-
Notifications
You must be signed in to change notification settings - Fork 575
Replace python-jose dependency #565
Copy link
Copy link
Open
Labels
priority: p1Important issue which blocks shipping the next release. Will be fixed prior to next release.Important issue which blocks shipping the next release. Will be fixed prior to next release.type: cleanupAn internal cleanup or hygiene concern.An internal cleanup or hygiene concern.
Description
Metadata
Metadata
Assignees
Labels
priority: p1Important issue which blocks shipping the next release. Will be fixed prior to next release.Important issue which blocks shipping the next release. Will be fixed prior to next release.type: cleanupAn internal cleanup or hygiene concern.An internal cleanup or hygiene concern.
A vulnerability has been found in the
ecdsadependency which will not be patched in thepython-josepackage.python-joseseems to be abandoned. Other people are also encountering these security issues.I suggest to update authenticating-users/main.py to not use this insecure package. A commonly used alternative is PyJWT.