From 28a2ca716a24df4e1eb8bc1c0efc85743742d909 Mon Sep 17 00:00:00 2001
From: lhazlewood <121180+lhazlewood@users.noreply.github.com>
Date: Sat, 14 Oct 2023 17:20:25 -0700
Subject: [PATCH] Upgraded org.json dependency to 20231013
* Upgrades org.json dependency to 20231013 (#862)
---
CHANGELOG.md | 9 +++++++++
pom.xml | 3 ++-
2 files changed, 11 insertions(+), 1 deletion(-)
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 5b2a12757..a0c5bdbae 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,14 @@
## Release Notes
+### 0.12.3
+
+This patch release:
+
+* Upgrades the `org.json` dependency to `20231013` to address that library's
+ [CVE-2023-5072](https://nvd.nist.gov/vuln/detail/CVE-2023-5072) vulnerability.
+* (Re-)enables empty values for custom claims, which was the behavior in <= 0.11.5.
+ [Issue 858](https://github.com/jwtk/jjwt/issues/858).
+
### 0.12.2
This is a follow-up release to finalize the work in 0.12.1 that tried to fix a reflection scope problem
diff --git a/pom.xml b/pom.xml
index ac0e08304..403c4344a 100644
--- a/pom.xml
+++ b/pom.xml
@@ -110,7 +110,7 @@
${user.name}-${maven.build.timestamp}
2.12.7.1
- 20230618
+ 20231013
2.9.0
@@ -677,6 +677,7 @@
3.2.2
3.8.1
+ 20230618
bcprov-jdk15to18
bcpkix-jdk15to18