adoroszlai commented on PR #10662:
URL: https://github.com/apache/ozone/pull/10662#issuecomment-4882568728
```
10.4.1 (2025-08-05)
* Adds "requires java.sql" to module com.nimbusds.jose.jwt (iss #595).
10.4.2 (2025-08-14)
* Updates GSon to 2.13.1.
* Updates BouncyCastle to 1.81.
10.5 (2025-09-05)
* Support for specifying a ScheduledExecutorService instance in
RefreshAheadCachingJWKSetSource and JWKSourceBuilder (iss #592).
10.6 (2025-11-06)
* Adds static CollectionUtils.containsNull(Set) method.
* DefaultJWTClaimsVerifier accepted "aud" (audience) argument must be
compatible with Set.of (iss #499).
* The DefaultJWTClaimsVerifier must not include JWT claim values in
BadJWTException messages (iss #605).
10.7 (2026-01-08)
* Adds MaxCompressedCipherTextLength that implements JWEDecrypterOption,
to
to configure the maximum allowed length of compressed cipher text.
* Adds JWEObject.decrypt(JWEDecrypter, Set<JWEDecrypterOption>) method to
support the MaxCompressedCipherTextLength option.
10.8 (2026-02-19)
* Adds a PasswordBasedDecrypter(byte[], Set<String>) constructor to
specify
names of the critical header parameters that are deferred to the
application for processing. Aligns with other JWEDecrypter and
CriticalHeaderParamsAware implementations (iss #610).
* Fixes getDeferredCriticalHeaderParams() in AESDecrypter,
DirectDecrypter,
RSADecrypter, ECDHDecrypter, X25519Decrypter, ECDH1PUDecrypter,
ECDH1PUX25519Decrypter, MultiDecrypter, MACVerifier, ECDSAVerifier and
Ed25519Verifier. Must internally call
critPolicy.getDeferredCriticalHeaderParams(), not
critPolicy.getProcessedCriticalHeaderParams() (iss #612).
10.9 (2026-04-02)
* Adds X509CertUtils.computeSHA1Thumbprint(X509Certificate) method to
compute the SHA-1 thumbprint of an X.509 certificate for the "x5t"
(X.509
certificate SHA-1 thumbprint) JWK and JOSE header parameter.
10.9.1 (2026-05-31)
* Fixes health status reporting when RefreshAheadCachingJWKSetSource,
JWKSetSourceWithHealthStatusReporting and OutageTolerantJWKSetSource
are
used together. A failed refresh-ahead background update could
previously
cause JWKSetSourceWithHealthStatusReporting to mark the JWK set source
as
UNHEALTHY, even though OutageTolerantJWKSetSource was still within its
configured outage tolerance window and regular JWT validation could
continue using the cached JWK set. Refresh-ahead failures that are
covered by outage tolerance no longer cause the health status to become
unhealthy before the outage tolerance period has been exceeded (iss
#619).
```
https://bitbucket.org/connect2id/nimbus-jose-jwt/raw/e055b3bf56bf379cf1ad0b804fe167cdd28ef445/CHANGELOG.txt
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]