Closed mwilso3 closed 7 months ago
Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you all sign our Contributor License Agreement before we can accept your contribution.
1 out of 6 committers have signed the CLA.
:white_check_mark: mwilso3
:x: dkjellin
:x: jatladams
:x: jzhang10-atl
:x: Justin Thomas
:x: ssu2-atl
Sorry, this is incorrect. Declining and retargeting.
Pinning the version of com.nimbusds:nimbus-jose-jwt to 9.37.3 to address https://www.cve.org/CVERecord?id=CVE-2023-52428 as com.nimbusds:oauth2-oidc-sdk 9.4 brings in a vulnerable version of nimbus-jose-jwt (9.8.1).
Nimbus changelog: https://bitbucket.org/connect2id/nimbus-jose-jwt/branches/compare/9.37.3%0D9.8.1#chg-CHANGELOG.txt