to address CVE-2020-26160
full diff: a601269ab7...v3.2.2
3.2.1 release notes
---------------------------------------
- Import Path Change: See MIGRATION_GUIDE.md for tips on updating your code
Changed the import path from github.com/dgrijalva/jwt-go to github.com/golang-jwt/jwt
- Fixed type confusion issue between string and []string in VerifyAudience.
This fixes CVE-2020-26160
3.2.2 release notes
---------------------------------------
- Starting from this release, we are adopting the policy to support the most 2
recent versions of Go currently available. By the time of this release, this
is Go 1.15 and 1.16.
- Fixed a potential issue that could occur when the verification of exp, iat
or nbf was not required and contained invalid contents, i.e. non-numeric/date.
Thanks for @thaJeztah for making us aware of that and @giorgos-f3 for originally
reporting it to the formtech fork.
- Added support for EdDSA / ED25519.
- Optimized allocations.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
at the first iteration, only the following metrics are collected:
- HTTP metrics of each API endpoint
- cache counter for request/hit/miss
- histogram of storage actions, including:
GetContent, PutContent, Stat, List, Move, and Delete
Signed-off-by: tifayuki <tifayuki@gmail.com>
This upgrade, and vendors aws-sdk-go to version v1.12.36.
This is because it has new API calls accessible to the S3 client,
specifically S3.ListObjectsV2PagesWithContext
Signed-off-by: Sargun Dhillon <sargun@sargun.me>
Updates resumable hash implementation to Go 1.8 equivalent. This should
be a major speedup, since it includes a number of optimizations from Go
1.7.
Signed-off-by: Stephen J Day <stephen.day@docker.com>
Vndr has a simpler configuration and allows pointing to forked
packages. Additionally other docker projects are now using
vndr making vendoring in distribution more consistent.
Updates letsencrypt to use fork.
No longer uses sub-vendored packages.
Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
Milos Gajdos
Sebastiaan van Stijn
Matt Tescher
David Wu
Corey Quon
mlmhl
Olivier
Derek McGowan
Ryan Abrams
dmp
Mike Brown
Yu Wang
Justin Cormack
Stephen Day
tifayuki
Sargun Dhillon
Igor Morozov
Stephen J Day
Justin Santa Barbara
Michal Fojtik
Ahmet Alp Balkan