You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Documents the three findings from the follow-up audit that we shipped
in this release:
- Symmetric set_no_expiration_danger_acknowledged on the parser side
(previously asymmetric; parser silently accepted tokens with no exp).
- Removed panic-on-bad-input in Key::<N>::from(&[u8]) and
PasetoAsymmetricPrivateKey::<V2|V4, Public>::from(&[u8]); both
replaced by fallible TryFrom that returns PasetoError::InvalidKey.
Also added a "Breaking changes" section listing the three behavioural
breaks: stricter default exp enforcement, Key TryFrom replacing From,
and PasetoAsymmetricPrivateKey TryFrom replacing From for V2/V4. All
three are mechanical migrations for downstream callers.
0 commit comments