Spring Security Update to oauth2-oidc-sdk 9.43.5

Update to oauth2-oidc-sdk 9.43.5

Comment From: gaussianrecurrence

Hi,

I am experiencing the issue described here #16579. For now setting the json-smart version to 2.5.2 does the trick, but I was wondering if this commit was going to be ported to older versions like 5.8.x or is it going to be only available for 6.4.x ?

Thanks!

Comment From: jgrandja

@gaussianrecurrence

Yes, the oauth2-oidc-sdk dependency will be updated in 5.8.x and all other commercially supported branches.

See the support page for a list of OSS vs. Enterprise support.

Comment From: Nephery

Hi @jgrandja , I think you might want to upgrade to 9.43.6 instead of 9.43.5. According to their issue and the json-smart 2.5.2 release notes, it looks like 9.43.5 is still vulnerable to CVE-2024-57699

Comment From: sjohnr

@Nephery thanks. This is handled normally with dependabot these days, and it looks like the upgrade already happened in time for the upcoming release.