Newsletter #101

Hi guys, even after the 100th newsletter we still have something to suggest you.

This week Cirpo, David and Alex went to the warehouse … it seems Namshi Tech will release a new application soon.

Newsletter 100…we’ve Come a Long Way!

Without even realizing it, we’ve come quite far with our small, weekly newsletter: to celebrate it’s 100th edition I’d like to spend a few words on how meaningful this platform is to us.

Important ‘Namshi/jose’ JWS Library Fix

We just released a very important security fix on namshi/jose, our opensource lightweight implementation of the JWS (JSON Web Signature) in PHP.

The issue is related to the fact that any jws token was valid if the algorithm specified in the header was ‘none’ (first ‘n’ lower case). Here you can find the fix

There are three main relases:

  • 2.x
  • 3.x (It introduces the support to PHPSecLib to the already existing OpenSSL implementation)
  • 4.x (Added the ability to set custom properties in the header)
  • 5.x (Fixed HMAC signature in order to be checked by other HMAC compliant library)

We strongly suggest to update to the latest major release (2.2.2, 3.0.1, 4.0.1, 5.0.1).

On a side note thanks to everyone who contributed to this library, especially:

<3 opensource, <3 github

Newsletter #94

TechThursday is here!

This week Lucio, Filippo and David worked at the warehouse: as you can see, Lucio was pretty sad because he couldn’t use the package slide

enjoy with our links: