SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for jose4j-0.9.5-1.2.uyuni3.noarch.rpm :

* Fri Mar 01 2024 Michael Calmer - update to 0.9.5- important changes:
* fix denial of service (CPU consumption) via a large p2c (aka PBES2 Count) value - CVE-2023-51775 (bsc#1220726)
* Add RFC 8037 support: EdDSA for JWS with Ed25519 & Ed448 (needs Java 17) X25519 & X448 ECDH for JWE (needs Java 11) OKP (Octet Key Pair) type for JWK
* Add support for the ES256K JWS alg (ECDSA using secp256k1 curve and SHA-256 per RFC8812) and the secp256k1 EC JWK crv
* Add support for producing RFC9278 JWK Thumbprint URI values
* more changes in the Release Notes https://bitbucket.org/b_c/jose4j/wiki/Release%20Notes- Remove: PBES2-check-iteration-count.patch- fix package group
* Wed Feb 21 2024 Fridrich Strba - Use %patch -P N instead of deprecated %patchN.
* Mon Jan 29 2024 Michael Calmer - Check iteration of Pbes2HmacShaWithAesKey algorithm CVE-2023-31582 (bsc#1216609) Added: PBES2-check-iteration-count.patch
* Mon Jan 29 2024 Michael Calmer - update to 0.5.1- changes since 0.5.0
* Addressed #65 so that the \"class \" prefix is not on the logger names of AlgorithmFactory
* Addressed #63 with support for additional/arbitrary parameters in JWK
* Addressed #64 by adding key_ops to JWK
* Addressed #58 by having JwtClaims getAudience() and getStringListClaimValue(name) return an empty list rather than null when the claim isn’t present- changes since 0.4.4
* Addressed #37 with some fairly rudimentary but useful support for PEM encoded public keys
* Addressed #54 by enabling HttpsJwks.getJsonWebKeys() to continue to use the existing cache when an exception is thrown from refresh(). Default behavior is unchanged and setRetainCacheOnErrorDuration(...) must be called with a value larger than zero to get the new behavior.
* #36 Added support for RFC 7638 JWK thumbprints
* Addressed #35 by allowing the caller of various JOSE and JWT functionality to specify a particular JCA provider by name for cryptographic operations
* Addressed #44 by providing a generic callback to JwtConsumer to customize each JWS/JWE
* Addressed #43 now supports the \'crit\' header
* Fix ClassCastException with AndroidKeyStoreRSAPrivateKey on Android 6.0 Marshmallow
* Fix #46 by using the original encoded payload in signature verification rather than a re-encoding of the payload
* Addressed #48 by providing a method for getting a JWS with detached content
* Fix #38 by not logging secrets and other info from ConcatKeyDerivationFunction
* Fix #41 allowing users to specify arbitrary NumericDate values
* Fix #39 - no more NPE by conditionally avoiding key length checks when raw secret key isn’t available because of non-extractable key data due to PKCS11/HSM provider- add %defattr- Declare the LICENSE file as license and not doc
* Wed Oct 25 2023 Fridrich Strba - Build with source and target levels 8
* Mon Jun 06 2022 Julio González Gil - Declare the LICENSE file as license and not doc
* Wed Nov 18 2015 roAATTsuse.de- fix group entry in specfile
* Fri Oct 23 2015 dmacvicarAATTsuse.de- initial version for 0.4.4
  
ICM