Revert "[CVE Fixes] Update version of Nimbus.jose.jwt (#16320)" (#16986)

This reverts commit f1d24c868f.

Updating nimbus to version 9+ is causing HTTP ERROR 500 java.lang.NoSuchMethodError: 'net.minidev.json.JSONObject com.nimbusds.jwt.JWTClaimsSet.toJSONObject()'
Refer to SAP/cloud-security-services-integration-library#429 (comment) for more details.

We would need to upgrade other libraries as well for updating nimbus.jose.jwt
This commit is contained in:
Parth Agrawal 2024-09-09 10:11:58 +05:30 committed by GitHub
parent b0f36c1b89
commit b7a21a9f67
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 2 additions and 2 deletions

View File

@ -38,7 +38,7 @@
<!-- Following must be updated along with any updates to pac4j version. One can find the compatible version of nimbus libraries in org.pac4j:pac4j-oidc dependencies--> <!-- Following must be updated along with any updates to pac4j version. One can find the compatible version of nimbus libraries in org.pac4j:pac4j-oidc dependencies-->
<nimbus.lang.tag.version>1.7</nimbus.lang.tag.version> <nimbus.lang.tag.version>1.7</nimbus.lang.tag.version>
<nimbus.jose.jwt.version>9.37.2</nimbus.jose.jwt.version> <nimbus.jose.jwt.version>8.22.1</nimbus.jose.jwt.version>
<oauth2.oidc.sdk.version>8.22</oauth2.oidc.sdk.version> <oauth2.oidc.sdk.version>8.22</oauth2.oidc.sdk.version>
</properties> </properties>

View File

@ -809,7 +809,7 @@ name: com.nimbusds nimbus-jose-jwt
license_category: binary license_category: binary
module: extensions/druid-pac4j module: extensions/druid-pac4j
license_name: Apache License version 2.0 license_name: Apache License version 2.0
version: 9.37.2 version: 8.22.1
libraries: libraries:
- com.nimbusds: nimbus-jose-jwt - com.nimbusds: nimbus-jose-jwt