Upgrade to Spring Security 5.4.5

This commit also downgrade JOSE JWT to address an incompatibility with the OIDC SDK 8.x. The OIDC SDK has also been upgraded to the latest 8.x release to align with the version used by Spring Security. Closes gh-25221 Fixes gh-25070
spring-projects · Feb 18, 2021 · bb56de7 · bb56de7
1 parent 08f73e0
commit bb56de7
Showing 1 changed file with 3 additions and 3 deletions.
diff --git a/spring-boot-project/spring-boot-dependencies/build.gradle b/spring-boot-project/spring-boot-dependencies/build.gradle
@@ -1196,14 +1196,14 @@ bom {
 			]
 		}
 	}
-	library("OAuth2 OIDC SDK", "8.23.1") {
+	library("OAuth2 OIDC SDK", "8.36") {
 		group("com.nimbusds") {
 			modules = [
 				"oauth2-oidc-sdk"
 			]
 		}
 	}
-	library("Nimbus JOSE JWT", "9.1.3") {
+	library("Nimbus JOSE JWT", "8.20.2") {
 		group("com.nimbusds") {
 			modules = [
 				"nimbus-jose-jwt"
@@ -1624,7 +1624,7 @@ bom {
 			]
 		}
 	}
-	library("Spring Security", "5.4.2") {
+	library("Spring Security", "5.4.5") {
 		group("org.springframework.security") {
 			imports = [
 				"spring-security-bom"