jsrsasign critical vulnerability

[nickveliki]

Hi, jrsasign 10.3.0 is public which has fixed the verification of rsa signatures pkcs#1.5 padding vulnerability which the version you have in your project still has (and which wildduck also uses, which is why I am here). I have to try and see if there are any breaking changes, but if so I hope not too many. Does your work not use the affected function? Let me know pls

[andris9]

jrsasign 10 has many breaking changes compared to 9, so if you try to upgrade it without changing the code in mobileconfig everything will fail.