Loading...

Linking RHIVOS CVEs to...

Migration: Automation ...

SWIFT: POC Conversion

Sync from "Extern...

XML

Word

Printable

Release Note Type:
Rebase
Release Note Text:

Hide
.`jose` provided in version 14

The `jose` package is provided in version 14 in RHEL 10. The `jose` utility is a C-language implementation of the Javascript Object Signing and Encryption (JOSE) standards. The most important enhancements and fixes include the following:

* Improved bound checks for the `len` function for the `oct` JWK Type in OpenSSL, as a fix to an error reported by the SAST (Static Application Security Testing) process.
* The protected JSON Web Encryption (JWE) headers no longer contain `zip`.
* The `jose` utility avoids potential denial of service (DoS) attacks by using high decompression chunks.

Show
.`jose` provided in version 14 The `jose` package is provided in version 14 in RHEL 10. The `jose` utility is a C-language implementation of the Javascript Object Signing and Encryption (JOSE) standards. The most important enhancements and fixes include the following: * Improved bound checks for the `len` function for the `oct` JWK Type in OpenSSL, as a fix to an error reported by the SAST (Static Application Security Testing) process. * The protected JSON Web Encryption (JWE) headers no longer contain `zip`. * The `jose` utility avoids potential denial of service (DoS) attacks by using high decompression chunks.
Release Note Status:
Done

jose package should be updated to latest upstream stable release (jose 14)

Upstream release that is considered latest: 14
Current version/release in RHEL-10: 12-1.el10
URL: https://github.com/latchset/jose

links to

RHBA-2024:132860 jose update