-
*Description*:
>When OIDC provider rotates the keys, Envoy fails to refetch the keys and returns the following error:
```
Jwks doesn't have key to match kid or alg from Jwt
```
*Repro steps*:
…
-
Quoting @nicolas17 in ticket #2353
> The client's normal requests authenticate with the "account key" or "authenticator", which is stored directly in the database as clear text. If the database is…
-
### Describe the enhancement you're suggesting.
The current module of security key U2F is not supported by windows.
Reproduction
Use the firmware as usual, get a clean install of windows 11, tr…
-
I like this logger, however, it does present a security risk. I know you said it doesn't do it on mac, but that's a big what IF.
It would be much better to actually just keep the count in a table ins…
-
Hi Team,
We have spec file(OAS3) having apiKey param.. Example is below. Linter is complaining security issue though required apiKey details exist.. On checking, we found only OAUTH2 is supported. Is…
-
Hi, first of all, thanks for the very useful package!
---
Due to Firefox having more strict rules for (self signed) certificates, the generated files cannot be used to tell Firefox to trust the …
-
# Bug report
When using the "apt:" module to configure a local mirror for the "primary" and "security" keys, if the mirror is signed by a local key, the rendered ubuntu.sources file still has "Signed…
-
this is related to https://github.com/mailvelope/mailvelope/issues/45
I'm sorry, but for me this is far from providing security, anyone that gain access to the laptop can attack the browser web sto…
-
When it comes to applications, security is up to them. But the `k8s-router` does allow you to have some level of security in that you need an API Key to access your deployments. Thankfully this is o…
-
Ni hao, you have bad practices in your KeyUtil.
1) UUID is not recommended for other stuff than userId. It was used back in the day for content management systems in Java. It is definitely not for …