web-token/jwt-library · IA Squad

Skip to content

php · web-token/jwt-libraryHeads-up

web-token/jwt-library: RSACrypt::decryptWithRSA15() now uses implicit rejection to prevent padding oracle attacks

RSACrypt::decryptWithRSA15() now performs implicit rejection on invalid PKCS#1 v1.

19 Jun 2026 · schedule it

php · web-token/jwt-libraryCritical

web-token/jwt-library: PBES2AESKW enforces max iteration count to prevent DoS

PBES2AESKW::unwrapKey() now enforces a configurable maximum iteration count (DEFAULT_MAX_COUNT = 1_000_000) in checkHeaderAddition

19 Jun 2026 · act now