jjwt v0.11.2 Release Notes

  • ๐Ÿš€ This patch release:

    • ๐Ÿ‘ Allows empty JWS bodies to support RFC 8555 and similar initiatives. Pull Request 540
    • Ensures OSGi environments can access JJWT implementation bundles (jjwt-jackson, jjwt-gson, etc) as fragments to jjwt-api bundle. Pull Request 580
    • Rejects allowedClockSkewSeconds values that would cause numeric overflow. Issue 583
    • โฌ†๏ธ Upgrades Jackson dependency to version 2.9.10.4 to address all known Jackson CVE vulnerabilities. Issue 585
    • โšก๏ธ Updates SecretKey algorithm name validation to allow PKCS12 KeyStore OIDs in addition to JCA Names. Issue 588
    • ๐Ÿ— Enabled CI builds on JDK 14. Pull Request 590
    • โž• Adds missing parameters type to Maps.add(), which removes an unchecked type warning. Issue 591
    • Ensures GsonDeserializer always uses UTF-8 for encoding bytes to Strings. Pull Request 592

    All issues and PRs are listed in the Github JJWT 0.11.2 milestone.