This repository has been archived by the owner on Feb 25, 2019. It is now read-only.

Security update

adalinesimonian released this 03 Sep 21:37

· 236 commits to master since this release

If you are running Anvil Connect 0.1.52 or earlier, please upgrade to 0.1.53. This release patches a security vulnerability.

Changes:

Fix: unverified redirect_uri redirect vulnerability (#216)
Fix: Improve nv command behaviour and output
Fix: Improve standards-compliance with fragment and query string URLs
Fix: Validate redirect_uris properly (#215)
Fix: Validate that jwks and jwks_uri are not both used on clients (#98)
New: Support none response_type (#55)

Assets 2