Skip to content

Upgrade nimbus-jose-jwt:jar to 9.37.3 in Spring Security 5.8.x #15951

New issue
New issue
Open
Open
Upgrade nimbus-jose-jwt:jar to 9.37.3 in Spring Security 5.8.x#15951
Assignees
jzheaux
Labels
in: oauth2An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose)status: feedback-providedFeedback has been providedtype: dependency-upgradeA dependency upgrade
@blackat

Description

@blackat
blackat
opened on Oct 18, 2024

Hello,
would it be possible please to upgrade Nimbus dependency in Spring Security 5.8.x?
The library is vulnerable to https://nvd.nist.gov/vuln/detail/CVE-2023-52428.

Metadata

Metadata

Assignees

Labels

in: oauth2An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose)status: feedback-providedFeedback has been providedtype: dependency-upgradeA dependency upgrade

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions