Important ‘Namshi/jose’ JWS Library Fix

We just released a very important security fix on namshi/jose, our opensource lightweight implementation of the JWS (JSON Web Signature) in PHP.

The issue is related to the fact that any jws token was valid if the algorithm specified in the header was ‘none’ (first ‘n’ lower case). Here you can find the fix

There are three main relases:

  • 2.x
  • 3.x (It introduces the support to PHPSecLib to the already existing OpenSSL implementation)
  • 4.x (Added the ability to set custom properties in the header)
  • 5.x (Fixed HMAC signature in order to be checked by other HMAC compliant library)

We strongly suggest to update to the latest major release (2.2.2, 3.0.1, 4.0.1, 5.0.1).

On a side note thanks to everyone who contributed to this library, especially:

<3 opensource, <3 github

Newsletter #94

TechThursday is here!

This week Lucio, Filippo and David worked at the warehouse: as you can see, Lucio was pretty sad because he couldn’t use the package slide

enjoy with our links:

Welcome Armagan!

Time for another terrific addition to the team as we’re trying to embrace the DevOps culture over here!

We’ve been trying to make some key hires over the past few months, and after beefing up the team with talented JavaScripters, diligent (and very funny!) webdevelopers and experienced software engineers, we felt we needed to add someone with DevOps in his blood to help our whole team in this long, rewarding transition.

Without further ado, we welcome Armagan from Turkey, our very first 100% turk! :)

Armagan graduated from Computer Science and dove into web development with Django, then did some System Administration with Fabric and regret that as soon as he met Saltstack :) He introduced Saltstack to several companies, either built orchestration from scratch or converted from other tools like puppet or chef. Markafoni, Put.io, Koding, Kartaca and Peakgames were among those companies. Meanwhile, he developed a video on demand Android applications for Turkcell as a freelancer.

Well, best of luck Arma! And thanks for the fresh Baklava!