First, ensure you're using the latest packages from the Composer package manager. Use the composer update
command to update them.
Next, ensure the security issue is with Little JWT itself and not with any packages it uses. If it is with another package, the table below lists where to report the vulnerability:
Package | Link |
---|---|
PHP | https://wiki.php.net/security |
Laravel | https://laravel.com/docs/8.x/contributions#security-vulnerabilities |
PHP JWT Framework | https://github.com/web-token/jwt-framework/issues/new/choose |
If you're sure the vulnerability is caused by Little JWT, open an issue and include the following:
- Who the vulnerability affects.
- What the security vulnerability is.
- Where the security vulnerability exists.
- Why this is considered a security vulnerability and not a bug or feature.
- When the security vulnerability was discovered and when it should be fixed.
- How can this security vulnerability be fixed.