remove RSA and RSAOAEP encryption for Marvin attack
Changes from 10.9.0 to 11.0.0 (2024-Jan-16)
remove RSA PKCS#1.5 end OAEP encryption/decryption for Marvin attack (#598)
src/crypto.js
remove KJUR.crypto.Cipher class for RSA and RSAOAEP encryption/decryption
ext/{rsa,rsa2}.js
remove encrypt/decrypt/encryptOAEP/decryptOAEP for RSAKey class
enhanced support for encrypted PKCS8
Changes from 10.8.6 to 10.9.0 (2023-Nov-27)
KEYUTIL.getPEM is updated not to use weak ciphers (#599)
default encryptionScheme is changed from des-EDE3-CBC to aes256-CBC
default prf is changed from hmacWithSHA1 to hmacWithSHA256
src/keyutil.js
more encrypted PKCS#8 private key support
KEYUTIL.getKey now supports encrypted PKCS#8 private key with
aes128-CBC, aes256-CBC encrypted and using hmacWithSHA224/256/384/512 as
psudorandom function.
KEYUTIL.getPEM now supports such as above encrypted PKCS#8 PEM
priavte key.
src/crypto.js
Cipher.decrypt/encrypt now supports symmetric ciphers (des-EDE3-CBC,aes128-CBC,aes256-CBC)
src/base64x.js
function inttohex and twoscompl are added
src/asn1.js
ASN1Util.bigIntToMinTwosComplementsHex is now DEPRECATED. use twoscompl.
remove RSA and RSAOAEP encryption for Marvin attack
Changes from 10.9.0 to 11.0.0 (2024-Jan-16)
remove RSA PKCS#1.5 end OAEP encryption/decryption for Marvin attack (#598)
src/crypto.js
remove KJUR.crypto.Cipher class for RSA and RSAOAEP encryption/decryption
ext/{rsa,rsa2}.js
remove encrypt/decrypt/encryptOAEP/decryptOAEP for RSAKey class
enhanced support for encrypted PKCS8
Changes from 10.8.6 to 10.9.0 (2023-Nov-27)
KEYUTIL.getPEM is updated not to use weak ciphers (#599)
default encryptionScheme is changed from des-EDE3-CBC to aes256-CBC
default prf is changed from hmacWithSHA1 to hmacWithSHA256
src/keyutil.js
more encrypted PKCS#8 private key support
KEYUTIL.getKey now supports encrypted PKCS#8 private key with
aes128-CBC, aes256-CBC encrypted and using hmacWithSHA224/256/384/512 as
psudorandom function.
KEYUTIL.getPEM now supports such as above encrypted PKCS#8 PEM
priavte key.
src/crypto.js
Cipher.decrypt/encrypt now supports symmetric ciphers (des-EDE3-CBC,aes128-CBC,aes256-CBC)
src/base64x.js
function inttohex and twoscompl are added
src/asn1.js
ASN1Util.bigIntToMinTwosComplementsHex is now DEPRECATED. use twoscompl.
NodeOPCUA continues to grow and evolve, thanks to the invaluable support from community members like YOU! ๐
We're dedicated to enhancing and expanding the capabilities of node-opcua, and we invite you to be a part of this exciting journey. Consider contributing through our membership program at Sterfive or by donating on
NodeOPCUA continues to grow and evolve, thanks to the invaluable support from community members like YOU! ๐
We're dedicated to enhancing and expanding the capabilities of node-opcua, and we invite you to be a part of this exciting journey. Consider contributing through our membership program at Sterfive or by donating on
NodeOPCUA continues to grow and evolve, thanks to the invaluable support from community members like YOU! ๐
We're dedicated to enhancing and expanding the capabilities of node-opcua, and we invite you to be a part of this exciting journey. Consider contributing through our membership program at Sterfive or by donating on
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/mikakaraila/node-red-contrib-opcua/network/alerts).
Bumps jsrsasign to 11.0.0 and updates ancestor dependencies jsrsasign, node-opcua, node-opcua-client-crawler and node-opcua-file-transfer. These dependencies need to be updated together.
Updates
jsrsasign
from 10.8.6 to 11.0.0Release notes
Sourced from jsrsasign's releases.
Changelog
Sourced from jsrsasign's changelog.
... (truncated)
Commits
d73befc
11.0.0 release32f73af
update jsdocdf54d0b
enhanced support for encrypted PKCS8Updates
node-opcua
from 2.113.0 to 2.120.0Release notes
Sourced from node-opcua's releases.
... (truncated)
Commits
f4ae243
v2.120.0a0234bb
update packages2e6d593
update book url85bee18
update lock fil521f18d
fixes #1277 - instantiating ObjectType with two Folders45240f8
add example for github #1232af35205
update copyright yearf3d452b
fix copyright year and other adjustments37e1816
add open collective badges744648e
relax Encoding detection to cope with bugs in python's asyncua - fixing #1232Updates
node-opcua-client-crawler
from 2.113.0 to 2.120.0Release notes
Sourced from node-opcua-client-crawler's releases.
... (truncated)
Commits
f4ae243
v2.120.0a0234bb
update packages2e6d593
update book url85bee18
update lock fil521f18d
fixes #1277 - instantiating ObjectType with two Folders45240f8
add example for github #1232af35205
update copyright yearf3d452b
fix copyright year and other adjustments37e1816
add open collective badges744648e
relax Encoding detection to cope with bugs in python's asyncua - fixing #1232Updates
node-opcua-file-transfer
from 2.113.0 to 2.120.0Release notes
Sourced from node-opcua-file-transfer's releases.
... (truncated)
Commits
f4ae243
v2.120.0a0234bb
update packages2e6d593
update book url85bee18
update lock fil521f18d
fixes #1277 - instantiating ObjectType with two Folders45240f8
add example for github #1232af35205
update copyright yearf3d452b
fix copyright year and other adjustments37e1816
add open collective badges744648e
relax Encoding detection to cope with bugs in python's asyncua - fixing #1232Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase
.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show