Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update fork to match upstream #1

Merged
merged 11 commits into from
Sep 23, 2021
Merged

Update fork to match upstream #1

merged 11 commits into from
Sep 23, 2021

Conversation

quinnleong
Copy link

@quinnleong quinnleong commented Sep 23, 2021
edited
Loading

Pull in recent changes since forking (last update currently in master is from Feb 2020). The only deviation I could find to resolve is this PR, but it looks like the changes in that PR are already implemented in the most recent version of the upstream main branch (would appreciate a 👍🏼 / second set of eyes on that though to make sure).

I ran the hound go tests using this package locally with my go.mod pointed to this updated version, and they all passed. My plan from here is to merge this in, tag it as a new release, and then create a hound branch updating go.mod to point to the new-release version of this repo for its own PR/testing.

Asana: Resolve Critical Security Issues with russellhaering/gosaml2 and russellhaering/goxmldsig

@quinnleong quinnleong requested a review from toshok September 23, 2021 18:36
@quinnleong quinnleong marked this pull request as ready for review September 23, 2021 18:36
@toshok
Copy link

toshok commented Sep 23, 2021
edited
Loading

unfortunately upstream didn't implement them the way we need, so we'll still be on the hook for figuring out how to make it work for our use-case (either instead of the way upstream does it or some way to support both).

Upstream did implement RSA1.5 transport, but only for TripleDES keys. We need it for AES keys.

toshok
toshok approved these changes Sep 23, 2021
View reviewed changes
Copy link

@toshok toshok left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this PR is just fetching new stuff for master from upstream right? 👍

@quinnleong quinnleong merged commit 3be600b into master Sep 23, 2021
@quinnleong quinnleong deleted the qleong.update branch September 23, 2021 19:49
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@toshok toshok toshok approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@quinnleong @toshok @russellhaering