Releasing 2.3.0

xmidt-org · Dec 19, 2024 · f74f9f3 · f74f9f3
1 parent fd1be81
commit f74f9f3
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 1 deletion.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -10,6 +10,12 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
 
 ## [Unreleased]
 
+## [v2.3.0]
+- Fix for CVE-2024-54150: https://github.com/xmidt-org/cjwt/commit/096ab3e37f73c914b716e7259589179f363265fd
+- When using HSxxx signing types, the new option `OPT_ALLOW_ONLY_HS_ALG` is required.
+  This ensures that public/private keys can't be mistakenly accepted as symmetric
+  algorithem ciphers.
+
 ## [v2.2.1]
 - Bump the version to trigger a full release.
 

diff --git a/meson.build b/meson.build
@@ -4,7 +4,7 @@
 # SPDX-License-Identifier: Apache-2.0
 
 project('cjwt', 'c',
-        version: '2.2.1',
+        version: '2.3.0',
         license: ['Apache-2.0'],
         meson_version: '>= 0.60.3',
         default_options: ['c_std=c99',