nov/json-jwt issues and pull requests

#123 - Don't try to modify the passed in hash

Pull Request - State: closed - Opened by ccutrer 2 months ago

#122 - Backport fix for CVE-2023-51774 from 1.16.6 to 1.15.x

Pull Request - State: closed - Opened by Capncavedan 8 months ago - 2 comments

#121 - Backport of CVE fix?

Issue - State: closed - Opened by mjankowski 8 months ago - 5 comments

#120 - json-jwt allows bypass of identity checks via a sign/encryption

Issue - State: closed - Opened by Shoaib19 8 months ago - 7 comments

#119 - Patch for CVE-2023-51774 / GHSA-c8v6-786g-vjx6?

Issue - State: closed - Opened by postmodern 8 months ago - 1 comment

#118 - Security Vulnerability: JSON::JWT.decode Method

Issue - State: closed - Opened by davidwayfinder 9 months ago - 4 comments

#117 - `JSON::JWK::Set#[]` was overwritten in v1.15.1

Issue - State: closed - Opened by kkitadate 9 months ago - 1 comment

#116 - Why is the CHANGELOG so small?

Issue - State: open - Opened by afilbert 9 months ago - 1 comment

#115 - Provide a 'Changelog' link on rubygems.org/gems/json-jwt

Pull Request - State: open - Opened by mark-young-atg 10 months ago

#114 - Declare dependency on base64

Issue - State: closed - Opened by Earlopain 11 months ago - 1 comment

#113 - Security: susceptible to sign/encrypt confusion attacks

Issue - State: closed - Opened by rc-mattschwager about 1 year ago - 5 comments

#112 - JWE class doesn't copy the input headers

Issue - State: closed - Opened by ehsanidme over 1 year ago - 8 comments

#111 - fix secp256k1 curve name to follow the standards

Pull Request - State: closed - Opened by kazzix14 almost 2 years ago - 1 comment

#110 - Feature/faraday v2

Pull Request - State: closed - Opened by nov about 2 years ago

#109 - Remove padding oracle

Pull Request - State: closed - Opened by btoews about 2 years ago

#108 - How to report security vulnerabilities

Issue - State: closed - Opened by btoews about 2 years ago - 2 comments

#107 - Comment out the security utils require and add manually in initialize…

Pull Request - State: closed - Opened by arif-muhammad-wmc-tech about 2 years ago - 1 comment

#106 - Conflicting binary

Issue - State: closed - Opened by depesz about 2 years ago - 2 comments

#105 - Feature/play with actions

Pull Request - State: closed - Opened by nov over 2 years ago

#104 - play with actions

Pull Request - State: closed - Opened by nov over 2 years ago

#103 - Add Github Action to test against OpenSSL 3

Pull Request - State: closed - Opened by bmesuere over 2 years ago

#102 - Support openssl 3 (Fixes: #100)

Pull Request - State: closed - Opened by nov over 2 years ago

#101 - Support openssl 3 (Fixes: #100)

Pull Request - State: closed - Opened by lucaskanashiro over 2 years ago - 14 comments

#100 - Add OpenSSL 3 support

Issue - State: closed - Opened by lucaskanashiro over 2 years ago - 2 comments

#99 - uninitialized constant JSON::JWT

Issue - State: closed - Opened by GMolini over 2 years ago - 2 comments

#98 - Support for RSA-OAEP-256

Issue - State: closed - Opened by murtazahaider5 almost 3 years ago - 2 comments

#97 - Serialization of valid JW* not always valid

Issue - State: closed - Opened by jphastings almost 3 years ago - 4 comments

#96 - test failures with ruby3.0

Issue - State: closed - Opened by boutil almost 3 years ago - 5 comments

#95 - [SECURITY] Algorithm Confusion Through kid Header

Issue - State: closed - Opened by paragonie-security about 3 years ago - 1 comment

#94 - Update Bindata Dependency Due To Security Issue

Issue - State: closed - Opened by Gerst20051 over 3 years ago - 1 comment

#93 - Decode jwt without verifying

Issue - State: closed - Opened by SerKnight over 3 years ago - 1 comment

#92 - Properly handle optional key ID parameter

Pull Request - State: closed - Opened by stanhu over 3 years ago - 4 comments

#91 - Support JWS Payloads that are not JSON

Issue - State: closed - Opened by radamson over 3 years ago - 2 comments

#90 - Feature/support for ruby 2.3

Pull Request - State: closed - Opened by michael-harrison over 3 years ago - 1 comment

#89 - Enable bundler caching for travis

Pull Request - State: closed - Opened by Taher-Ghaleb over 3 years ago - 1 comment

#88 - Support for Unencoded Payload Option (RFC 7797)?

Issue - State: closed - Opened by wout about 4 years ago - 1 comment

#87 - Ed25519 support

Issue - State: closed - Opened by nov over 4 years ago

#86 - make a few private JWK methods now public

Pull Request - State: closed - Opened by dub357 over 4 years ago

#85 - Test for CVE-2019-18848

Pull Request - State: closed - Opened by denisenkom almost 5 years ago

#84 - Remove Active Support

Pull Request - State: closed - Opened by bdewater about 5 years ago - 1 comment

#83 - Fix missing string interpolation in README example

Pull Request - State: closed - Opened by luisalima about 5 years ago

#82 - "cannot load such file -- json-jwt (LoadError)"

Issue - State: closed - Opened by merefield over 5 years ago - 2 comments

#81 - :warning: method redefined; discarding old header, signature_base_str…

Pull Request - State: closed - Opened by nov over 5 years ago

#80 - update oraclejdk 8 to 11

Pull Request - State: closed - Opened by nov over 5 years ago

#79 - Ruby Warnings

Pull Request - State: closed - Opened by amatsuda over 5 years ago - 1 comment

#78 - ECDH-ES support in JWE

Issue - State: closed - Opened by byt3pool over 5 years ago - 1 comment

#77 - Support for Unencoded Payload Option (RFC 7797)

Issue - State: closed - Opened by idigber over 5 years ago - 4 comments

#76 - Use Ruby 2.3 features instead of Active Support

Pull Request - State: closed - Opened by bdewater over 5 years ago

#75 - GCM is always supported on modern Ruby and OpenSSL

Pull Request - State: closed - Opened by bdewater over 5 years ago

#74 - Ignore test files when packaging a gem.

Pull Request - State: closed - Opened by v1nayv over 5 years ago

#73 - twistlock security scan shows that privatekeys are stored in the container

Issue - State: closed - Opened by v1nayv over 5 years ago

#72 - Push tag v1.10.0

Issue - State: closed - Opened by MITSUBOSHI over 5 years ago - 3 comments

#71 - Token to string doesn't match the original compact token

Issue - State: closed - Opened by MatteoJoliveau over 5 years ago - 1 comment

#70 - Add support for a zero-octet payload in JWS.

Pull Request - State: closed - Opened by seandilda almost 6 years ago - 3 comments

#69 - Support blank payloads in JWS

Issue - State: closed - Opened by seandilda almost 6 years ago - 4 comments

#68 - Changelog

Issue - State: closed - Opened by clickmonkee about 6 years ago

#67 - Relation with ruby-jwt gem

Issue - State: closed - Opened by printercu about 6 years ago - 1 comment

#66 - explicit-activesupport-version-requirement #65

Pull Request - State: closed - Opened by dlozano over 6 years ago

#65 - activesupport required version is not defined

Issue - State: closed - Opened by dlozano over 6 years ago - 1 comment

#64 - Nimbus JOSE+JWT IV additional character being ignored

Issue - State: closed - Opened by bharatshivram over 6 years ago - 4 comments

#63 - Add minimum Ruby requirement in gemspec

Pull Request - State: closed - Opened by jdongelmans over 6 years ago - 1 comment

#62 - Verify the GCM auth tag length

Pull Request - State: closed - Opened by bdewater over 6 years ago - 1 comment

#61 - Algorithm autodetection does not consider JWK

Issue - State: closed - Opened by bdewater over 6 years ago - 2 comments

#60 - Use Active Support's secure_compare

Pull Request - State: closed - Opened by bdewater over 6 years ago - 2 comments

#59 - Remove url_safe_base64 gem

Pull Request - State: closed - Opened by bdewater over 6 years ago - 4 comments

#58 - Encrypt then Sign

Issue - State: closed - Opened by tfluehmann over 6 years ago - 1 comment

#57 - oops, these should be optional too

Pull Request - State: closed - Opened by nov almost 7 years ago

#56 - Feature/make alg and enc required when verifying and decrypting

Pull Request - State: closed - Opened by nov almost 7 years ago

#55 - add PS256, PS384, PS512 support.

Pull Request - State: closed - Opened by nov almost 7 years ago

#54 - Support RSA PSS

Issue - State: closed - Opened by nov almost 7 years ago

#53 - certain malformed JWTs throw nil errors

Issue - State: closed - Opened by cainlevy almost 7 years ago - 1 comment

#52 - avoid explicit openssl version check

Pull Request - State: closed - Opened by nov about 7 years ago

#51 - EC key throwing OpenSSL::PKey::EC::Point::Error

Issue - State: closed - Opened by travisofthenorth about 7 years ago - 13 comments

#50 - Thread safety?

Issue - State: closed - Opened by FranklinYu over 7 years ago - 2 comments

#49 - Can payload for signing with JWT be a string instead of a json

Issue - State: closed - Opened by Phuong5664 over 7 years ago - 2 comments

#48 - Getting "public" properties from keys

Issue - State: closed - Opened by toupeira over 7 years ago - 3 comments

#47 - JWK from Hash or JSON file?

Issue - State: closed - Opened by FranklinYu over 7 years ago

#46 - Replace multi_json with json

Pull Request - State: closed - Opened by ojab over 7 years ago - 1 comment

#45 - OpenSSL::PKey interface has changed in Ruby 2.4

Issue - State: closed - Opened by cmoylan over 7 years ago - 10 comments

#44 - update `to_rsa_key` to follow new openssl pkey interface

Pull Request - State: closed - Opened by cmoylan over 7 years ago - 1 comment

#43 - jti claim in JWT header

Issue - State: closed - Opened by johntopleyons over 7 years ago - 2 comments

#42 - verify signature JWT

Issue - State: closed - Opened by ErnstA over 7 years ago - 4 comments

#41 - Any objection to me adding a :skip_verification example to your wiki docs?

Issue - State: closed - Opened by theirishpenguin almost 8 years ago - 2 comments

#40 - Add [dq, dp, qi] attributes to jwk for compatibility with other libs

Pull Request - State: closed - Opened by InformatiQ almost 8 years ago - 5 comments

#39 - 1.6.2 broke backwards compatibility, no longer sets algorithm when signing JWT

Issue - State: closed - Opened by nhinds over 8 years ago - 6 comments

#38 - Minimum ruby version?

Issue - State: closed - Opened by futureperfect over 8 years ago - 7 comments

#37 - Header params overwritten when signing

Issue - State: closed - Opened by economou over 8 years ago

#36 - Pin activesupport and bump the version. Fix for #35

Pull Request - State: closed - Opened by funzoneq over 8 years ago - 1 comment

#35 - Activesupport requires ruby >= 2.2.2

Issue - State: closed - Opened by funzoneq over 8 years ago - 3 comments

#34 - concept for better kid support

Pull Request - State: closed - Opened by nov over 8 years ago

#33 - Default `:kid` as thumbprint

Issue - State: closed - Opened by futureperfect over 8 years ago - 3 comments

#32 - verify throwing an error in JSON::JWT.decode

Issue - State: closed - Opened by onli over 8 years ago - 20 comments

#31 - Add x5t#S256 header

Pull Request - State: closed - Opened by wizardz over 8 years ago - 3 comments

#30 - fill in alg=dir tests for JWE

Pull Request - State: closed - Opened by kintner over 8 years ago - 1 comment

#29 - Remove ActiveSupport

Pull Request - State: closed - Opened by jhass almost 9 years ago - 4 comments

#28 - kid is being considered required

Issue - State: closed - Opened by guilhermednt about 9 years ago - 3 comments

#27 - Fix specs when nimbus_jwe is missing

Pull Request - State: closed - Opened by greysteil about 9 years ago

#26 - Changelog and Semantic Versioning

Pull Request - State: closed - Opened by timrogers about 9 years ago - 1 comment

#25 - Feature/jwe refactoring

Pull Request - State: closed - Opened by nov about 9 years ago

#24 - Feature/jwk refactoring

Pull Request - State: closed - Opened by nov about 9 years ago

GitHub / nov/json-jwt issues and pull requests