Tag
Changes: Jwt
All changelog entries tagged with Jwt.

Critical Security Patch: JWT Signing Algorithm Vulnerability

SecurityBug FixesSecurityJwtBug Fix

A critical security vulnerability was discovered in our JWT signing implementation. This patch fixes the issue where certain edge cases could allow token forgery under specific conditions.

Security impact:

  • Severity: High
  • CVSS Score: 8.3
  • Affected versions: 2.0.0 - 2.4.3

Fix details:

  • Updated RSA key validation logic
  • Enhanced signature verification
  • Improved error handling in token parsing

All users running affected versions must update immediately to ensure secure authentication.

Read more