Skip to content

Update Type Validation Defaults #17181

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
jzheaux opened this issue May 28, 2025 · 0 comments
Closed

Update Type Validation Defaults #17181

jzheaux opened this issue May 28, 2025 · 0 comments
Assignees
@jzheaux
Labels
in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) type: enhancement A general enhancement
Milestone
7.0.0-M1

Comments

@jzheaux
Copy link
Contributor

jzheaux commented May 28, 2025

Related to #16672, Spring Security 7 should validate the JWT typ header by default instead of delegating that to Nimbus.
@jzheaux jzheaux added this to the 7.0.0-M1 milestone May 28, 2025
@jzheaux jzheaux self-assigned this May 28, 2025
@jzheaux jzheaux added type: enhancement A general enhancement in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) labels May 28, 2025
@jzheaux jzheaux mentioned this issue May 28, 2025
Merged
wilkinsona added a commit to spring-projects/spring-boot that referenced this issue May 29, 2025
@wilkinsona
Adapt to change in Spring Security's JWT validation
dfa0a83 
See gh-45492
See spring-projects/spring-security#17181
@ngocnhan-tran1996 ngocnhan-tran1996 mentioned this issue Jun 2, 2025
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jzheaux jzheaux

Labels
in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) type: enhancement A general enhancement
Projects
None yet
Milestone
7.0.0-M1
Development

No branches or pull requests
1 participant
@jzheaux