You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@apisix.apache.org by sp...@apache.org on 2022/04/15 02:27:44 UTC
[apisix] branch release/2.13 updated: feat: release 2.13.1 (#6850)
This is an automated email from the ASF dual-hosted git repository.
spacewander pushed a commit to branch release/2.13
in repository https://gitbox.apache.org/repos/asf/apisix.git
The following commit(s) were added to refs/heads/release/2.13 by this push:
new 614d9c856 feat: release 2.13.1 (#6850)
614d9c856 is described below
commit 614d9c856414440297b9cca4ec4e0321da6813ea
Author: 罗泽轩 <sp...@gmail.com>
AuthorDate: Fri Apr 15 10:27:39 2022 +0800
feat: release 2.13.1 (#6850)
Co-authored-by: Zeping Bai <bz...@apache.org>
---
CHANGELOG.md | 8 ++++++++
apisix/core/version.lua | 2 +-
apisix/plugins/jwt-auth.lua | 6 ++++--
apisix/utils/batch-processor.lua | 2 +-
docs/en/latest/config.json | 2 +-
docs/en/latest/how-to-build.md | 6 +++---
docs/zh/latest/CHANGELOG.md | 8 ++++++++
docs/zh/latest/config.json | 2 +-
docs/zh/latest/how-to-build.md | 6 +++---
...ix-master-0.rockspec => apisix-2.13.1-0.rockspec} | 4 ++--
rockspec/apisix-master-0.rockspec | 2 +-
t/plugin/jwt-auth.t | 20 +++++++++++++++-----
12 files changed, 48 insertions(+), 20 deletions(-)
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 701f0ff6b..81da0e72b 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -23,6 +23,7 @@ title: Changelog
## Table of Contents
+- [2.13.1](#2131)
- [2.13.0](#2130)
- [2.12.1](#2121)
- [2.12.0](#2120)
@@ -54,6 +55,13 @@ title: Changelog
- [0.7.0](#070)
- [0.6.0](#060)
+## 2.13.1
+
+### Bugfix
+
+- fix: jwt-auth error may leak secret [#6846](https://github.com/apache/apisix/pull/6846)
+- chore: upgrade lua-resty-jwt to a new version [#6847](https://github.com/apache/apisix/pull/6847)
+
## 2.13.0
### Change
diff --git a/apisix/core/version.lua b/apisix/core/version.lua
index e5a2a92d1..483da8937 100644
--- a/apisix/core/version.lua
+++ b/apisix/core/version.lua
@@ -20,5 +20,5 @@
-- @module core.version
return {
- VERSION = "2.13.0"
+ VERSION = "2.13.1"
}
diff --git a/apisix/plugins/jwt-auth.lua b/apisix/plugins/jwt-auth.lua
index eea71597b..d1a9c0183 100644
--- a/apisix/plugins/jwt-auth.lua
+++ b/apisix/plugins/jwt-auth.lua
@@ -361,7 +361,8 @@ function _M.rewrite(conf, ctx)
local jwt_obj = jwt:load_jwt(jwt_token)
core.log.info("jwt object: ", core.json.delay_encode(jwt_obj))
if not jwt_obj.valid then
- return 401, {message = jwt_obj.reason}
+ core.log.error("JWT token invalid: ", jwt_obj.reason)
+ return 401, {message = "JWT token invalid"}
end
local user_key = jwt_obj.payload and jwt_obj.payload.key
@@ -392,7 +393,8 @@ function _M.rewrite(conf, ctx)
core.log.info("jwt object: ", core.json.delay_encode(jwt_obj))
if not jwt_obj.verified then
- return 401, {message = jwt_obj.reason}
+ core.log.error("JWT token verify failed: ", jwt_obj.reason)
+ return 401, {message = "JWT token verify failed"}
end
consumer_mod.attach_consumer(ctx, consumer, consumer_conf)
diff --git a/apisix/utils/batch-processor.lua b/apisix/utils/batch-processor.lua
index dcd3d592e..6d3bf53f2 100644
--- a/apisix/utils/batch-processor.lua
+++ b/apisix/utils/batch-processor.lua
@@ -148,7 +148,7 @@ function batch_processor:new(func, config)
return nil, err
end
- if not(type(func) == "function") then
+ if type(func) ~= "function" then
return nil, "Invalid argument, arg #1 must be a function"
end
diff --git a/docs/en/latest/config.json b/docs/en/latest/config.json
index 1a6180334..8f60a4126 100644
--- a/docs/en/latest/config.json
+++ b/docs/en/latest/config.json
@@ -1,5 +1,5 @@
{
- "version": "2.13.0",
+ "version": "2.13.1",
"sidebar": [
{
"type": "category",
diff --git a/docs/en/latest/how-to-build.md b/docs/en/latest/how-to-build.md
index d9d3f447d..697e447ae 100644
--- a/docs/en/latest/how-to-build.md
+++ b/docs/en/latest/how-to-build.md
@@ -97,10 +97,10 @@ Follow the steps below to install Apache APISIX via the source release package.
curl https://raw.githubusercontent.com/apache/apisix/master/utils/install-dependencies.sh -sL | bash -
```
-2. Create a directory named `apisix-2.13.0`.
+2. Create a directory named `apisix-2.13.1`.
```shell
- APISIX_VERSION='2.13.0'
+ APISIX_VERSION='2.13.1'
mkdir apisix-${APISIX_VERSION}
```
@@ -162,7 +162,7 @@ Follow the steps below to install Apache APISIX via the source release package.
#### LTS version installation via Source Release Package
-The [current LTS version](https://apisix.apache.org/downloads/) of Apache APISIX is `2.13.0`.
+The [current LTS version](https://apisix.apache.org/downloads/) of Apache APISIX is `2.13.1`.
To install this version, set `APISIX_VERSION` in [Installation via Source Release Package](#installation-via-source-release-package) to this version and continue with the other steps.
diff --git a/docs/zh/latest/CHANGELOG.md b/docs/zh/latest/CHANGELOG.md
index 7a7e6bbb0..9aa9600ce 100644
--- a/docs/zh/latest/CHANGELOG.md
+++ b/docs/zh/latest/CHANGELOG.md
@@ -23,6 +23,7 @@ title: CHANGELOG
## Table of Contents
+- [2.13.1](#2131)
- [2.13.0](#2130)
- [2.12.1](#2121)
- [2.12.0](#2120)
@@ -54,6 +55,13 @@ title: CHANGELOG
- [0.7.0](#070)
- [0.6.0](#060)
+## 2.13.1
+
+### Bugfix
+
+- 修复 jwt-auth 返回结果里可能暴露 secret 的问题 [#6846](https://github.com/apache/apisix/pull/6846)
+- 升级 lua-resty-jwt 到一个新版本 [#6847](https://github.com/apache/apisix/pull/6847)
+
## 2.13.0
### Change
diff --git a/docs/zh/latest/config.json b/docs/zh/latest/config.json
index b592384bd..9b6c76799 100644
--- a/docs/zh/latest/config.json
+++ b/docs/zh/latest/config.json
@@ -1,5 +1,5 @@
{
- "version": "2.13.0",
+ "version": "2.13.1",
"sidebar": [
{
"type": "category",
diff --git a/docs/zh/latest/how-to-build.md b/docs/zh/latest/how-to-build.md
index 9e4ac3a43..1fb7a816e 100644
--- a/docs/zh/latest/how-to-build.md
+++ b/docs/zh/latest/how-to-build.md
@@ -93,10 +93,10 @@ sudo yum install ./apisix/*.rpm
curl https://raw.githubusercontent.com/apache/apisix/master/utils/install-dependencies.sh -sL | bash -
```
-2. 创建一个名为 `apisix-2.13.0` 的目录。
+2. 创建一个名为 `apisix-2.13.1` 的目录。
```shell
- APISIX_VERSION='2.13.0'
+ APISIX_VERSION='2.13.1'
mkdir apisix-${APISIX_VERSION}
```
@@ -158,7 +158,7 @@ sudo yum install ./apisix/*.rpm
#### 通过源码包安装 LTS 版本
-目前 Apache APISIX 的 LTS 版本为 `2.13.0`,将“[通过源码包安装](#通过源码包安装)”中的 `APISIX_VERSION` 设置成该版本号,其他步骤按顺序进行即可。
+目前 Apache APISIX 的 LTS 版本为 `2.13.1`,将“[通过源码包安装](#通过源码包安装)”中的 `APISIX_VERSION` 设置成该版本号,其他步骤按顺序进行即可。
## 步骤2:安装 etcd
diff --git a/rockspec/apisix-master-0.rockspec b/rockspec/apisix-2.13.1-0.rockspec
similarity index 98%
copy from rockspec/apisix-master-0.rockspec
copy to rockspec/apisix-2.13.1-0.rockspec
index c28d0dc8c..bfe4caf0f 100644
--- a/rockspec/apisix-master-0.rockspec
+++ b/rockspec/apisix-2.13.1-0.rockspec
@@ -16,12 +16,12 @@
--
package = "apisix"
-version = "master-0"
+version = "2.13.1-0"
supported_platforms = {"linux", "macosx"}
source = {
url = "git://github.com/apache/apisix",
- branch = "master",
+ branch = "2.13.1",
}
description = {
diff --git a/rockspec/apisix-master-0.rockspec b/rockspec/apisix-master-0.rockspec
index c28d0dc8c..e2b52ee02 100644
--- a/rockspec/apisix-master-0.rockspec
+++ b/rockspec/apisix-master-0.rockspec
@@ -40,7 +40,7 @@ dependencies = {
"lua-resty-ngxvar = 0.5.2",
"lua-resty-jit-uuid = 0.0.7",
"lua-resty-healthcheck-api7 = 2.2.0",
- "lua-resty-jwt = 0.2.0",
+ "api7-lua-resty-jwt = 0.2.4",
"lua-resty-hmac-ffi = 0.05",
"lua-resty-cookie = 0.1.0",
"lua-resty-session = 2.24",
diff --git a/t/plugin/jwt-auth.t b/t/plugin/jwt-auth.t
index 87eb5802a..9c2f74cc8 100644
--- a/t/plugin/jwt-auth.t
+++ b/t/plugin/jwt-auth.t
@@ -214,7 +214,9 @@ GET /hello
GET /hello?jwt=invalid-eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJrZXkiOiJ1c2VyLWtleSIsImV4cCI6MTU2Mzg3MDUwMX0.pPNVvh-TQsdDzorRwa-uuiLYiEBODscp9wv0cwD6c68
--- error_code: 401
--- response_body
-{"message":"invalid header: invalid-eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9"}
+{"message":"JWT token invalid"}
+--- error_log
+JWT token invalid: invalid header: invalid-eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9
@@ -223,7 +225,9 @@ GET /hello?jwt=invalid-eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJrZXkiOiJ1c2VyLWtl
GET /hello?jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJrZXkiOiJ1c2VyLWtleSIsImV4cCI6MTU2Mzg3MDUwMX0.pPNVvh-TQsdDzorRwa-uuiLYiEBODscp9wv0cwD6c68
--- error_code: 401
--- response_body
-{"message":"'exp' claim expired at Tue, 23 Jul 2019 08:28:21 GMT"}
+{"message":"JWT token verify failed"}
+--- error_log
+JWT token verify failed: 'exp' claim expired at Tue, 23 Jul 2019 08:28:21 GMT
@@ -274,7 +278,9 @@ GET /hello
Authorization: bearer invalid-eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJrZXkiOiJ1c2VyLWtleSIsImV4cCI6MTg3OTMxODU0MX0.fNtFJnNmJgzbiYmGB0Yjvm-l6A6M4jRV1l4mnVFSYjs
--- error_code: 401
--- response_body
-{"message":"invalid header: invalid-eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9"}
+{"message":"JWT token invalid"}
+--- error_log
+JWT token invalid: invalid header: invalid-eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9
@@ -425,7 +431,9 @@ hello world
GET /hello?jwt=invalid-eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJrZXkiOiJ1c2VyLWtleSIsImV4cCI6MTU2Mzg3MDUwMX0.pPNVvh-TQsdDzorRwa-uuiLYiEBODscp9wv0cwD6c68
--- error_code: 401
--- response_body
-{"message":"invalid header: invalid-eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9"}
+{"message":"JWT token invalid"}
+--- error_log
+JWT token invalid: invalid header: invalid-eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9
@@ -436,7 +444,9 @@ GET /hello
Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJrZXkiOiJ1c2VyLWtleSIsImV4cCI6MTg3OTMxODU0MX0.fNtFJnNmJgzbiYmGB0Yjvm-l6A6M4jRV1l4mnVFSYjs
--- error_code: 401
--- response_body
-{"message":"signature mismatch: fNtFJnNmJgzbiYmGB0Yjvm-l6A6M4jRV1l4mnVFSYjs"}
+{"message":"JWT token verify failed"}
+--- error_log
+JWT token verify failed: signature mismatch: fNtFJnNmJgzbiYmGB0Yjvm-l6A6M4jRV1l4mnVFSYjs