Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore: require firebase/php-jwt v6 to force fix for key/algorithm type confusion #2398

Closed
wants to merge 1 commit into from
Closed

chore: require firebase/php-jwt v6 to force fix for key/algorithm type confusion #2398

wants to merge 1 commit into from

Conversation

alperendurmus
Copy link

Possibility of Reintroducing HS256/RSA256 Type Confusion (CVE-2021-46743)
firebase/php-jwt#351
GHSA-8xf4-w7qw-pjjw

@alperendurmus alperendurmus requested a review from a team as a code owner March 7, 2023 13:21
@google-cla
Copy link

google-cla bot commented Mar 7, 2023

Thanks for your pull request! It looks like this may be your first contribution to a Google open source project. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA).

View this failed invocation of the CLA check for more information.

For the most up to date status, view the checks section at the bottom of the pull request.

@conventional-commit-lint-gcf
Copy link

conventional-commit-lint-gcf bot commented Mar 7, 2023
edited

🤖 I detect that the PR title and the commit message differ and there's only one commit. To use the PR title for the commit history, you can use Github's automerge feature with squashing, or use automerge label. Good luck human!

-- conventional-commit-lint bot
https://conventionalcommits.org/

@bshaffer
Copy link
Contributor

bshaffer commented Mar 7, 2023

@alperendurmus Thank you for your contribution. Please sign the CLA!

@bshaffer bshaffer changed the title Firebase PHP-JWT key/algorithm type confusion chore: require firebase/php-jwt v6 to force fix for key/algorithm type confusion Mar 7, 2023
@bshaffer
Copy link
Contributor

Looks like we need to update the base version of a few other dependencies

bshaffer
bshaffer requested changes Mar 17, 2023
View reviewed changes
Copy link
Contributor

@bshaffer bshaffer left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We will have to drop support for PHP 5.6 and 7.0 before we are able to make this change.

@bshaffer
Copy link
Contributor

bshaffer commented May 1, 2023

Done in #2431

@bshaffer bshaffer closed this May 1, 2023
@alperendurmus alperendurmus deleted the patch-1 branch May 1, 2023 19:40
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@bshaffer bshaffer bshaffer requested changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@alperendurmus @bshaffer