Sourced from io.jsonwebtoken:jjwt-api's releases.
0.12.7
This patch release:
Adds a new Maven BOM! This is useful for multi-module projects. See Issue 967.
Allows the
JwtParserBuilderto have empty nested algorithm collections, effectively disabling the parser's associated feature:
- Emptying the
zip()nested collection disables JWT decompression.- Emptying the
sig()nested collection disables JWS mac/signature verification (i.e. all JWSs will be unsupported/rejected).- Emptying either the
enc()orkey()nested collections disables JWE decryption (i.e. all JWEs will be unsupported/rejected)See Issue 996.
Fixes bug 961 where
JwtParserBuildernested collection builders were not correctly replacing algorithms with the same id.Ensures a
JwkSet'skeyscollection is no longer entirely secret/redacted by default. This was an overzealous default that was unnecessarily restrictive; thekeyscollection itself should always be public, and each individual key within should determine which fields should be redacted when printed. See Issue 976.Improves performance slightly by ensuring all
jjwt-apiutility methods that create*Builderinstances (Jwts.builder(),Jwts.parserBuilder(),Jwks.builder(), etc) no longer use reflection.Instead,
staticfactories are created via reflection only once during initialjjwt-apiclassloading, and then*Builders are created via standard instantiation using thenewoperator thereafter. This also benefits certain environments that may not have idealClassLoaderimplementations (e.g. Tomcat in some cases).NOTE: because this changes which classes are loaded via reflection, any environments that must explicitly reference reflective class names (e.g. GraalVM applications) will need to be updated to reflect the new factory class names.
See Issue 988.
Upgrades the Gson dependency to
2.11.0Upgrades the BouncyCastle dependency to
1.78.1New Contributors
@sigpwnedmade their first contribution in jwtk/jjwt#968@TheMrMilchmannmade their first contribution in jwtk/jjwt#979@atanasgmade their first contribution in jwtk/jjwt#974Full Changelog: https://github.com/jwtk/jjwt/compare/0.12.6...0.12.7
Sourced from io.jsonwebtoken:jjwt-api's changelog.
0.12.7
This patch release:
Adds a new Maven BOM, useful for multi-module projects. See Issue 967.
Allows the
JwtParserBuilderto have empty nested algorithm collections, effectively disabling the parser's associated feature:
- Emptying the
zip()nested collection disables JWT decompression.- Emptying the
sig()nested collection disables JWS mac/signature verification (i.e. all JWSs will be unsupported/rejected).- Emptying either the
enc()orkey()nested collections disables JWE decryption (i.e. all JWEs will be unsupported/rejected)See Issue 996.
Fixes bug 961 where
JwtParserBuildernested collection builders were not correctly replacing algorithms with the same id.Ensures a
JwkSet'skeyscollection is no longer entirely secret/redacted by default. This was an overzealous default that was unnecessarily restrictive; thekeyscollection itself should always be public, and each individual key within should determine which fields should be redacted when printed. See Issue 976.Improves performance slightly by ensuring all
jjwt-apiutility methods that create*Builderinstances (Jwts.builder(),Jwts.parserBuilder(),Jwks.builder(), etc) no longer use reflection.Instead,
staticfactories are created via reflection only once during initialjjwt-apiclassloading, and then*Builders are created via standard instantiation using thenewoperator thereafter. This also benefits certain environments that may not have idealClassLoaderimplementations (e.g. Tomcat in some cases).NOTE: because this changes which classes are loaded via reflection, any environments that must explicitly reference reflective class names (e.g. GraalVM applications) will need to be updated to reflect the new factory class names.
See Issue 988.
Upgrades the Gson dependency to
2.11.0Upgrades the BouncyCastle dependency to
1.78.1
77aeda0
[maven-release-plugin] prepare release 0.12.747d966f
Testing latest sonatype central publishing guidelines22ca29f
[maven-release-plugin] rollback the release of 0.12.70487f9b
[maven-release-plugin] prepare for next development iteration4329125
[maven-release-plugin] prepare release 0.12.70ddc514
- Ensured JJWT_RELEASE_VERSION placeholders reference 0.12.7efed1cf
Updated 0.12.7 change listca27b12
Resolves #1010 (#1011)55c7b9a
Resolves #771 (#1009)6e9c6a5
Bump org.bouncycastle:bcpkix-jdk18on from 1.78 to 1.78.1 (#1008)Sourced from io.jsonwebtoken:jjwt-impl's releases.
0.12.7
This patch release:
Adds a new Maven BOM! This is useful for multi-module projects. See Issue 967.
Allows the
JwtParserBuilderto have empty nested algorithm collections, effectively disabling the parser's associated feature:
- Emptying the
zip()nested collection disables JWT decompression.- Emptying the
sig()nested collection disables JWS mac/signature verification (i.e. all JWSs will be unsupported/rejected).- Emptying either the
enc()orkey()nested collections disables JWE decryption (i.e. all JWEs will be unsupported/rejected)See Issue 996.
Fixes bug 961 where
JwtParserBuildernested collection builders were not correctly replacing algorithms with the same id.Ensures a
JwkSet'skeyscollection is no longer entirely secret/redacted by default. This was an overzealous default that was unnecessarily restrictive; thekeyscollection itself should always be public, and each individual key within should determine which fields should be redacted when printed. See Issue 976.Improves performance slightly by ensuring all
jjwt-apiutility methods that create*Builderinstances (Jwts.builder(),Jwts.parserBuilder(),Jwks.builder(), etc) no longer use reflection.Instead,
staticfactories are created via reflection only once during initialjjwt-apiclassloading, and then*Builders are created via standard instantiation using thenewoperator thereafter. This also benefits certain environments that may not have idealClassLoaderimplementations (e.g. Tomcat in some cases).NOTE: because this changes which classes are loaded via reflection, any environments that must explicitly reference reflective class names (e.g. GraalVM applications) will need to be updated to reflect the new factory class names.
See Issue 988.
Upgrades the Gson dependency to
2.11.0Upgrades the BouncyCastle dependency to
1.78.1New Contributors
@sigpwnedmade their first contribution in jwtk/jjwt#968@TheMrMilchmannmade their first contribution in jwtk/jjwt#979@atanasgmade their first contribution in jwtk/jjwt#974Full Changelog: https://github.com/jwtk/jjwt/compare/0.12.6...0.12.7
Sourced from io.jsonwebtoken:jjwt-impl's changelog.
0.12.7
This patch release:
Adds a new Maven BOM, useful for multi-module projects. See Issue 967.
Allows the
JwtParserBuilderto have empty nested algorithm collections, effectively disabling the parser's associated feature:
- Emptying the
zip()nested collection disables JWT decompression.- Emptying the
sig()nested collection disables JWS mac/signature verification (i.e. all JWSs will be unsupported/rejected).- Emptying either the
enc()orkey()nested collections disables JWE decryption (i.e. all JWEs will be unsupported/rejected)See Issue 996.
Fixes bug 961 where
JwtParserBuildernested collection builders were not correctly replacing algorithms with the same id.Ensures a
JwkSet'skeyscollection is no longer entirely secret/redacted by default. This was an overzealous default that was unnecessarily restrictive; thekeyscollection itself should always be public, and each individual key within should determine which fields should be redacted when printed. See Issue 976.Improves performance slightly by ensuring all
jjwt-apiutility methods that create*Builderinstances (Jwts.builder(),Jwts.parserBuilder(),Jwks.builder(), etc) no longer use reflection.Instead,
staticfactories are created via reflection only once during initialjjwt-apiclassloading, and then*Builders are created via standard instantiation using thenewoperator thereafter. This also benefits certain environments that may not have idealClassLoaderimplementations (e.g. Tomcat in some cases).NOTE: because this changes which classes are loaded via reflection, any environments that must explicitly reference reflective class names (e.g. GraalVM applications) will need to be updated to reflect the new factory class names.
See Issue 988.
Upgrades the Gson dependency to
2.11.0Upgrades the BouncyCastle dependency to
1.78.1
77aeda0
[maven-release-plugin] prepare release 0.12.747d966f
Testing latest sonatype central publishing guidelines22ca29f
[maven-release-plugin] rollback the release of 0.12.70487f9b
[maven-release-plugin] prepare for next development iteration4329125
[maven-release-plugin] prepare release 0.12.70ddc514
- Ensured JJWT_RELEASE_VERSION placeholders reference 0.12.7efed1cf
Updated 0.12.7 change listca27b12
Resolves #1010 (#1011)55c7b9a
Resolves #771 (#1009)6e9c6a5
Bump org.bouncycastle:bcpkix-jdk18on from 1.78 to 1.78.1 (#1008)