mirror of
https://github.com/pgsty/minio.git
synced 2026-07-15 16:30:29 +03:00
d24f449e089123210af06c51ee92ea2d51404a31
Close the OIDC JWT algorithm confusion flaw in AssumeRoleWithWebIdentity by restoring a JWKS-only verification path. Stop injecting the client secret into the verifier keyring and restrict accepted signing methods to the asymmetric algorithms already supported by the existing JWKS flow. Add regression coverage to verify HS256 tokens are rejected, RS256 tokens remain valid, and JWKS refresh and retry logic cannot bypass the method allowlist. Co-authored-by: Codex <codex@openai.com> Co-authored-by: Claude Code <claude-code@anthropic.com>
Silo (Community maintained fork of MinIO)
Important
This is a community-maintained fork of minio/minio, maintained by Pigsty. This project is NOT affiliated with, endorsed by, or sponsored by MinIO, Inc. "MinIO" is a trademark of MinIO, Inc., used here solely to identify the upstream project.
Changes from upstream are minimal:
- Restored the embedded management console version reference
- Updated documentation links and Go module paths to point to this repository
Distributed under the original GNU AGPLv3 license.
Docker Hub: https://hub.docker.com/r/pgsty/minio / https://hub.docker.com/r/pgsty/mc
Client Repo: pgsty/mc CLI.
Console: georgmangold/console, a community-maintained fork of restored console.
Ansible Deployment: https://pigsty.io/docs/minio
APT/YUM repo for minio and mcli binary: https://pigsty.io/docs/infra
Description
Languages
Go
99%
Shell
0.8%
Makefile
0.1%