Skip to content

Update Type Validation Defaults #17181

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
jzheaux opened this issue May 28, 2025 · 0 comments
Closed

Update Type Validation Defaults #17181

jzheaux opened this issue May 28, 2025 · 0 comments
Assignees
Labels
in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) type: enhancement A general enhancement
Milestone

Comments

@jzheaux
Copy link
Contributor

jzheaux commented May 28, 2025

Related to #16672, Spring Security 7 should validate the JWT typ header by default instead of delegating that to Nimbus.

@jzheaux jzheaux added this to the 7.0.0-M1 milestone May 28, 2025
@jzheaux jzheaux self-assigned this May 28, 2025
@jzheaux jzheaux added type: enhancement A general enhancement in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) labels May 28, 2025
wilkinsona added a commit to spring-projects/spring-boot that referenced this issue May 29, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) type: enhancement A general enhancement
Projects
None yet
Development

No branches or pull requests

1 participant