openstorage
openstorage copied to clipboard
Potential security issue: CVE-2020-26160
Is this a BUG REPORT or FEATURE REQUEST?: BUG REPORT
What happened: openstorage uses unmaintained package: github.com/dgrijalva/jwt-go. There is a security vulnerability found in this library: https://nvd.nist.gov/vuln/detail/CVE-2020-26160
The recommended way to proceed is to upgrade github.com/dgrijalva/jwt-go to its maintained fork: github.com/golang-jwt/jwt which is a drop-in replacement with this issue already fixed.
Thank you, we will updating it to the new jwt v4.0 from github.com/golang-jwt/jwt/v4