mirror of
https://github.com/zed-industries/zed.git
synced 2024-09-16 17:07:14 +03:00
Code at the speed of thought – Zed is a high-performance, multiplayer code editor from the creators of Atom and Tree-sitter.
c84da37030
This PR adds support for a new encryption format for exchanging access tokens during the authentication flow. The new format uses Optimal Asymmetric Encryption Padding (OAEP) instead of PKCS#1 v1.5, which is known to be vulnerable to side-channel attacks. **Note: We are not yet encrypting access tokens using the new format, as this is a breaking change between the client and the server. This PR only adds support for it, and makes it so the client and server can decrypt either format moving forward.** This required bumping the RSA key size from 1024 bits to 2048 bits. This is necessary to be able to encode the access token into the ciphertext when using OAEP. This also follows OWASP recommendations: > If ECC is not available and RSA must be used, then ensure that the key is at least 2048 bits. > > — [source](https://cheatsheetseries.owasp.org/cheatsheets/Cryptographic_Storage_Cheat_Sheet.html#algorithms) Release Notes: - N/A |
||
---|---|---|
.cargo | ||
.cloudflare | ||
.config | ||
.github | ||
.zed | ||
assets | ||
crates | ||
docs | ||
extensions | ||
script | ||
tooling/xtask | ||
.dockerignore | ||
.git-blame-ignore-revs | ||
.gitattributes | ||
.gitignore | ||
.mailmap | ||
Cargo.lock | ||
Cargo.toml | ||
CODE_OF_CONDUCT.md | ||
compose.yml | ||
CONTRIBUTING.md | ||
debug.plist | ||
docker-compose.sql | ||
Dockerfile | ||
flake.lock | ||
flake.nix | ||
LICENSE-AGPL | ||
LICENSE-APACHE | ||
LICENSE-GPL | ||
livekit.yaml | ||
Procfile | ||
README.md | ||
rust-toolchain.toml | ||
shell.nix | ||
typos.toml |
Zed
Welcome to Zed, a high-performance, multiplayer code editor from the creators of Atom and Tree-sitter.
Installation
On macOS and Linux you can download Zed directly or install Zed via your local package manager.
Other platforms are not yet available:
- Windows (tracking issue)
- Web (tracking issue)
Developing Zed
- Building Zed for macOS
- Building Zed for Linux
- Building Zed for Windows
- Running Collaboration Locally
Contributing
See CONTRIBUTING.md for ways you can contribute to Zed.
Also... we're hiring! Check out our jobs page for open roles.
Licensing
License information for third party dependencies must be correctly provided for CI to pass.
We use cargo-about
to automatically comply with open source licenses. If CI is failing, check the following:
- Is it showing a
no license specified
error for a crate you've created? If so, addpublish = false
under[package]
in your crate's Cargo.toml. - Is the error
failed to satisfy license requirements
for a dependency? If so, first determine what license the project has and whether this system is sufficient to comply with this license's requirements. If you're unsure, ask a lawyer. Once you've verified that this system is acceptable add the license's SPDX identifier to theaccepted
array inscript/licenses/zed-licenses.toml
. - Is
cargo-about
unable to find the license for a dependency? If so, add a clarification field at the end ofscript/licenses/zed-licenses.toml
, as specified in the cargo-about book.