Page MenuHomePhabricator

Update firebase/php-jwt to 3.0.0 in OAuth extension
Closed, ResolvedPublic

Description

What it says on the tin!

Main change is moving the code into namespaces, so will need to be updated for that

Details

Related Gerrit Patches:
mediawiki/extensions/OAuth : masterUpdate firebase/php-jwt to 3.0.0

Event Timeline

Reedy created this task.Nov 21 2015, 12:41 PM
Reedy raised the priority of this task from to Needs Triage.
Reedy updated the task description. (Show Details)
Reedy updated the task description. (Show Details)
Reedy set Security to None.
Reedy added subscribers: Aklapper, Reedy, StudiesWorld.

Change 254642 had a related patch set uploaded (by Reedy):
Update firebase/php-jwt to 3.0.0

https://gerrit.wikimedia.org/r/254642

Legoktm added subscribers: csteipp, Legoktm.

Full changelog is https://github.com/firebase/php-jwt/compare/e0a75bfb6413f22092c99b70f310ccb2cca3efa5...fa8a06e96526eb7c0eeaa47e4f39be59d21f16e1, and it looks like the only actual code change is https://github.com/firebase/php-jwt/commit/49f7de66cfb3ae4867a0c95665102b2b0386c4a0 "require a non-empty key to decode a JWT"

@csteipp/security people, could you take a quick look and make sure the new version is ok? I can take care of coordinating the merges if it is.

Change 254642 merged by jenkins-bot:
Update firebase/php-jwt to 3.0.0

https://gerrit.wikimedia.org/r/254642

Did I never comment on this? Sorry about that..

Ex:OAuth should never call php-jwt with an empty key, but good to update the library to make it impossible.

Has vendor been updated too?

Reedy added a comment.Jan 14 2016, 1:14 AM

Yup, see https://gerrit.wikimedia.org/r/#/c/254641/ and T119294... Which should've been closed already. Will do that now

Reedy closed this task as Resolved.Jan 14 2016, 1:15 AM
Reedy claimed this task.