Announcing X.509 Certificate Flexibility

Smallstep's PKI software is vulnerable to JSON injection, misuses JWTs, and relies on client-side enforcement of server-side security.