Skip to content

Bump io.jsonwebtoken:jjwt-api from 0.12.5 to 0.12.6

Dependabot requested to merge dependabot-maven-io.jsonwebtoken-jjwt-api-0.12.6 into master

Bumps io.jsonwebtoken:jjwt-api from 0.12.5 to 0.12.6.

Release notes

Sourced from io.jsonwebtoken:jjwt-api's releases.

0.12.6

This patch release:

  • Ensures that after successful JWS signature verification, an application-configured Base64Url Decoder output is used to construct a Jws instance (instead of JJWT's default decoder). See jwtk/jjwt#947.
  • Fixes a decompression memory leak in concurrent/multi-threaded environments introduced in 0.12.0 when decompressing JWTs with a zip header of GZIP. See jwtk/jjwt#949.
  • Upgrades BouncyCastle to 1.78 via jwtk/jjwt#941
  • Usees Acsiidoc as README format by @​bdemers in jwtk/jjwt#777
  • Allows using GenericSecret for HmacSHA* algorithms by @​mnylen in jwtk/jjwt#935
  • Enables JWE arbitrary content compression by @​mnylen in jwtk/jjwt#937

New Contributors

Full Changelog: https://github.com/jwtk/jjwt/compare/0.12.5...0.12.6

Changelog

Sourced from io.jsonwebtoken:jjwt-api's changelog.

0.12.6

This patch release:

  • Ensures that after successful JWS signature verification, an application-configured Base64Url Decoder output is used to construct a Jws instance (instead of JJWT's default decoder). See Issue 947.
  • Fixes a decompression memory leak in concurrent/multi-threaded environments introduced in 0.12.0 when decompressing JWTs with a zip header of GZIP. See Issue 949.
  • Upgrades BouncyCastle to 1.78 via PR 941.
Commits

Dependabot commands
You can trigger Dependabot actions by commenting on this MR
  • $dependabot recreate will recreate this MR rewriting all the manual changes and resolving conflicts

Merge request reports