Jose

Latest version: v1.0.0

Safety actively analyzes 613631 Python packages for vulnerabilities to keep your Python projects secure.

Scan your dependencies

Page 1 of 2

1.1.1

------------------
- Fixed handling of expiration exceptions during selection of decryption method
(patch contributed by yuriikonovaliuk)

1.1.0

------------------
- Allowed to decrypt JWE compliant tokens (patch contributed by
yuriikonovaliuk)

Note: Tokens generated by `encrypt` are not JWE spec compliant. Prior to this
patch `decrypt` was not able to decrypt JWE spec compliant tokens as well.

1.0.0

------------------
- Fixed bug in authentication tag computation (patch contributed by jaimeperez)

Important: This is a backwards incompatible change, in that tokens produced in this version will not be decipherable by tokens < 1.0.0. The jwe hash string used was changed to use an empty string rather than "." to fall in line with https://tools.ietf.org/html/rfc7518#section-5.2.2.1

0.3.0

------------------
- Fixed critical JWT vulnerability (patch contributed by yuriikonovaliuk)

Important: Only unencrypted tokens are vulnerable. This fix lead to backward
incompatible change to `verify` function signature.

0.2.2

Not secure
------------------
- RFC compliance fixes (patch contributed by jaimeperez)

Important: This change introduces a temporarily injected key (__v) in order to
distinguish between legacy and newly issued tokens. This allows for the use
of either token as to not break backwards compatibility and (possibly)
degrade user experience. This will be removed for v1.0.

In order to verify whether or not clients are using a legacy token, the
application code can verify whether or not the key "__v" is contained in the
headers (this can be done after deserialize_compact). The existence of the key
identifies a newly created token.

0.2.1

Not secure
------------------
- Unpinned pycrypto dependency (patch contributed by kuba)
- Added CLI exposing "decrypt" command
- Added custom exceptions, making client error handling easier

Page 1 of 2

Links

Releases

© 2024 Safety CLI Cybersecurity Inc. All Rights Reserved.