3
0
mirror of https://github.com/ergochat/ergo.git synced 2024-11-24 21:09:30 +01:00
ergo/vendor/github.com/golang-jwt/jwt/v5/SECURITY.md
Shivaram Lingamneni ee7f818674
implement SASL OAUTHBEARER and draft/bearer (#2122)
* implement SASL OAUTHBEARER and draft/bearer
* Upgrade JWT lib
* Fix an edge case in SASL EXTERNAL
* Accept longer SASL responses
* review fix: allow multiple token definitions
* enhance tests
* use SASL utilities from irc-go
* test expired tokens
2024-02-13 18:58:32 -05:00

875 B
Raw Permalink Blame History

Security Policy

Supported Versions

As of February 2022 (and until this document is updated), the latest version v4 is supported.

Reporting a Vulnerability

If you think you found a vulnerability, and even if you are not sure, please report it to jwt-go-security@googlegroups.com or one of the other golang-jwt maintainers. Please try be explicit, describe steps to reproduce the security issue with code example(s).

You will receive a response within a timely manner. If the issue is confirmed, we will do our best to release a patch as soon as possible given the complexity of the problem.

Public Discussions

Please avoid publicly discussing a potential security vulnerability.

Lets take this offline and find a solution first, this limits the potential impact as much as possible.

We appreciate your help!