Loading...

XML

Word

Printable

JSON

Type: Task
Resolution: Unresolved
Priority: Unknown
Fix Version/s: None
Affects Version/s: None
Component/s: None
Labels:
- go-was-2.2.0

Confidence Status:
None

Assigned Teams:

Go Drivers

Aha! Reference:
None
Tracking Level:
None
Risk Status:
None
Exec Notes:
None
Goal Link:
None
Goal Name(s):
None

Context

youmark/pkcs8 is not a well-used library that we use to parse sensitive data, it would be best to remove this dependency from the driver.

Definition of done

Recommend copying the minimal code from https://github.com/youmark/pkcs8 required for the Go Driver. Here is a gist of what we would need.

Pitfalls

Maintaining our own PEM layer will lead to CVEs that we directly have to account for.

is documented by

GODRIVER-3159 CVE-2023-48795, CVE-2023-42818 known vulnerability in youmark/pkcs8

Closed

Assignee:: Unassigned
Reporter:: Preston Vasquez
Votes:: 1 Vote for this issue
Watchers:: 2 Start watching this issue

Created:: Aug 28 2024 03:29:55 PM UTC
Updated:: Mar 28 2025 09:07:00 AM UTC