dkirillov/distribution
1
0
Fork 0
forked from TrueCloudLab/distribution
Code Pull requests Activity
distribution/docs/content
History
Milos Gajdos 52d68216c0
feature: Bump go-jose and require signing algorithms in auth 
This bumps go-jose to the latest available version: v4.0.3.
This slightly breaks the backwards compatibility with the existing
registry deployments but brings more security with it.

We now require the users to specify the list of token signing algorithms in
the configuration. We do strive to maintain the b/w compat by providing
a list of supported algorithms, though, this isn't something we
recommend due to security issues, see:
* https://github.com/go-jose/go-jose/issues/64
* https://github.com/go-jose/go-jose/pull/69

As part of this change we now return to the original flow of the token
signature validation:
1. X2C (tls) headers
2. JWKS
3. KeyID

Signed-off-by: Milos Gajdos <milosthegajdos@gmail.com>
2024-05-30 20:44:35 +01:00
..
about feature: Bump go-jose and require signing algorithms in auth 2024-05-30 20:44:35 +01:00
recipes docs: fix broken links and improve link resolution 2024-01-14 21:33:55 +01:00
spec docs: fix broken links and improve link resolution 2024-01-14 21:33:55 +01:00
storage-drivers Allow setting s3 forcepathstyle without regionendpoint (#4291) 2024-04-24 08:34:01 +01:00
_index.md And other content... 2023-10-12 12:00:15 +01:00