From bb56de715bd50e58e95145fbe2638eec63f1965f Mon Sep 17 00:00:00 2001 From: Andy Wilkinson Date: Thu, 18 Feb 2021 11:33:18 +0000 Subject: [PATCH] Upgrade to Spring Security 5.4.5 This commit also downgrade JOSE JWT to address an incompatibility with the OIDC SDK 8.x. The OIDC SDK has also been upgraded to the latest 8.x release to align with the version used by Spring Security. Closes gh-25221 Fixes gh-25070 --- spring-boot-project/spring-boot-dependencies/build.gradle | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/spring-boot-project/spring-boot-dependencies/build.gradle b/spring-boot-project/spring-boot-dependencies/build.gradle index 85a40aa1e5..3996a0da70 100644 --- a/spring-boot-project/spring-boot-dependencies/build.gradle +++ b/spring-boot-project/spring-boot-dependencies/build.gradle @@ -1196,14 +1196,14 @@ bom { ] } } - library("OAuth2 OIDC SDK", "8.23.1") { + library("OAuth2 OIDC SDK", "8.36") { group("com.nimbusds") { modules = [ "oauth2-oidc-sdk" ] } } - library("Nimbus JOSE JWT", "9.1.3") { + library("Nimbus JOSE JWT", "8.20.2") { group("com.nimbusds") { modules = [ "nimbus-jose-jwt" @@ -1624,7 +1624,7 @@ bom { ] } } - library("Spring Security", "5.4.2") { + library("Spring Security", "5.4.5") { group("org.springframework.security") { imports = [ "spring-security-bom"