-
Notifications
You must be signed in to change notification settings - Fork 87
Fix CVE-2020-36843 by rejecting malleable signatures wih s>=L.#96
Fix CVE-2020-36843 by rejecting malleable signatures wih s>=L. #96wglas85 wants to merge 1 commit into
Conversation
arkangelboss-github
commented
Jun 27, 2025
Thanks!
wglas85
commented
Jun 27, 2025
Hopefully @str4d is still able to release the project in 2025 and publish it to maven central again. 👍
wglas85
commented
Aug 1, 2025
@str4d could you please review and hopefully merge this PR?
Thanks in Advance, Wolfgang
wglas85
commented
Sep 11, 2025
@str4d any news on when we can expect a merge in autumn 2025?
TIA, Wolfgang
wglas85
commented
Oct 29, 2025
@str4d could you please give us an update on when we can expect when this PR will be merged?
TIA, Wolfgang
@seenquev
seenquev
left a comment
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good to me!
wglas85
commented
Nov 14, 2025
seenquev
commented
Nov 14, 2025
@wglas85, I've contacted "str4d" over Bluesky communicator, but he hasn't responded me back. My company also relies on that code and we need to patch this vuln. What I've done instead: I pulled the code and compiled it myself into a .jar and source.jar files. Right now, I need to make sure, it works as expected and no regression will result from it.
wglas85
commented
Feb 25, 2026
@str4d Any news in 2026? May we please merge this?
samueltorres-io
commented
Feb 26, 2026
@str4d ???
This PR fixes CVE-2020-36843 and #95
I did my best to make the project compile and test under openjdk-17 with minimal modifications.
I had to drop support for java-1.7 but hopefully retained compatibility with java-8.
TIA for starting the discussion on this contribution, so that we get this old CVE fixed in 2025.