Feng Ruohang d24f449e08 fix: CVE-2026-33322 harden OIDC JWT verification
Close the OIDC JWT algorithm confusion flaw in AssumeRoleWithWebIdentity by restoring a JWKS-only verification path. Stop injecting the client secret into the verifier keyring and restrict accepted signing methods to the asymmetric algorithms already supported by the existing JWKS flow.

Add regression coverage to verify HS256 tokens are rejected, RS256 tokens remain valid, and JWKS refresh and retry logic cannot bypass the method allowlist.

Co-authored-by: Codex <codex@openai.com>
Co-authored-by: Claude Code <claude-code@anthropic.com>
2026-04-15 14:02:41 +08:00
2025-01-02 21:34:47 -08:00
2021-06-18 10:41:54 -07:00
2021-06-18 10:34:28 -07:00
2025-03-12 22:29:51 -07:00
2025-01-02 21:34:47 -08:00
2021-04-23 11:58:53 -07:00
2026-03-21 13:41:04 +08:00
2026-02-18 10:00:20 +08:00
2023-02-19 00:03:50 +05:30

Silo (Community maintained fork of MinIO)

Website: silo.pigsty.io CN: silo.pigsty.cc github: pgsty/minio github: pgsty/mc github: pgsty/minio-docs Docker Image

Important

This is a community-maintained fork of minio/minio, maintained by Pigsty. This project is NOT affiliated with, endorsed by, or sponsored by MinIO, Inc. "MinIO" is a trademark of MinIO, Inc., used here solely to identify the upstream project.

Changes from upstream are minimal:

  • Restored the embedded management console version reference
  • Updated documentation links and Go module paths to point to this repository

Distributed under the original GNU AGPLv3 license.

Documentation: English | 简体中文

Docker Hub: https://hub.docker.com/r/pgsty/minio / https://hub.docker.com/r/pgsty/mc

Client Repo: pgsty/mc CLI.

Console: georgmangold/console, a community-maintained fork of restored console.

Ansible Deployment: https://pigsty.io/docs/minio

APT/YUM repo for minio and mcli binary: https://pigsty.io/docs/infra

S
Description
No description provided
Readme AGPL-3.0 131 MiB
Languages
Go 99%
Shell 0.8%
Makefile 0.1%