| AArch64 | |
| ppc64le | |
| s390x | |
| x86-64 |
- CVE-2022-3102: jwcrypto token substitution can lead to authentication bypass (bsc#1209496) * added CVE-2022-3102.patch - CVE-2023-6681: denial of service Via specifically crafted JWE (bsc#1219837) * added CVE-2023-6681.patch - CVE-2024-28102: malicious JWE token can cause denial of service (bsc#1221230) * added CVE-2024-28102.patch - CVE-2026-39373: Memory exhaustion via crafted compressed JWE tokens (bsc#1261802) * added CVE-2026-39373.patch
- update to upstream release 0.7.0 * Allow to use JWKSet on a JWT with no KID * Fixed JWE jose_header * Added JWE/JWS custom registry header implementation * RFC 8037 - Support for Ed25519, Ed448 * Stricter OKP key generation parms check * Add X25519/X448 support * Simplify internal code curve selection * Fix encoding length of EC keys Coordinates * Add the ability to verify 'none' signatures * Import ABC from collections.abc instead of collections for Python 3.9 compatibility
- update to upstream release 0.6.0 * Use python-cryptography's AES key wrapping * Add tests for key wrapping where CEK < KEK * Fix ECDH-ES key exchange for CEK greater than KEK * Add support for RFC7797 * Fix JWK.from_json
- Remove superfluous devel dependency for noarch package
- update to upstream release 0.5.0: * Better validation of JWE * Avoid deprecation warnings * Tested to work with python 3.7
- Clean SPEC file
- singlespec auto-conversion
- update to upstream release 0.4.2
- update to upstream release 0.4.1
- update to upstream release 0.4.0
- initial package of upstream release 0.3.1