https://github.com/firebase/php-jwt/releases/tag/v6.0.0
TokenManager passes a string as the second argument to JWT::decode...
https://github.com/firebase/php-jwt/releases/tag/v6.0.0
TokenManager passes a string as the second argument to JWT::decode...
Status | Subtype | Assigned | Task | ||
---|---|---|---|---|---|
Resolved | Security | Reedy | T335288 CVE-2021-46743: firebase/php-jwt Key/algorithm type confusion | ||
Resolved | Dreamy_Jazz | T318992 Update CheckUser for firebase/php-jwt >= 6.0.0 |
Change 850297 had a related patch set uploaded (by Dreamy Jazz; author: Dreamy Jazz):
[mediawiki/extensions/CheckUser@master] Upgrade firebase/php-jwt to version 6.3.0
Change 850297 abandoned by Dreamy Jazz:
[mediawiki/extensions/CheckUser@master] Upgrade firebase/php-jwt to version 6.3.0
Reason:
Obviously no desire to merge this quickly, so abandoning to focus on more important patches.
Change 850297 restored by Reedy:
[mediawiki/extensions/CheckUser@master] Upgrade firebase/php-jwt to version 6.3.0
Change 911340 had a related patch set uploaded (by Dreamy Jazz; author: Dreamy Jazz):
[mediawiki/extensions/CheckUser@master] Prepare for upgrading firebase/php-jwt to version 6.4.0
Change 911340 merged by jenkins-bot:
[mediawiki/extensions/CheckUser@master] Prepare for upgrading firebase/php-jwt to version 6.4.0
With thanks to Reedy and Jdforrester, it looks like this can be closed (change upgrading CheckUser is in gate-and-submit).
Change 850297 merged by jenkins-bot:
[mediawiki/extensions/CheckUser@master] Upgrade firebase/php-jwt to version 6.4.0