From e8415b745162d269867d6c07c0b5298fa8175e16 Mon Sep 17 00:00:00 2001 From: Mark Backman Date: Sun, 15 Mar 2026 08:56:54 -0400 Subject: [PATCH] Add changelog for #4035 --- changelog/4035.security.md | 1 + 1 file changed, 1 insertion(+) create mode 100644 changelog/4035.security.md diff --git a/changelog/4035.security.md b/changelog/4035.security.md new file mode 100644 index 000000000..9ffc17305 --- /dev/null +++ b/changelog/4035.security.md @@ -0,0 +1 @@ +- Bumped PyJWT minimum version from 2.10.1 to 2.12.0 in the `livekit` extra to address CVE-2026-32597 (GHSA-752w-5fwx-jx9f), where PyJWT <= 2.11.0 accepted unknown `crit` header extensions.