Insights and release announcements
Blog
-
The Java ECDSA cryptography CVE-2022-21449 - are you affected and what to do?
The Java ECDSA cryptography CVE-2022-21449 - are you affected and what to do?
Update 2022-04-22: The Nimbus JOSE+JWT library was not able to block all CVE-2022-21449 vectors of attack on vulnerable Java 15+ runtimes where the default Java ECDSA was targeted. This post is corrected to reflect this. We apologise for...
JOSERead article -
Nimbus JOSE+JWT 9.0
Nimbus JOSE+JWT 9.0
There is a new major release of the Nimbus JOSE+JWT library. No new features are being added, but there is a breaking...
JOSERead article -
Updated token validation in Nimbus JOSE+JWT 8
Updated token validation in Nimbus JOSE+JWT 8
Version 8 of the Nimbus JOSE+JWT library updates the token validation framework. When creating a JOSEProcessor or...
JOSERead article -
Nimbus JOSE+JWT 7.9 fixes an unchecked exception vulnerability
Nimbus JOSE+JWT 7.9 fixes an unchecked exception vulnerability
Nimbus JOSE+JWT 7.9 fixes vulnerabilities in the code which may result in the library throwing an unchecked Java...
JOSERead article -
High-performance Ed25519 and X25519 cryptography comes to Nimbus JOSE+JWT
High-performance Ed25519 and X25519 cryptography comes to Nimbus JOSE+JWT
Asymmetric RSA and EC cryptography comes at a cost. Its overhead can be a limiting factor in how quickly an OpenID...
JOSERead article -
Multi-level defence against invalid curve attacks
Multi-level defence against invalid curve attacks
Reliable defences work on multiple levels. The latest release of the Nimbus JOSE + JWT library adds an extra...
JOSERead article -
Nimbus JOSE+JWT 4.35 deprecates use of SHA-1 and RSA encryption with PKCS1v1.5 padding
Nimbus JOSE+JWT 4.35 deprecates use of SHA-1 and RSA encryption with PKCS1v1.5 padding
Deprecates use of SHA-1 CWI and Google’s announcement of a practical technique for producing SHA-1 collisions served...
JOSERead article -
JSON Web Tokens (JWT) with Java 6
JSON Web Tokens (JWT) with Java 6
You want to develop with JSON Web Tokens (JWT), but your Java project is still stuck in 2006? We’ve got good news for...
JOSERead article -
Nimbus JOSE + JWT 4.1 adds support for JWK thumbprints
Nimbus JOSE + JWT 4.1 adds support for JWK thumbprints
The latest 4.1 release of the Nimbus JOSE + JWT library library adds support for computing JSON Web Key (JWK)...
JOSERead article -
Fourth release candidate of Nimbus JOSE + JWT 4.0
Fourth release candidate of Nimbus JOSE + JWT 4.0
The Nimbus JOSE + JWT library library makes another step towards the long-awaited 4.0 release, bringing a bag full...
JOSERead article -
First release candidate of Nimbus JOSE + JWT 4.0
First release candidate of Nimbus JOSE + JWT 4.0
The fourth release of the Nimbus JOSE + JWT library introduces a comprehensive framework for developers to process...
JOSERead article -
JSON Web Token becomes a standard
JSON Web Token becomes a standard
JSON Web Token (JWT) is now an official IETF standard and is given the RFC 7519 designation. The spec suite that...
JOSERead article -
Why is OOP and type safety good for security. But only if done right
Why is OOP and type safety good for security. But only if done right
Languages such as Java that are object-oriented and type safe can greatly enhance the security of apps and services....
JOSERead article