python-jose icon indicating copy to clipboard operation
python-jose copied to clipboard

Published 20 hours ago verified publisher icon mpdavis

Fix CVE-2024-33663

Open danigm opened this issue 9 months ago • 9 comments

https://github.com/mpdavis/python-jose/issues/346

danigm avatar May 02 '24 07:05 danigm

I recommend throwing an exception if algorithms is None, rather than setting to ALL. Not specifying the algorithms field is the source of algorithm confusion issues.

milliesolem avatar May 02 '24 12:05 milliesolem

Let's try pinging @asherf and @mpdavis

CharlesPerrotMinotHCHB avatar May 10 '24 22:05 CharlesPerrotMinotHCHB

@mpdavis @asherf following up on this

smittysmee avatar May 21 '24 19:05 smittysmee

Can you rebase your changes onto the latest master branch and force-update your branch for this PR?

Would you mind collapsing your commits to a single commit as well?

twwildey avatar May 30 '24 23:05 twwildey

Can you rebase your changes onto the latest master branch and force-update your branch for this PR?

Would you mind collapsing your commits to a single commit as well?

Done

danigm avatar May 31 '24 05:05 danigm

@twwildey

CharlesPerrotMinotHCHB avatar Jun 03 '24 20:06 CharlesPerrotMinotHCHB

When can we expect an official release for this ?

chrisribe avatar Jun 20 '24 19:06 chrisribe

@chrisribe seeing as the library has not seen a release for three years, I wouldn't hold my breath. Switch to PyJWT if you have a project affected by this.

milliesolem avatar Jun 20 '24 21:06 milliesolem

I believe this GitHub repo has been effectively abandoned in favor of https://authlib.org/. I would recommend everyone migrate their projects to use Authlib directly.

twwildey avatar Jun 20 '24 22:06 twwildey