(druid) branch master updated: Revert "[CVE Fixes] Update version of Nimbus.jose.jwt (#16320)" (#16986)

Sun, 08 Sep 2024 21:42:13 -0700 

This is an automated email from the ASF dual-hosted git repository.

abhishek pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/druid.git


The following commit(s) were added to refs/heads/master by this push:
     new b7a21a9f67c Revert "[CVE Fixes] Update version of Nimbus.jose.jwt 
(#16320)" (#16986)
b7a21a9f67c is described below

commit b7a21a9f67c88f9d27c37b862464415893cb7ff5
Author: Parth Agrawal <[email protected]>
AuthorDate: Mon Sep 9 10:11:58 2024 +0530

    Revert "[CVE Fixes] Update version of Nimbus.jose.jwt (#16320)" (#16986)
    
    This reverts commit f1d24c868f2cf6b2738c5342b2001fdb7ef2d2a0.
    
    Updating nimbus to version 9+ is causing HTTP ERROR 500 
java.lang.NoSuchMethodError: 'net.minidev.json.JSONObject 
com.nimbusds.jwt.JWTClaimsSet.toJSONObject()'
    Refer to SAP/cloud-security-services-integration-library#429 (comment) for 
more details.
    
    We would need to upgrade other libraries as well for updating 
nimbus.jose.jwt
---
 extensions-core/druid-pac4j/pom.xml | 2 +-
 licenses.yaml                       | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/extensions-core/druid-pac4j/pom.xml 
b/extensions-core/druid-pac4j/pom.xml
index dd73cb18edd..0db6afdd70b 100644
--- a/extensions-core/druid-pac4j/pom.xml
+++ b/extensions-core/druid-pac4j/pom.xml
@@ -38,7 +38,7 @@
 
     <!-- Following must be updated along with any updates to pac4j version. 
One can find the compatible version of nimbus libraries in org.pac4j:pac4j-oidc 
dependencies-->
     <nimbus.lang.tag.version>1.7</nimbus.lang.tag.version>
-    <nimbus.jose.jwt.version>9.37.2</nimbus.jose.jwt.version>
+    <nimbus.jose.jwt.version>8.22.1</nimbus.jose.jwt.version>
     <oauth2.oidc.sdk.version>8.22</oauth2.oidc.sdk.version>
   </properties>
 
diff --git a/licenses.yaml b/licenses.yaml
index 304880db3db..c4e2fa52300 100644
--- a/licenses.yaml
+++ b/licenses.yaml
@@ -809,7 +809,7 @@ name: com.nimbusds nimbus-jose-jwt
 license_category: binary
 module: extensions/druid-pac4j
 license_name: Apache License version 2.0
-version: 9.37.2
+version: 8.22.1
 libraries:
   - com.nimbusds: nimbus-jose-jwt
 


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to