distribution

Author SHA1 Message Date

Author	SHA1	Message	Date
Sebastiaan van Stijn	c5679da3a1	[release/2.7] vendor: github.com/golang-jwt/jwt v3.2.1 to address CVE-2020-26160 full diff: `a601269ab7`...v3.2.2 3.2.1 release notes --------------------------------------- - Import Path Change: See MIGRATION_GUIDE.md for tips on updating your code Changed the import path from github.com/dgrijalva/jwt-go to github.com/golang-jwt/jwt - Fixed type confusion issue between string and []string in VerifyAudience. This fixes CVE-2020-26160 3.2.2 release notes --------------------------------------- - Starting from this release, we are adopting the policy to support the most 2 recent versions of Go currently available. By the time of this release, this is Go 1.15 and 1.16. - Fixed a potential issue that could occur when the verification of exp, iat or nbf was not required and contained invalid contents, i.e. non-numeric/date. Thanks for @thaJeztah for making us aware of that and @giorgos-f3 for originally reporting it to the formtech fork. - Added support for EdDSA / ED25519. - Optimized allocations. Signed-off-by: Sebastiaan van Stijn <github@gone.nl>	2021-08-10 13:05:39 +02:00
Yu Wang (UC)	ac05d143d8	closes #2224 : re-vendor the latest Azure Storage SDK for better performance Signed-off-by: Yu Wang <yuwa@microsoft.com>	2017-04-14 14:20:18 -07:00

Sebastiaan van Stijn

[release/2.7] vendor: github.com/golang-jwt/jwt v3.2.1

to address CVE-2020-26160

full diff: a601269ab7...v3.2.2

3.2.1 release notes
---------------------------------------

- Import Path Change: See MIGRATION_GUIDE.md for tips on updating your code
  Changed the import path from github.com/dgrijalva/jwt-go to github.com/golang-jwt/jwt
- Fixed type confusion issue between string and []string in VerifyAudience.
  This fixes CVE-2020-26160

3.2.2 release notes
---------------------------------------

- Starting from this release, we are adopting the policy to support the most 2
  recent versions of Go currently available. By the time of this release, this
  is Go 1.15 and 1.16.
- Fixed a potential issue that could occur when the verification of exp, iat
  or nbf was not required and contained invalid contents, i.e. non-numeric/date.
  Thanks for @thaJeztah for making us aware of that and @giorgos-f3 for originally
  reporting it to the formtech fork.
- Added support for EdDSA / ED25519.
- Optimized allocations.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>

2021-08-10 13:05:39 +02:00

Yu Wang (UC)

ac05d143d8

closes #2224 : re-vendor the latest Azure Storage SDK for better performance

Signed-off-by: Yu Wang <yuwa@microsoft.com>

2017-04-14 14:20:18 -07:00

2 Commits (v2.8.1)