Skip to content

πŸ’  JadeGate v1.3.1 β€” Security Hardening

Choose a tag to compare

View all tags
@Myoontyee Myoontyee released this 24 Feb 02:36

v1.3.1 - Security Hardening

  • Fix: timing-safe comparison in signature verification (hmac.compare_digest)
  • Fix: ReDoS vulnerability in fork bomb detection regex
  • Fix: path traversal sanitization in validator and registry
  • Fix: private key no longer printed to stdout in jade_keygen.py
  • Fix: setup.py license classifier mismatch (BSL-1.1, not MIT)
  • Docs: README Layer 3 description corrected (Dangerous Commands, not Bayesian)
  • Docs: "Open Source" β†’ "Source-available (BSL 1.1)"

Thanks to external security review for identifying these issues.

Install

pip install jadegate==1.3.1