upgrading nimbus-jose-jwt to version 9.37.3
106 views
Skip to first unread message
Anoop Chitreddy
Feb 22, 2024, 5:19:46 PM2/22/24
to WildFly
Hi,
We currently using wildfly-30.0.0.Final built using wildfly feature pack. Recently we received a warning from our dependency check tool indicating that nimbus-jose-jwt v 9.31 is triggering a High severity CVE https://nvd.nist.gov/vuln/detail/CVE-2023-52428
We would be safe to upgrade nimbus-jose-jwt to version 9.37.3. I am asking this question because the module file for nimbus-jose-jwt in wildfly is marking it as a private dependency.
------------------------------------------------------------------------------------------------------------------------
<module name="com.nimbusds.nimbus-jose-jwt" xmlns="urn:jboss:module:1.9">
<properties>
<property name="jboss.api" value="private"/>
</properties>
<resources>
<resource-root path="nimbus-jose-jwt-9.31.jar"/>
</resources>
<dependencies>
</dependencies>
</module>
------------------------------------------------------------------------------------------------------------------------<properties>
<property name="jboss.api" value="private"/>
</properties>
<resources>
<resource-root path="nimbus-jose-jwt-9.31.jar"/>
</resources>
<dependencies>
</dependencies>
</module>
Appreciate your help.
Anoop
Reply all
Reply to author
Forward
0 new messages