Skip to content

v2.0
Compare
Choose a tag to compare
@dakujem dakujem released this 19 Apr 15:05
· 3 commits to trunk since this release
2.0
859fc8d
This commit was signed with the committer’s verified signature.
dakujem Andrej Rypo
GPG key ID: B2ABC0330061C8C0
Verified
Learn about vigilant mode.

Mitigates security vulnerability CVE-2021-46743.

Notable changes:

  • requires PHP 8.
  • requires configuration changes
    • subtle change of wrapping the string secret into the new Secret configuration object when only using a single algorithm for encoding/decoding
    • when using multiple possible algorithms, "kid" JWT header parameter must be used when encoding the JWT

See the changelog for detailed info. Also see this issue to understand the changes.

Assets 2
Loading