Hi all, Recently I found a serious bug for OAuth2 authentication [1]. Here are some related issues: [2], [3]. The affected client versions are: - C++ client 3.0.0, 3.1.0, 3.1.1 - Python client 3.0.0 - Node.js client 1.8.0
Users have to downgrade back to old releases, which might suffer the CVE-2022-33684 [4]. Another workaround is described in [1] but it's very hacky. I've opened a PR [5] to fix it. After it's merged, we should release: - C++ client 3.1.2 - Python client 3.1.0 (VOTE for candidate 2 is passed, but I want to delay it to wait C++ client 3.1.2) - Node.js client 1.8.1 [1] https://github.com/apache/pulsar-client-cpp/issues/184 [2] https://github.com/apache/pulsar-client-node/issues/281 [3] https://github.com/apache/pulsar-client-python/issues/88 [4] https://lists.apache.org/thread/ky1ssskvkj00y36k7nys9b5gm5jjrzwv [5] https://github.com/apache/pulsar-client-cpp/pull/190 Thanks, Yunze
