Application security news, updated daily (if there is any news to share).
Content is AI-assisted and reviewed by our team, but issues may be missed and best practices evolve rapidly, send corrections to [email protected]. Always consult official documentation and validate key implementation decisions before making design or security choices.
NVD published a critical jsrsasign DSA domain-parameter validation flaw that can allow forged DSA signatures or X.509 certificates to pass `X509.verifySignature()` checks.
pyOpenSSL 26.0.0 shipped fixes for a DTLS cookie callback buffer overflow and a TLS servername-callback bypass; projects running `pyopenssl` should upgrade to patched releases.