oltu-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Ralf Riedel (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (OLTU-208) use of outdated + broken version of org.apache.oltu.commons.encodedtoken
Date Thu, 26 Oct 2017 13:44:00 GMT

    [ https://issues.apache.org/jira/browse/OLTU-208?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16220443#comment-16220443

Ralf Riedel commented on OLTU-208:

[~asanso] Hi Antonio, currently we're using a bunch of oltu-modules with the version for *org.apache.oltu.commons.encodedtoken*
patched to 1.0.1, and experienced no side effects so far. Probably it's as easy as changing
the version number in all modules that depend on *org.apache.oltu.commons.encodedtoken*

> use of outdated + broken version of org.apache.oltu.commons.encodedtoken
> ------------------------------------------------------------------------
>                 Key: OLTU-208
>                 URL: https://issues.apache.org/jira/browse/OLTU-208
>             Project: Apache Oltu
>          Issue Type: Bug
>          Components: JWT
>            Reporter: Ralf Riedel
>            Assignee: Antonio Sanso
> The most recent artifact for *org.apache.oltu.oauth2.jwt* published in maven central
> {code:xml}
> <dependency>
>     <groupId>org.apache.oltu.oauth2</groupId>
>     <artifactId>org.apache.oltu.oauth2.jwt</artifactId>
>     <version>1.0.3</version>
> </dependency>
> {code}
> uses version *[1.0.0|https://mvnrepository.com/artifact/org.apache.oltu.commons/org.apache.oltu.commons.encodedtoken/1.0.0]*
of *org.apache.oltu.commons.encodedtoken*, see [https://mvnrepository.com/artifact/org.apache.oltu.oauth2/org.apache.oltu.oauth2.jwt/1.0.3]
> There is already a newer Version *[1.0.1|https://mvnrepository.com/artifact/org.apache.oltu.commons/org.apache.oltu.commons.encodedtoken/1.0.1]*
available, which includes a fix for a bug that currently hits us: A wrong regexp pattern for
base64url encoded strings makes 
> {code:java}org.apache.oltu.commons.encodedtoken.TokenReader{code}
> rejecting valid Tokens we receive from a third party software.
> Could you please update the dependencies for  *org.apache.oltu.oauth2.jwt* to use Version
1.0.1 instead of 1.0.0 of *org.apache.oltu.commons.encodedtoken*?

This message was sent by Atlassian JIRA

View raw message