Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Integrate Nimbus 9.39.1 #24967

Merged
merged 1 commit into from
May 27, 2024
Merged

Integrate Nimbus 9.39.1 #24967

merged 1 commit into from
May 27, 2024

Conversation

arjantijms
Copy link
Contributor

Changes: https://bitbucket.org/connect2id/nimbus-jose-jwt/src/master/CHANGELOG.txt

version 9.38 (2024-05-08)
    * Creates two build profiles, a "default" profile and a "fips" profile
      depending on the BouncyCastle FIPS JCA provider and the BouncyCastle FIPS
      PKIX.
    * Adds a modular Java 9 build.
    * Makes the JCIP annotation dependency optional and shades it.
    * Adds support for the Ed25519 and Ed448 JWS algorithm identifiers
      (draft-ietf-jose-fully-specified-algorithms-02).
    * Adds KeyRevocation class to support OpenID Federation 1.0.
    * Adds Payload.toPayload(boolean) with argument controlling the inclusion
      of claims with null values.
    * Exposes the DefaultJWTProcessor extractJWTClaimsSet, verifyJWTClaimsSet
      and selectKeys as protected.
    * Adds JWKSet.containsNonPublicKeys helper method.
    * Makes package private ForceRefreshJWKSetCacheEvaluator and
      NoRefreshJWKSetCacheEvaluator singleton classes.
    * Switches to Object.requireNonNull where appropriate to reduce code and
      use of exception message strings.
    * Removes the LegacyAESGCM which was intended for Java 6 runtimes without a
      JCA GCMParameterSpec (iss #529).
    * Adds Android "SHA{256|384|512}withRSA/PSS" JCA algorithm support (iss
      #541).
    * The RSAKey and ECKey.Builder.privateKey methods must accept and correctly
      apply null arguments (iss #543).
    * SignedJWT, EncryptedJWT and PlainJWT must serialise JWTClaimsSet claims
      with null values (iss #519).
    * JWEObject.decrypt must reject cipher texts of compressed plain text that
      are too large to conserve resources. A limit of 100K cipher text
      characters is enforced (iss #545).
    * Updates to BouncyCastle 1.78 (JDK 1.8 on)
    * Updates to BouncyCastle FIPS 1.0.2.4
    * Updates to com.google.crypto.tink:tink:1.13.0

version 9.39 (2024-05-10)
    * Adds JSONObjectUtils.getEpochSecondAsDate static method.
    * JWTClaimsSet.parse must handle null "nbf", "iat" and "exp" claims (iss
      #547).

version 9.39.1 (2024-05-14)
    * Adds a multi-release declaration to pom.xml (iss #548).
    * Sets the Java source to 7 in the maven-javadoc-plugin configuration.

@arjantijms
Integrate Nimbus 9.39.1
394386c 
Signed-off-by: Arjan Tijms <[email protected]>
@arjantijms arjantijms added the component upgrade A component dependency has been upgraded label May 27, 2024
@arjantijms arjantijms added this to the 7.0.15 milestone May 27, 2024
@arjantijms arjantijms self-assigned this May 27, 2024
@arjantijms arjantijms merged commit 833ea57 into eclipse-ee4j:master May 27, 2024
2 checks passed
@arjantijms arjantijms deleted the nimbus_9391 branch May 27, 2024 12:02
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@avpinchuk avpinchuk avpinchuk approved these changes

@dmatej dmatej Awaiting requested review from dmatej

@aubi aubi Awaiting requested review from aubi

@pzygielo pzygielo Awaiting requested review from pzygielo

@anajosep anajosep Awaiting requested review from anajosep

@hs536 hs536 Awaiting requested review from hs536

Assignees

@arjantijms arjantijms

Labels
component upgrade A component dependency has been upgraded
Projects
None yet
Milestone
7.0.15
Development

Successfully merging this pull request may close these issues.
2 participants
@arjantijms @avpinchuk