Insights and release announcements
Blog
-
The Java ECDSA cryptography CVE-2022-21449 - are you affected and what to do?
The Java ECDSA cryptography CVE-2022-21449 - are you affected and what to do?
Update 2022-04-22: The Nimbus JOSE+JWT library was not able to block all CVE-2022-21449 vectors of attack on vulnerable Java 15+ runtimes where the default Java ECDSA was targeted. This post is corrected to reflect this. We apologise for...
JOSERead article -
OAuth 2.0 / OpenID Connect SDK v9.0
OAuth 2.0 / OpenID Connect SDK v9.0
The OAuth 2.0 / OpenID Connect SDK for developing client and server applications has a new major release today. The...
OpenID ConnectRead article -
Nimbus JOSE+JWT 9.0
Nimbus JOSE+JWT 9.0
There is a new major release of the Nimbus JOSE+JWT library. No new features are being added, but there is a breaking...
JOSERead article -
Updated token validation in Nimbus JOSE+JWT 8
Updated token validation in Nimbus JOSE+JWT 8
Version 8 of the Nimbus JOSE+JWT library updates the token validation framework. When creating a JOSEProcessor or...
JOSERead article -
Nimbus JOSE+JWT 7.9 fixes an unchecked exception vulnerability
Nimbus JOSE+JWT 7.9 fixes an unchecked exception vulnerability
Nimbus JOSE+JWT 7.9 fixes vulnerabilities in the code which may result in the library throwing an unchecked Java...
JOSERead article -
Incremental authorisation, resource indicators and EdDSA in release 6.0 the OAuth 2.0 / OpenID Connect SDK
Incremental authorisation, resource indicators and EdDSA in release 6.0 the OAuth 2.0 / OpenID Connect SDK
The slow summer period is now over and it’s now time to announce a new major release of our popular open source OAuth...
OpenID ConnectRead article -
High-performance Ed25519 and X25519 cryptography comes to Nimbus JOSE+JWT
High-performance Ed25519 and X25519 cryptography comes to Nimbus JOSE+JWT
Asymmetric RSA and EC cryptography comes at a cost. Its overhead can be a limiting factor in how quickly an OpenID...
JOSERead article -
Multi-level defence against invalid curve attacks
Multi-level defence against invalid curve attacks
Reliable defences work on multiple levels. The latest release of the Nimbus JOSE + JWT library adds an extra...
JOSERead article -
Nimbus JOSE+JWT 4.35 deprecates use of SHA-1 and RSA encryption with PKCS1v1.5 padding
Nimbus JOSE+JWT 4.35 deprecates use of SHA-1 and RSA encryption with PKCS1v1.5 padding
Deprecates use of SHA-1 CWI and Google’s announcement of a practical technique for producing SHA-1 collisions served...
JOSERead article -
JSON Web Tokens (JWT) with Java 6
JSON Web Tokens (JWT) with Java 6
You want to develop with JSON Web Tokens (JWT), but your Java project is still stuck in 2006? We’ve got good news for...
JOSERead article -
Nimbus JOSE + JWT 4.1 adds support for JWK thumbprints
Nimbus JOSE + JWT 4.1 adds support for JWK thumbprints
The latest 4.1 release of the Nimbus JOSE + JWT library library adds support for computing JSON Web Key (JWK)...
JOSERead article -
Fourth release candidate of Nimbus JOSE + JWT 4.0
Fourth release candidate of Nimbus JOSE + JWT 4.0
The Nimbus JOSE + JWT library library makes another step towards the long-awaited 4.0 release, bringing a bag full...
JOSERead article -
First release candidate of Nimbus JOSE + JWT 4.0
First release candidate of Nimbus JOSE + JWT 4.0
The fourth release of the Nimbus JOSE + JWT library introduces a comprehensive framework for developers to process...
JOSERead article