Security vulnerability in jwt-go

zhaow-de / pam-keycloak-oidc

PAM module connecting to Keycloak for user authentication using OpenID Connect/OAuth2, with MFA/2FA/TOTP support

MIT License

60 stars 13 forks source link

Security vulnerability in jwt-go #12

Open deridiot opened 5 months ago

deridiot commented 5 months ago

https://github.com/dgrijalva/jwt-go/issues/428

Furthermore that project is now archived. The new repository is located at https://github.com/golang-jwt/jwt which also addresses the security vulnerability.

- github.com/dgrijalva/jwt-go v3.2.0+incompatible
+ github.com/golang-jwt/jwt v3.2.2+incompatible

varlenthegray commented 4 weeks ago

For anyone who stumbles upon this, I forked and updated this:

https://github.com/varlenthegray/pam-keycloak-oidc