We are pleased to present Apache APISIX 3.4.1 with a security patch for JWT.
Fix
Upgrade lua-resty-jwt dependency version
Upgrade lua-resty-jwt dependency version from 0.2.4 to 0.2.5 to mitigate the risk of authentication bypass in APISIX jwt-auth plugin.
The issue is reported in #9809 and fixed in PR #9837.
Changelog
Read the changelog of this release here.