Nixpkgs security tracker

Dismissed

(not in Nixpkgs)

Permalink CVE-2026-40942

updated 1 month ago by @LeSuisse Activity log

Created suggestion 1 month ago
@LeSuisse dismissed (not in Nixpkgs) 1 month ago

DSF: Inverted Time Comparison in OIDC JWKS and Token Cache

The Data Sharing Framework (DSF) implements a distributed process engine based on the BPMN 2.0 and FHIR R4 standards. Prior to 2.1.0, The OIDC JWKS and Metadata Document caches used an inverted time comparison (isBefore instead of isAfter), causing the cache to never return cached values. Every incoming request triggered a fresh HTTP fetch of the OIDC Metadata Document and JWKS keys from the OIDC provider. The OIDC token cache for the FHIR client connections used an inverted time comparison (isBefore instead of isAfter), causing the cache to never invalidate. Every incoming request returned the same OIDC token even if expired. This vulnerability is fixed in 2.1.0.

References

https://github.com/datasharingframework/dsf/security/advisories/GHSA-xmj9-7625-f634 x_refsource_CONFIRM
https://github.com/datasharingframework/dsf/commit/31c2e974dfd4351756104ee8c53dbcd666192fef x_refsource_MISC
https://github.com/datasharingframework/dsf/commit/d3ca59b4daccde16a006fedeccce28fd1f826908 x_refsource_MISC

Affected products

dsf

==< 2.1.0

dsf-bpe-server

==< 2.1.0

dsf-bpe-process-api-v2

==< 2.1.0

Matching in nixpkgs

pkgs.mdsf

Format markdown code blocks using your favorite tools

nixos-unstable 0.11.1
- nixpkgs-unstable 0.11.1
- nixos-unstable-small 0.11.1
nixos-25.11 0.11.0
- nixos-25.11-small 0.11.0
- nixpkgs-25.11-darwin 0.11.0

pkgs.dsf2flac

DSD to FLAC transcoding tool

nixos-unstable 0-unstable-2025-01-31
- nixpkgs-unstable 0-unstable-2025-01-31
- nixos-unstable-small 0-unstable-2025-01-31
nixos-25.11 0-unstable-2025-01-31
- nixos-25.11-small 0-unstable-2025-01-31
- nixpkgs-25.11-darwin 0-unstable-2025-01-31

pkgs.python312Packages.gdsfactory

Python library to generate GDS layouts

nixos-25.11 9.20.1
- nixos-25.11-small 9.20.1
- nixpkgs-25.11-darwin 9.20.1

pkgs.python313Packages.gdsfactory

Python library to generate GDS layouts

nixos-unstable 9.39.3
- nixpkgs-unstable 9.39.3
- nixos-unstable-small 9.39.3
nixos-25.11 9.20.1
- nixos-25.11-small 9.20.1
- nixpkgs-25.11-darwin 9.20.1

pkgs.pkgsRocm.python3Packages.gdsfactory

Python library to generate GDS layouts

nixos-unstable 9.39.3
- nixpkgs-unstable 9.39.3
- nixos-unstable-small 9.39.3

Package maintainers

@artemist Artemis Tosini <me@artem.ist>
@luftmensch-luftmensch Valentino Bocchetti <valentinobocchetti59@gmail.com>
@fedeinthemix Federico Beffa <beffa@fbengineering.ch>

Dismissed

(not in Nixpkgs)

Permalink CVE-2026-40939

updated 1 month ago by @LeSuisse Activity log

Created suggestion 1 month ago
@LeSuisse dismissed (not in Nixpkgs) 1 month ago

DSF: Missing Session Timeout for OIDC Sessions

The Data Sharing Framework (DSF) implements a distributed process engine based on the BPMN 2.0 and FHIR R4 standards. Prior to 2.1.0, OIDC-authenticated sessions had no configured maximum inactivity timeout. Sessions persisted indefinitely after login, even after the OIDC access token expired. This vulnerability is fixed in 2.1.0.

References

https://github.com/datasharingframework/dsf/security/advisories/GHSA-gj7p-595x-qwf5 x_refsource_CONFIRM
https://github.com/datasharingframework/dsf/commit/f4ecb002f7d12642f92da6b79371ed367d0140e7 x_refsource_MISC
https://dsf.dev/operations/v2.1.0/bpe/oidc.html x_refsource_MISC
https://dsf.dev/operations/v2.1.0/fhir/oidc.html x_refsource_MISC

Affected products

dsf

==< 2.1.0

dsf-bpe-server

==< 2.1.0

dsf-fhir-server

==< 2.1.0

dsf-common-jetty

==< 2.1.0

Matching in nixpkgs

pkgs.mdsf

Format markdown code blocks using your favorite tools

nixos-unstable 0.11.1
- nixpkgs-unstable 0.11.1
- nixos-unstable-small 0.11.1
nixos-25.11 0.11.0
- nixos-25.11-small 0.11.0
- nixpkgs-25.11-darwin 0.11.0

pkgs.dsf2flac

DSD to FLAC transcoding tool

nixos-unstable 0-unstable-2025-01-31
- nixpkgs-unstable 0-unstable-2025-01-31
- nixos-unstable-small 0-unstable-2025-01-31
nixos-25.11 0-unstable-2025-01-31
- nixos-25.11-small 0-unstable-2025-01-31
- nixpkgs-25.11-darwin 0-unstable-2025-01-31

pkgs.python312Packages.gdsfactory

Python library to generate GDS layouts

nixos-25.11 9.20.1
- nixos-25.11-small 9.20.1
- nixpkgs-25.11-darwin 9.20.1

pkgs.python313Packages.gdsfactory

Python library to generate GDS layouts

nixos-unstable 9.39.3
- nixpkgs-unstable 9.39.3
- nixos-unstable-small 9.39.3
nixos-25.11 9.20.1
- nixos-25.11-small 9.20.1
- nixpkgs-25.11-darwin 9.20.1

pkgs.pkgsRocm.python3Packages.gdsfactory

Python library to generate GDS layouts

nixos-unstable 9.39.3
- nixpkgs-unstable 9.39.3
- nixos-unstable-small 9.39.3

Package maintainers

@artemist Artemis Tosini <me@artem.ist>
@luftmensch-luftmensch Valentino Bocchetti <valentinobocchetti59@gmail.com>
@fedeinthemix Federico Beffa <beffa@fbengineering.ch>

Suggestions search

References

Affected products

Matching in nixpkgs

pkgs.mdsf

pkgs.dsf2flac

pkgs.python312Packages.gdsfactory

pkgs.python313Packages.gdsfactory

pkgs.pkgsRocm.python3Packages.gdsfactory

Package maintainers

References

Affected products

Matching in nixpkgs

pkgs.mdsf

pkgs.dsf2flac

pkgs.python312Packages.gdsfactory

pkgs.python313Packages.gdsfactory

pkgs.pkgsRocm.python3Packages.gdsfactory

Package maintainers