webpush-java icon indicating copy to clipboard operation
webpush-java copied to clipboard

Published 20 hours ago verified publisher icon web-push-libs

Update org.bitbucket.b_c:jose4j to 0.9.4

Open had1z opened this issue 9 months ago • 2 comments
trafficstars

There are 2 vulnerabilities reported for org.bitbucket.b_c:jose4j 0.7.9

CVE-2023-31582:

  • Severity: High
  • Patched versions: 0.9.3

CVE-2023-51775:

  • Severity: Moderate
  • Patched versions: 0.9.4

This pull request updates org.bitbucket.b_c:jose4j to 0.9.4 to address those vulnerabilities.

had1z avatar Feb 21 '25 17:02 had1z

I agree, you can even go to 0.9.6 as suggested in https://github.com/web-push-libs/webpush-java/pull/192

jmini avatar Mar 06 '25 08:03 jmini

Changed to 0.9.6 as you suggested.

had1z avatar Mar 13 '25 13:03 had1z