Replace python-jose dependency #565
Labels
priority: p1
Important issue which blocks shipping the next release. Will be fixed prior to next release.
type: bug
Error or flaw in code with unintended results or allowing sub-optimal usage patterns.
Comments
|
Further searching also shows that GoogleCloudPlatform/python-docs-samples/iap/validate_jwt.py could contain a potential solution |
vchudnov-g
added
type: bug
|
Thanks for reporting this issue! We'll address it promptly. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
A vulnerability has been found in the
ecdsadependency which will not be patched in thepython-josepackage.python-joseseems to be abandoned. Other people are also encountering these security issues.I suggest to update authenticating-users/main.py to not use this insecure package. A commonly used alternative is PyJWT.
The text was updated successfully, but these errors were encountered: