Request 1153823: Submit jose4j - openSUSE Build Service

Overview

Request 1153823 accepted

- update to 0.9.5
- important changes:
* fix denial of service (CPU consumption) via a large p2c
(aka PBES2 Count) value - CVE-2023-51775 (bsc#1220726)
* Add RFC 8037 support:
EdDSA for JWS with Ed25519 & Ed448 (needs Java 17)
X25519 & X448 ECDH for JWE (needs Java 11)
OKP (Octet Key Pair) type for JWK
* Add support for the ES256K JWS alg (ECDSA using secp256k1 curve
and SHA-256 per RFC8812) and the secp256k1 EC JWK crv
* Add support for producing RFC9278 JWK Thumbprint URI values
* more changes in the Release Notes
https://bitbucket.org/b_c/jose4j/wiki/Release%20Notes
- Remove: PBES2-check-iteration-count.patch
- fix package group

Created by mcalmer 4 months ago
In state accepted

Submit jose4j

Comments for request 1153823 0

Login required, please login in order to comment

Request History

mcalmer created request 4 months ago

- update to 0.9.5
- important changes:
* fix denial of service (CPU consumption) via a large p2c
(aka PBES2 Count) value - CVE-2023-51775 (bsc#1220726)
* Add RFC 8037 support:
EdDSA for JWS with Ed25519 & Ed448 (needs Java 17)
X25519 & X448 ECDH for JWE (needs Java 11)
OKP (Octet Key Pair) type for JWK
* Add support for the ES256K JWS alg (ECDSA using secp256k1 curve
and SHA-256 per RFC8812) and the secp256k1 EC JWK crv
* Add support for producing RFC9278 JWK Thumbprint URI values
* more changes in the Release Notes
https://bitbucket.org/b_c/jose4j/wiki/Release%20Notes
- Remove: PBES2-check-iteration-count.patch
- fix package group

fstrba accepted request 4 months ago

openSUSE Build Service is sponsored by