Skip to content

fix(deps): bump scram-client to 3.3#1671

Draft
jorsol wants to merge 1 commit into
eclipse-vertx:masterfrom
jorsol:update-scram-3.3
Draft

fix(deps): bump scram-client to 3.3#1671
jorsol wants to merge 1 commit into
eclipse-vertx:masterfrom
jorsol:update-scram-3.3

Conversation

@jorsol

@jorsol jorsol commented Jun 4, 2026

Copy link
Copy Markdown
Contributor

Motivation:

Bump scram-client to version 3.3, it includes many improvements and security fixes.

Make explicit the ChannelBindingPolicy as ALLOW until it can be configured by the client.

Conformance:

You should have signed the Eclipse Contributor Agreement as explained in https://github.com/eclipse/vert.x/blob/master/CONTRIBUTING.md
Please also make sure you adhere to the code style guidelines: https://github.com/vert-x3/wiki/wiki/Vert.x-code-style-guidelines

@jorsol
fix(deps): bump scram-client to 3.3
26e9f4d 
Signed-off-by: Jorge Solorzano <jorsol@gmail.com>
@tsegismont tsegismont self-assigned this Jun 5, 2026
@tsegismont tsegismont added this to the 5.2.0 milestone Jun 5, 2026
@tsegismont

tsegismont commented Jun 5, 2026

Copy link
Copy Markdown
Member

Can you please sign the Eclipse ECA? Would you mind adding the option field to connect options while you're at it?

@tsegismont

tsegismont commented Jun 9, 2026

Copy link
Copy Markdown
Member

Ideally we'd also have a test that verifies it is not possible to connect if the user sets the REQUIRE policy for the client and the server does not explicitly advertise a channel-bound mechanism.

@jorsol jorsol marked this pull request as draft June 10, 2026 09:20
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@tsegismont tsegismont

Labels

None yet

Projects

None yet

Milestone

5.2.0

Development

Successfully merging this pull request may close these issues.

2 participants

@jorsol @tsegismont