Critical Security Fix in verifyWithMessage

CMEONE released this 15 Jun 17:24

· 43 commits to master since this release

v7.0.3

455c900

CRITICAL: UPDATE IMMEDIATELY

This release resolves a critical vulnerability in the verifyWithMessage method of tEnvoyNaClSigningKey. Previously, verifyWithMessage would always return true for any signature that had a SHA-512 hash matching the SHA-512 hash of the message even if the signature was invalid.

Assets 2

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Critical Security Fix in verifyWithMessage

CRITICAL: UPDATE IMMEDIATELY