Stream: smart/health-cards
Topic: Critial Bug fix to .NET SMART Health Card libaray
Angus Millar (Sep 25 2021 at 05:25):
I'd like to report a critical bug fix released for the .NET SmartHealthCard library as found here: angusmillar/SmartHealthVCard.
The bug resulted in the library's signature validations failing to report when the JWS signature was invalid.
While the library was checking the signature the bug resulted in an internal 'IsValidSignature' boolean being ignored and therefore no exception being thrown to report the issue, as was documented to occur.
There is now a new version of the library available on Nuget V1.0.2 SmartHealthCard.Token which resolves the bug. Library users should also review the repository ReadMe page for an updated Decoder example. The fix is backwards compatible with existing implementations yet further improves the reporting of such signature validation errors.
There is also now a bloody test case in place to ensure it does not happen again.
My sincere apologies for any inconvenience this issue has caused implementers.
Last updated: Apr 12 2022 at 19:14 UTC
