1. connect2id Avatar connect2id
  2. Crypto
  3. Nimbus-JOSE-JWT
  4. Issues

Consider a 7.8.1 patch release

Issue #343 resolved
Josh Cummings created an issue

It appears that 7.9 is only bug fixes. I’d like to pick up those fixes for Spring Security 5.2.2. But, we keep a pretty strict policy to only take patch releases inside our own patch releases.

If it’s true that 7.9 is only bug fixes, then a patch release off of 7.8.1 containing those same fixes seems reasonable.

The nice thing about doing a 7.8.1 would be that Spring Boot and Spring Security users would get those fixes a little quicker without needing to manage the dependency.

Comments (4)

  1. Vladimir Dzhuvinov

    7.9 extends the API with two new methods, for that reason it was considered a point release.

        * Adds new static null-safe Base64.from(String) and Base64URL.from(String)
      methods.

    We could do another exact release of 7.9 as 7.8.1. The new Base64 method changes cannot be disentangled from the patches.

  4. Josh Cummings reporter

    Is it in the realm of possibilities to also update the CVE report to indicate that 7.8.1 also addresses the CVE?

  5. Log in to comment
Assignee
Type
enhancement
Priority
major
Status
resolved
Component
JWT
Milestone
Votes
0
Watchers
1
Jira: the preferred issue tracker for Bitbucket. Join the team!