- 🇫🇷France Renrhaf 📍 Strasbourg 🐦🦜
+ ./local-php-security-checker Symfony Security Check Report ============================= 1 package has known vulnerabilities. firebase/php-jwt (v5.5.1) ------------------------- * [CVE-2021-46743][]: Key/algorithm type confusion [CVE-2021-46743]: ]8;;https://github.com/advisories/GHSA-8xf4-w7qw-pjjwhttps://github.com/advisories/GHSA-8xf4-w7qw-pjjw]8;; Note that this checker can only detect vulnerabilities that are referenced in the security advisories database. Execute this command regularly to check the newly discovered vulnerabilities
There is a security issue with the currently used library
- 🇺🇸United States pwolanin
@Renrhaf did you read the extensive note I posted on the project page? https://www.drupal.org/project/jwt →
See also: 📌 Make a 2.x release series compatible with 6.x releases for JWT library Fixed
Your comment isn't relevant to this issue which would be around considering a totally different library.
- Status changed to Closed: outdated
almost 2 years ago 4:20pm 11 March 2023 - 🇺🇸United States pwolanin
Since firebase seems to be getting more regular support/development now and supports Ed25519 signatures I think this can be closed.
I also like the the firebase library is pretty simple - most of these others seems to have gone out of their way to make the code complex and hard to use.