From 28a2ca716a24df4e1eb8bc1c0efc85743742d909 Mon Sep 17 00:00:00 2001
From: lhazlewood <121180+lhazlewood@users.noreply.github.com>
Date: Sat, 14 Oct 2023 17:20:25 -0700
Subject: [PATCH] Upgraded org.json dependency to 20231013

* Upgrades org.json dependency to 20231013 (#862)
---
 CHANGELOG.md | 9 +++++++++
 pom.xml      | 3 ++-
 2 files changed, 11 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 5b2a12757..a0c5bdbae 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,14 @@
 ## Release Notes
 
+### 0.12.3
+
+This patch release:
+
+* Upgrades the `org.json` dependency to `20231013` to address that library's
+  [CVE-2023-5072](https://nvd.nist.gov/vuln/detail/CVE-2023-5072) vulnerability.
+* (Re-)enables empty values for custom claims, which was the behavior in <= 0.11.5. 
+  [Issue 858](https://github.com/jwtk/jjwt/issues/858).
+
 ### 0.12.2
 
 This is a follow-up release to finalize the work in 0.12.1 that tried to fix a reflection scope problem
diff --git a/pom.xml b/pom.xml
index ac0e08304..403c4344a 100644
--- a/pom.xml
+++ b/pom.xml
@@ -110,7 +110,7 @@
         <buildNumber>${user.name}-${maven.build.timestamp}</buildNumber>
 
         <jackson.version>2.12.7.1</jackson.version>
-        <orgjson.version>20230618</orgjson.version>
+        <orgjson.version>20231013</orgjson.version>
         <gson.version>2.9.0</gson.version>
 
         <maven.javadoc.additionalOptions />
@@ -677,6 +677,7 @@
             <properties>
                 <maven.jar.version>3.2.2</maven.jar.version>
                 <maven.compiler.version>3.8.1</maven.compiler.version>
+                <orgjson.version>20230618</orgjson.version>
                 <bcprov.artifactId>bcprov-jdk15to18</bcprov.artifactId>
                 <bcpkix.artifactId>bcpkix-jdk15to18</bcpkix.artifactId>
             </properties>