Closed novalagung closed 2 years ago
Thanks for the PR @novalagung. I think we are missing a change in the jwt_test file?
@abdulajet thanks for responding. I'll update the test, will ping you once it's ready
@abdulajet please retest. I pushed some updates.
The JWT lib is changed to github.com/golang-jwt/jwt@v3.2.1. That specific version includes an update that patches the CVE-2020-26160
@novalagung thanks for the PR.
refer to CVE-2020-26160
it's recommended to use
github.com/golang-jwt/jwt
instead ofgithub.com/dgrijalva/jwt-go
. the lib is backward compatible. it is actually the cloned version of dgrijalva's and actively maintained.