Loading...

XML

Word

Printable

Release Note Type:
Enhancement
Release Note Text:

Hide
.`jose` rebased to version 14

The `jose` package has been upgraded to upstream version 14. `jose` is a C-language implementation of the Javascript Object Signing and Encryption (JOSE) standards. The most important enhancements and fixes include the following:

* Improved bound checks for the `len` function for the `oct` JWK Type in OpenSSL.
* The protected JSON Web Encryption (JWE) headers no longer contain `zip`.
* `jose` avoids potential denial of service (DoS) attacks by using high decompression chunks.

Show
.`jose` rebased to version 14 The `jose` package has been upgraded to upstream version 14. `jose` is a C-language implementation of the Javascript Object Signing and Encryption (JOSE) standards. The most important enhancements and fixes include the following: * Improved bound checks for the `len` function for the `oct` JWK Type in OpenSSL. * The protected JSON Web Encryption (JWE) headers no longer contain `zip`. * `jose` avoids potential denial of service (DoS) attacks by using high decompression chunks.
Release Note Status:
Done

jose package should be updated to latest upstream stable release (jose 14)

Upstream release that is considered latest: 14
Current version/release in RHEL-9: 11-3.el9
URL: https://github.com/latchset/jose

links to

RHBA-2024:132854 jose update