v2 release.
Check out latest releases or
releases around lestrrat-go/jwx v2.0.6

Don't miss a new jwx release

NewReleases is sending notifications on new releases.

Get notifications