Skip to content

[SECURITY] v2.0.11
Compare
Choose a tag to compare
@lestrrat lestrrat released this 14 Jun 08:18
· 168 commits to develop/v2 since this release
v2.0.11
6c41e38
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode. 
v2.0.11 - 14 Jun 2023
[Security]
  * Potential Padding Oracle Attack Vulnerability and Timing Attack Vulnerability
    for JWE AES-CBC encrypted payloads affecting all v2 releases up to v2.0.10,
    all v1 releases up to v1.2.25, and all v0 releases up to v0.9.2 have been reported by
    @shogo82148.

    Please note that v0 versions will NOT receive fixes.
    This release fixes these vulnerabilities for the v2 series.
Assets 2
Loading
0 Join discussion