Skip to content

JWT Security Issue CVE-2020-26160 #1934

New issue
New issue
Closed
Closed
JWT Security Issue CVE-2020-26160#1934
@ddibiasi

Description

@ddibiasi
ddibiasi
opened on Jul 27, 2021

Issue Description

Echo is using github.com/dgrijalva/jwt-go, which is officially unmaintained since April.

Today I received a notification from Github, that this library is affected by a major security issue GHSA-w73w-5m7g-f7qc. It is recommended to migrate to https://github.com/golang-jwt/jwt.

Is there currently any change planned to use golang-jwt instead of dgrijalva/jwt-go?

Checklist

  • Dependencies installed
  • No typos
  • Searched existing issues and docs

Version/commit

Echo 4.4.0

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions