Skip to content

chore: release: v3.10.1 — critical JWT signature verification fix (CVE GHSA-xcw4-53cc-hv32)#373

Merged
AxDSan merged 2 commits into
mainfrom
release/v3.10.1
Jun 22, 2026
Merged

chore: release: v3.10.1 — critical JWT signature verification fix (CVE GHSA-xcw4-53cc-hv32)#373
AxDSan merged 2 commits into
mainfrom
release/v3.10.1

Conversation

@AxDSan

@AxDSan AxDSan commented Jun 22, 2026

Copy link
Copy Markdown
Owner

What Changed

5576939 release: v3.10.1 — critical JWT signature verification fix (CVE GHSA-xcw4-53cc-hv32)
a0b6b87 fix: verify sync JWT signatures

Risk Assessment

✅ Low: Agent completed successfully

Testing

  • ⚠️ Test - 1 info

Pipeline

Updates from git push no-mistakes

⏭️ **intent** - skipped

✅ No issues found.

✅ **Rebase** - passed

✅ No issues found.

⚠️ **Review** - 1 info
  • ℹ️ Error: 400 You have insufficient credits to make this request. Please purchase more credits to continue using the service.
⚠️ **Test** - 1 info
  • ℹ️ Error: 400 You have insufficient credits to make this request. Please purchase more credits to continue using the service.
⚠️ **Document** - 1 warning
  • ⚠️ {"findings": [{"severity": "info", "description": "Error: 400 You have insufficient credits to make this request. Please purchase more credits to continue using the service.", "action": "no-op"}], "summary": "", "tested": [], "testing_summary": "", "artifacts": [], "risk_level": "low", "risk_rationale": "Agent completed successfully"}
⚠️ **Lint** - 1 info
  • ℹ️ Error: 400 You have insufficient credits to make this request. Please purchase more credits to continue using the service.
✅ **Push** - passed

✅ No issues found.

dplush and others added 2 commits June 19, 2026 20:42
@dplush
fix: verify sync JWT signatures
a0b6b87
@AxDSan @dplush
release: v3.10.1 — critical JWT signature verification fix (CVE GHSA-…
5576939 
…xcw4-53cc-hv32)

Bumps version and adds CHANGELOG entry for the sync server security patch.
The fix itself (commit a0b6b87) was authored by Denis Hache (@dplush).

Patched versions declared in advisory: 3.10.1
CVSS 3.1: 9.1 (critical)

Co-authored-by: Denis Hache <79399355+dplush@users.noreply.github.com>
@AxDSan AxDSan merged commit f8b9aa9 into main Jun 22, 2026
6 checks passed
@AxDSan AxDSan deleted the release/v3.10.1 branch June 22, 2026 21:12
This was referenced Jun 23, 2026
Open
Open
Open
Open
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@AxDSan @dplush