forked from TrueCloudLab/distribution
52d68216c0
This bumps go-jose to the latest available version: v4.0.3. This slightly breaks the backwards compatibility with the existing registry deployments but brings more security with it. We now require the users to specify the list of token signing algorithms in the configuration. We do strive to maintain the b/w compat by providing a list of supported algorithms, though, this isn't something we recommend due to security issues, see: * https://github.com/go-jose/go-jose/issues/64 * https://github.com/go-jose/go-jose/pull/69 As part of this change we now return to the original flow of the token signature validation: 1. X2C (tls) headers 2. JWKS 3. KeyID Signed-off-by: Milos Gajdos <milosthegajdos@gmail.com>
673 B
673 B
Contributing
If you would like to contribute code to go-jose you can do so through GitHub by forking the repository and sending a pull request.
When submitting code, please make every effort to follow existing conventions
and style in order to keep the code as readable as possible. Please also make
sure all tests pass by running go test, and format your code with go fmt.
We also recommend using golint and errcheck.
Before your code can be accepted into the project you must also sign the Individual Contributor License Agreement. We use cla-assistant.io and you will be prompted to sign once a pull request is opened.