eddieajau
commented
9 years ago So is your current implementation vulnerable or is it safe to use? Thanks.
Open tarlepp opened 9 years ago
eddieajau
commented
9 years ago So is your current implementation vulnerable or is it safe to use? Thanks.
tarlepp
commented
9 years ago Haven't tested this, but I'm going to take a deeper look for this. Also I'm going to change that JWT part bit; basically add max age of JWT.
eddieajau
commented
9 years ago Looks like there is a critical update for jsonwebtoken in the backend. Let me know if you need any help.
LeonardoGentile
commented
9 years ago Hi, thank you very much for this project, this saves me a huge amount of setup time! About this issue, is it related only to the libraries you are using ? In this case have you already updated the package.json to included the patched version? Or is it coming from your implmentation you make of jwt?
Thanks
tarlepp
commented
9 years ago @LeonardoGentile Yeah, that's the plan but I really don't know when I have time for this. You guys should update jsonwebtoken to latest version.
And why? That's why https://auth0.com/blog/2015/03/31/critical-vulnerabilities-in-json-web-token-libraries/