RATATOSKRATATOSK
ログイン

Notary Project

v1.3.2Security
2025年4月27日

Notation v1.3.2 is a targeted security patch backported to the 1.3 branch, addressing CVE-2025-30204 in the golang-jwt dependency.

  • securityPatch CVE-2025-30204 by upgrading to v1.3.2 now

    CVE-2025-30204 is a vulnerability in golang-jwt that can allow attackers to bypass JWT validation. If you're running any 1.3.x release of Notation, upgrade to v1.3.2 immediately — this is the sole reason this patch release exists. If you're on v1.4+, verify your version already includes the fix before assuming you're safe.

  • enhancementUse this release as a low-risk upgrade path if you're pinned to 1.3

    Teams that can't yet move to the latest major line can take v1.3.2 without worrying about behavioral changes — the diff is narrow and confined to the JWT dependency bump plus minor cleanups. It's a safe, no-surprises drop-in for any 1.3.x deployment.

主な変更 (3)

  • CVE-2025-30204 patched via golang-jwt dependency update
  • Backport from main branch to release-1.3 for users not yet on v1.4+
  • Minor code and documentation cleanups alongside the security fix