jose - npm Package Compare versions

Comparing version 1.28.0 to 1.28.1

CHANGELOG.md

@@ -1,5 +0,12 @@
-# Change Log
+# Changelog
 
 All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines.
 
+### [1.28.1](https://github.com/panva/jose/compare/v1.28.0...v1.28.1) (2021-04-09)
+
+
+### Bug Fixes
+
+* defer AES CBC w/ HMAC decryption after tag verification passes ([08e1bc5](https://github.com/panva/jose/commit/08e1bc5ce7120eac78377577acba2f811c3a0b2b))
+
 # [1.28.0](https://github.com/panva/jose/compare/v1.27.3...v1.28.0) (2020-08-10)
@@ -6,0 +13,0 @@

lib/jwa/aes_cbc_hmac_sha2.js

@@ -47,2 +47,6 @@ const { createCipheriv, createDecipheriv, getCiphers } = require('crypto')
 
+  if (!macCheckPassed) {
+    throw new JWEDecryptionFailed()
+  }
+
   let cleartext
@@ -54,3 +58,3 @@ try {
 
-  if (!cleartext || !macCheckPassed) {
+  if (!cleartext) {
     throw new JWEDecryptionFailed()
@@ -57,0 +61,0 @@ }

package.json

 {
   "name": "jose",
-  "version": "1.28.0",
+  "version": "1.28.1",
   "description": "JSON Web Almost Everything - JWA, JWS, JWE, JWK, JWT, JWKS for Node.js with minimal dependencies",
@@ -5,0 +5,0 @@ "keywords": [

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

232926

increased by0.13%

Lines of code

4858

increased by0.06%

No dependency changes