Skip to content

Commit c4f4f09

Browse files
jimmyjamesjimmyjames
authored
Release 3.19.4 (#651)
1 parent 3f5df48 commit c4f4f09

File tree

2 files changed

+14
-2
lines changed

2 files changed

+14
-2
lines changed

CHANGELOG.md

+6
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,11 @@
11
# Change Log
22

3+
## [3.19.4](https://github.com/auth0/java-jwt/tree/3.19.4) (2023-01-11)
4+
[Full Changelog](https://github.com/auth0/java-jwt/compare/3.19.3...3.19.4)
5+
6+
This patch release does not contain any functional changes, but is being released using an updated signing key for verification as part of our commitment to best security practices.
7+
Please review [the README note for additional details.](https://github.com/auth0/java-jwt/blob/v3/README.md)
8+
39
## [3.19.3](https://github.com/auth0/java-jwt/tree/3.19.3) (2022-10-24)
410
[Full Changelog](https://github.com/auth0/java-jwt/compare/3.19.2...3.19.3)
511

README.md

+8-2
Original file line numberDiff line numberDiff line change
@@ -7,6 +7,12 @@
77
[![License](https://img.shields.io/:license-mit-blue.svg?style=flat)](https://doge.mit-license.org)
88
[![Javadoc](https://javadoc.io/badge2/com.auth0/java-jwt/javadoc.svg)](https://javadoc.io/doc/com.auth0/java-jwt/latest/index.html)
99

10+
> **Note**
11+
> As part of our ongoing commitment to best security practices, we have rotated the signing keys used to sign previous releases of this SDK. As a result, new patch builds have been released using the new signing key. Please upgrade at your earliest convenience.
12+
>
13+
> While this change won’t affect most developers, if you have implemented a dependency signature validation step in your build process, you may notice a warning that past releases can’t be verified. This is expected, and a result of the key rotation process. Updating to the latest version will resolve this for you.
14+
15+
1016
A Java implementation of [JSON Web Token (JWT) - RFC 7519](https://tools.ietf.org/html/rfc7519).
1117

1218
> :warning: **Important security note:** JVM has a critical vulnerability for ECDSA Algorithms - [CVE-2022-21449](https://nvd.nist.gov/vuln/detail/CVE-2022-21449). Please review the details of the vulnerability and update your environment.
@@ -25,14 +31,14 @@ The library is available on both Maven Central and Bintray, and the Javadoc is p
2531
<dependency>
2632
<groupId>com.auth0</groupId>
2733
<artifactId>java-jwt</artifactId>
28-
<version>3.19.3</version>
34+
<version>3.19.4</version>
2935
</dependency>
3036
```
3137

3238
### Gradle
3339

3440
```gradle
35-
implementation 'com.auth0:java-jwt:3.19.3'
41+
implementation 'com.auth0:java-jwt:3.19.4'
3642
```
3743

3844
## Available Algorithms

0 commit comments

Comments
 (0)