Releases: zumba/vanilla-js-connect
Releases · zumba/vanilla-js-connect
v4.0.2
This release upgrades the Firebase JWT library to 6.x, because of a known vulnerability:
In Firebase PHP-JWT before 6.0.0, an algorithm-confusion issue (e.g., RS256 / HS256) exists via the kid (aka Key ID) header, when multiple types of keys are loaded in a key ring. This allows an attacker to forge tokens that validate under the incorrect key. NOTE: this provides a straightforward way to use the PHP-JWT library unsafely, but might not be considered a vulnerability in the library itself.
v4.0.1
VanillaJS using JWT auth
This release has major breaking changes since it uses the JWT authentication proposed by VanillaJS.
For more info visit https://success.vanillaforums.com/kb/articles/122-api-authentication-with-jwt
v1.0.0: Merge pull request #7 from zumba/fixingEmptyCallback
fixed empty callback