Backport of CVE fix? - Githubissues

nov / json-jwt

JSON Web Token and its family (JSON Web Signature, JSON Web Encryption and JSON Web Key) in Ruby

MIT License

299 stars 80 forks source link

Backport of CVE fix? #121

Closed mjankowski closed 6 months ago

mjankowski commented 6 months ago

Thanks for the quick response and version release for this CVE!

Any chance of getting this backported and getting a 1.15.x release? Updating from 1.15.x to 1.16.x requires a faraday v1 to v2 update -- and for projects which still have dependencies locked to faraday v1.x they won't be able to do this json-jwt update.

Understood if this is not viable, but figured I'd ask.

Capncavedan commented 6 months ago

Would also really appreciate a backport of the CVE fix!

Capncavedan commented 6 months ago

Opened PR https://github.com/nov/json-jwt/pull/122

nov commented 6 months ago

v1.15.3.1 is released

mjankowski commented 6 months ago

Thanks!

Capncavedan commented 6 months ago

thank you, @nov!