Skip to content

[SECURITY] v1.2.26
Compare
Choose a tag to compare
@lestrrat lestrrat released this 14 Jun 08:17
· 390 commits to develop/v2 since this release
v1.2.26
d9ddbc8
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode. 
v1.2.26 - 14 Jun 2023
[Security]
  * Potential Padding Oracle Attack Vulnerability and Timing Attack Vulnerability
    for JWE AES-CBC encrypted payloads affecting all v2 releases up to v2.0.10,
    all v1 releases up to v1.2.25, and all v0 releases up to v0.9.2 have been reported by
    @shogo82148.

    Please note that v0 versions will NOT receive fixes.
    This release fixes these vulnerabilities for the v1 series.
Assets 2
Loading
0 Join discussion