Skip to content

Releases: zumba/vanilla-js-connect

v4.0.2

03 Apr 21:25
e5b058f
Compare
Choose a tag to compare

This release upgrades the Firebase JWT library to 6.x, because of a known vulnerability:

In Firebase PHP-JWT before 6.0.0, an algorithm-confusion issue (e.g., RS256 / HS256) exists via the kid (aka Key ID) header, when multiple types of keys are loaded in a key ring. This allows an attacker to forge tokens that validate under the incorrect key. NOTE: this provides a straightforward way to use the PHP-JWT library unsafely, but might not be considered a vulnerability in the library itself.

v4.0.1

20 Nov 21:52
bc7479c
Compare
Choose a tag to compare
Merge pull request #17 from zumba/config-null

Rather than causing an error, check for config when it is needed and …

VanillaJS using JWT auth

29 Jul 16:36
f46e350
Compare
Choose a tag to compare

This release has major breaking changes since it uses the JWT authentication proposed by VanillaJS.

For more info visit https://success.vanillaforums.com/kb/articles/122-api-authentication-with-jwt

v1.0.0: Merge pull request #7 from zumba/fixingEmptyCallback

13 Jul 18:09
Compare
Choose a tag to compare
fixed empty callback