0x5t4l1n/OpenLearnX
1
0
Fork 0
mirror of https://github.com/th30d4y/OpenLearnX.git synced 2026-05-26 19:26:33 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
copilot/remove-unwanted-documents
OpenLearnX/CHANGELOG.md
T
Stalin 169215d055 Release 2.0.4: Fix JWT signature verification vulnerability 
- Update version to 2.0.4
- Add security advisory GHSA-223g-f5mq-gw33 fix documentation
- Document JWT signature verification security patch
2026-05-08 11:23:30 +05:30

1.1 KiB
Raw Permalink Blame History

Changelog

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.

[2.0.4] - 2026-05-08

Security

  • CRITICAL: Fixed JWT signature verification vulnerability (GHSA-223g-f5mq-gw33)
    • Enabled proper JWT signature verification in backend/routes/dashboard.py
    • Enabled proper JWT signature verification in backend/main.py
    • Enabled proper JWT signature verification in backend/activity_logger.py
    • Replaced verify_signature=False with cryptographic verification using JWT_SECRET_KEY
    • Prevents JWT forgery attacks and unauthorized account takeover
    • CVE: Pending

Changed

  • JWT tokens are now verified with the server's secret key
  • Forged tokens will be properly rejected with authentication errors

[2.0.3] - 2026-04-15

Added

  • Initial release with adaptive quizzes
  • AI-powered course recommendations
  • Code compilation and practice features
  • Dashboard analytics
  • MetaMask wallet integration
  • Certificate NFT generation
Reference in New Issue View Git Blame Copy Permalink