TrueCloudLab/distribution

Fork 3

Commit graph

Author	SHA1	Message	Date
Milos Gajdos	52d68216c0	feature: Bump go-jose and require signing algorithms in auth This bumps go-jose to the latest available version: v4.0.3. This slightly breaks the backwards compatibility with the existing registry deployments but brings more security with it. We now require the users to specify the list of token signing algorithms in the configuration. We do strive to maintain the b/w compat by providing a list of supported algorithms, though, this isn't something we recommend due to security issues, see: * https://github.com/go-jose/go-jose/issues/64 * https://github.com/go-jose/go-jose/pull/69 As part of this change we now return to the original flow of the token signature validation: 1. X2C (tls) headers 2. JWKS 3. KeyID Signed-off-by: Milos Gajdos <milosthegajdos@gmail.com>	2024-05-30 20:44:35 +01:00
Milos Gajdos	7ce129d63b	feat(linter): enable errcheck linter in golangci-lint Also, bump the linter version to the latest available version. Signed-off-by: Milos Gajdos <milosthegajdos@gmail.com>	2023-11-18 07:19:24 +00:00
AdamKorcz	e2a43ec8d3	Fuzzing: Move over two fuzzers from cncf-fuzzing Signed-off-by: AdamKorcz <adam@adalogics.com> Signed-off-by: Sebastiaan van Stijn <github@gone.nl>	2023-05-02 23:03:57 +02:00

Author

SHA1

Message

Date

Milos Gajdos

52d68216c0

feature: Bump go-jose and require signing algorithms in auth

This bumps go-jose to the latest available version: v4.0.3.
This slightly breaks the backwards compatibility with the existing
registry deployments but brings more security with it.

We now require the users to specify the list of token signing algorithms in
the configuration. We do strive to maintain the b/w compat by providing
a list of supported algorithms, though, this isn't something we
recommend due to security issues, see:
* https://github.com/go-jose/go-jose/issues/64
* https://github.com/go-jose/go-jose/pull/69

As part of this change we now return to the original flow of the token
signature validation:
1. X2C (tls) headers
2. JWKS
3. KeyID

Signed-off-by: Milos Gajdos <milosthegajdos@gmail.com>

2024-05-30 20:44:35 +01:00

Milos Gajdos

7ce129d63b

feat(linter): enable errcheck linter in golangci-lint

Also, bump the linter version to the latest available version.

Signed-off-by: Milos Gajdos <milosthegajdos@gmail.com>

2023-11-18 07:19:24 +00:00

AdamKorcz

e2a43ec8d3

Fuzzing: Move over two fuzzers from cncf-fuzzing

Signed-off-by: AdamKorcz <adam@adalogics.com>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>

2023-05-02 23:03:57 +02:00

3 commits