You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When updating from Spring Boot 2.4.2 to Spring Boot 2.4.3 we discovered an undocumented breaking change on the managed version of Nimbus JOSE JWT library.
Spring Boot 2.4.3 contains the following change: #25070
This downgrades the library from 9.1.3 to 8.20.2
This is a breaking change as it throws the following NoSuchMethodError on our code base:
Thanks for raising this. The change is listed in the release notes but it's not as prominent as we had intended. There's an entry in the list of bug fixes:
Managed versions of oauth2-oidc-sdk and nimbus-jose-jwt are incompatible #25070
I've updated the release notes to add a new entry at the top that describes the changes and suggests using nimbus-jose-jwt.version to move back to 9.x if you need to do so.
In general I didn't and also wouldn't expect any breaking changes in the list of bug fixes
That's an entirely reasonable expectation. Unfortunately, it was impossible to fix the problem without one and, after much consideration, we decided that the change we made was the least bad option. I think this is the first time we've made a breaking change in a maintenance release and we hope that it will also be the last.
Uh oh!
There was an error while loading. Please reload this page.
Hi!
When updating from Spring Boot 2.4.2 to Spring Boot 2.4.3 we discovered an undocumented breaking change on the managed version of Nimbus JOSE JWT library.
Spring Boot 2.4.3 contains the following change: #25070
This downgrades the library from 9.1.3 to 8.20.2
This is a breaking change as it throws the following
NoSuchMethodError
on our code base:Caused by: java.lang.NoSuchMethodError: 'java.util.Map com.nimbusds.jwt.JWTClaimsSet.getJSONObjectClaim(java.lang.String)'
This dependency downgrade is not listed in the release notes: https://github.com/spring-projects/spring-boot/releases/tag/v2.4.3
I saw in the release notes of Spring Boot 2.5.2-M2 that it includes an update to Nimbus JOSE JWT 9.5
See: #25249
The text was updated successfully, but these errors were encountered: