search

AzureAD / microsoft-authentication-library-for-java

Microsoft Authentication Library (MSAL) for Java http://aka.ms/aadv2
MIT License
285 stars 142 forks source link

Is this library deprecated? #765

Closed veda-tschoening closed 9 months ago

veda-tschoening commented 9 months ago

I'm including the following library, which pulls MSAL4J in as well:

<dependency>
    <groupId>com.azure</groupId>
    <artifactId>azure-identity</artifactId>
    <version>1.11.1</version>
</dependency>
PS C:\Users\THS\IdeaProjects\cloud_id_mgmt-backend> mvn dependency:tree
[INFO] +- com.azure:azure-identity:jar:1.11.1:compile
[INFO] |  +- com.azure:azure-core:jar:1.45.1:compile
[...]
[INFO] |  +- com.microsoft.azure:msal4j:jar:1.14.0:compile
[INFO] |  +- com.microsoft.azure:msal4j-persistence-extension:jar:1.2.0:compile

When opening the project in IntelliJ, I get the following dialog telling the library is deprecated. But I don't find any reason why the library is deprecatedd, how to replace it etc. It's not mentiooned at the info page about deprecated libraries as well.

image

So, are you able to provide any background about the deprecation? Thanks!

bgavrilMS commented 9 months ago

@veda-tschoening - it's possibly because azure-identity references a version of MSAL4J that is affected by a CVE, see https://mvnrepository.com/artifact/com.microsoft.azure/msal4j/1.14.0 ?

Wondering if it'd help to reference MSAL4J and MSA4J-persistence-extesnion directly?

veda-tschoening commented 9 months ago

It's not about the CVE, found older mentions of the same problem and referencing/updating the libs individuall doesn't resolve the issue as well. So I guess it's not related to this project anyway.

https://github.com/microsoft/azure-tools-for-java/issues/7450