Update Type Validation Defaults #17181

jzheaux · 2025-05-28T22:02:35Z

Related to #16672, Spring Security 7 should validate the JWT typ header by default instead of delegating that to Nimbus.

The text was updated successfully, but these errors were encountered:

See gh-45492 See spring-projects/spring-security#17181

jzheaux added this to the 7.0.0-M1 milestone May 28, 2025

jzheaux self-assigned this May 28, 2025

jzheaux added type: enhancement A general enhancement in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) labels May 28, 2025

jzheaux closed this as completed in 6d3b54d May 28, 2025

jzheaux mentioned this issue May 28, 2025

Add possibility to customize JwkSource of NimbusJwtDecoder #17046

Merged

wilkinsona added a commit to spring-projects/spring-boot that referenced this issue May 29, 2025

Adapt to change in Spring Security's JWT validation

dfa0a83

See gh-45492 See spring-projects/spring-security#17181

ngocnhan-tran1996 mentioned this issue Jun 2, 2025

Polish #17195

Closed

ngocnhan-tran1996 mentioned this issue Jun 15, 2025

Update copyright headers ngocnhan-tran1996/spring-security#4

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Update Type Validation Defaults #17181

Update Type Validation Defaults #17181

jzheaux commented May 28, 2025

Update Type Validation Defaults #17181

Update Type Validation Defaults #17181

Comments

jzheaux commented May 28, 2025