Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: coreos/go-oidc
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: v3.14.1
Choose a base ref
...
head repository: coreos/go-oidc
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: v3.15.0
Choose a head ref
  • 1 commit
  • 3 files changed
  • 1 contributor

Commits on Jul 30, 2025

  1. oidc: verify the ID Token's signature before processing claims 

    This change updates the verification logic of this library to first
validate the ID Token instead of parsing claims. This hopefully makes it
harder for a malicious client to provide an invalid token for validation
that's crafted to cause this package to over-allocate memory. See the
associated bug and CVE-2025-27144.

Fixes #463
    @ericchiang
    ericchiang committed Jul 30, 2025
    Configuration menu
    Copy the full SHA
    8d1e57e View commit details
    Browse the repository at this point in the history
Loading