Hello gophers, We have tagged version v0.27.0 of golang.org/x/oauth2 in order to address a security issue.
jws: unexpected memory consumption during token parsing Version v0.27.0 of golang.org/x/oauth2 fixes a vulnerability in the golang.org/x/oauth2/jws package which could cause a denial of service. An attacker can pass a malicious malformed token which causes unexpected memory to be consumed during parsing. Thanks to jub0bs for reporting this issue. This is CVE-2025-22868 and Go issue https://go.dev/issue/71490. Cheers, Go Security team -- You received this message because you are subscribed to the Google Groups "golang-nuts" group. To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts+unsubscr...@googlegroups.com. To view this discussion visit https://groups.google.com/d/msgid/golang-nuts/QPAhqlBQTuWP0XUgzrLIEQ%40geopod-ismtpd-5.
