distribution/docs/content/about
Milos Gajdos 52d68216c0
feature: Bump go-jose and require signing algorithms in auth
This bumps go-jose to the latest available version: v4.0.3.
This slightly breaks the backwards compatibility with the existing
registry deployments but brings more security with it.

We now require the users to specify the list of token signing algorithms in
the configuration. We do strive to maintain the b/w compat by providing
a list of supported algorithms, though, this isn't something we
recommend due to security issues, see:
* https://github.com/go-jose/go-jose/issues/64
* https://github.com/go-jose/go-jose/pull/69

As part of this change we now return to the original flow of the token
signature validation:
1. X2C (tls) headers
2. JWKS
3. KeyID

Signed-off-by: Milos Gajdos <milosthegajdos@gmail.com>
2024-05-30 20:44:35 +01:00
..
_index.md And other content... 2023-10-12 12:00:15 +01:00
architecture.md docs: fix markup and broken links 2023-10-12 09:32:37 +02:00
compatibility.md docs: fix markup and broken links 2023-10-12 09:32:37 +02:00
configuration.md feature: Bump go-jose and require signing algorithms in auth 2024-05-30 20:44:35 +01:00
deploying.md docs: fix broken links and improve link resolution 2024-01-14 21:33:55 +01:00
garbage-collection.md docs: fix broken links and improve link resolution 2024-01-14 21:33:55 +01:00
glossary.md And other content... 2023-10-12 12:00:15 +01:00
help.md docs: fix markup and broken links 2023-10-12 09:32:37 +02:00
insecure.md docs: fix broken links and improve link resolution 2024-01-14 21:33:55 +01:00
notifications.md Update notifications.md 2024-02-28 13:32:59 -05:00