[jira] [Updated] (NIFI-15385) Upgrade Box SDK to 5.3.0 with jose4j 0.9.6

David Handermann (Jira) Tue, 23 Dec 2025 08:15:06 -0800


     [ 
https://issues.apache.org/jira/browse/NIFI-15385?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


David Handermann updated NIFI-15385:
------------------------------------
    Summary: Upgrade Box SDK to 5.3.0 with jose4j 0.9.6  (was: Upgrade jose4j 
to 0.9.6)

> Upgrade Box SDK to 5.3.0 with jose4j 0.9.6
> ------------------------------------------
>
>                 Key: NIFI-15385
>                 URL: https://issues.apache.org/jira/browse/NIFI-15385
>             Project: Apache NiFi
>          Issue Type: Improvement
>          Components: Extensions
>            Reporter: David Handermann
>            Assignee: David Handermann
>            Priority: Major
>          Time Spent: 20m
>  Remaining Estimate: 0h
>
> The [jose4j|https://bitbucket.org/b_c/jose4j] library is a transitive 
> dependency of the Box SDK and should be upgraded to version 0.9.6 to resolve 
> [GHSA-3677-xxcr-wjqv|https://www.resolvedsecurity.com/vulnerability-catalog/GHSA-3677-xxcr-wjqv]
>  related to JSON Web Encryption handling.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Updated] (NIFI-15385) Upgrade Box SDK to 5.3.0 with jose4j 0.9.6

Reply via email to