Merge branch 'main' into gwh-APIDOCS-2931-mobile-server-side-guide

Author: genwhittTTD

.github/workflows/vulnerability-scan-failure-notify.yaml

@@ -0,0 +1,24 @@
+name: Vulnerability Scan Failure Slack Notify
+on:
+  workflow_dispatch:
+    inputs:
+      vulnerability_severity:
+        description: The severity to fail the workflow if such vulnerability is detected. DO NOT override it unless a Jira ticket is raised. DO NOT use 'CRITICAL' unless a Jira ticket is raised.
+        type: choice
+        options:
+          - CRITICAL,HIGH
+          - CRITICAL,HIGH,MEDIUM
+          - CRITICAL
+        default: 'CRITICAL,HIGH'
+  schedule:
+    - cron: '0 16 * * *'  # 9:00 AM GMT -7
+    - cron: '0 0 * * *'   # 5:00 PM GMT -7
+
+jobs:
+  vulnerability-scan-failure-notify:
+    uses: IABTechLab/uid2-shared-actions/.github/workflows/shared-vulnerability-scan-failure-notify.yaml@v3
+    secrets:
+      SLACK_WEBHOOK : ${{ secrets.SLACK_WEBHOOK }}
+    with:
+      scan_type: fs
+

docs/getting-started/gs-encryption-decryption.md

@@ -57,7 +57,7 @@ The following table describes the field layout for request encryption code.
 
 | Offset (Bytes) | Size (Bytes) | Description |
 | :--- | :--- | :--- |
-| 0 | 8 | The <a href="../ref-info/glossary-uid#gl-unix-time">Unix</a> timestamp (in milliseconds). Must be int64 big endian. |
+| 0 | 8 | The <a href="../ref-info/glossary-uid#gl-unix-time">Unix</a> timestamp (in milliseconds) of the request, in int64 big endian format.<br/>When the server receives and decrypts the envelope, it checks the embedded timestamp. If the timestamp is older than 60 seconds, the request is considered stale and is rejected. |
 | 8 | 8 | Nonce: Random 64 bits of data used to help protect against replay attacks. The corresponding [Unencrypted Response Data Envelope](#unencrypted-response-data-envelope) should contain the same nonce value for the response to be considered valid. |
 | 16 | N | Payload, which is a request JSON document serialized in UTF-8 encoding. |
 
@@ -96,7 +96,7 @@ The following table describes the field layout for response decryption code.
 
 | Offset (Bytes) | Size (Bytes) | Description |
 | :--- | :--- | :--- |
-| 0 | 8 | The Unix timestamp (in milliseconds). Must be int64 big endian. |
+| 0 | 8 | The Unix timestamp (in milliseconds) of the response, in int64 big endian format. |
 | 8 | 8 | Nonce. For the response to be considered valid, this should match the nonce in the [unencrypted request data envelope](#unencrypted-request-data-envelope). |
 | 16 | N | Payload, which is a response JSON document serialized in UTF-8 encoding. |