Fusionauth Jwt Versions Save

• Correct the padding when extracting the r and s components from a DER encoded public key. This bug may cause some signatures to be invalid when using ES512.

  Resolves https://github.com/FusionAuth/fusionauth-jwt/issues/57

• Upgraded Jackson Core to 2.15.2.

Add support for providing your own JWT header. This will enable you to customize the header property order for example.

Resolves https://github.com/FusionAuth/fusionauth-jwt/issues/52 Thanks to @mdemille for the request and the PR!

• Bind a deserializer using @JsonDeserialize the JWT object for all ZoneDateTime objects. This allows you to use any Jackson Object Mapper w/out explicitly binding these deserializers.

• Upgraded Jackson Core to 2.14.0

• Upgraded Jackson Core to 2.13.4.

Upgrade Jackson to 2.13.3

Add a new decode method that takes a Function instead of a Map of Verifiers.

Proactive patch for CVE-2022-21449 ahead of the fix that should be coming for the JDK.

• Check ECDSA signature to ensure that r and s are > 0.
• See https://nvd.nist.gov/vuln/detail/CVE-2022-21449

• Allow for a 2047 bit RSA key, turns out this is a thing.

Resolves https://github.com/FusionAuth/fusionauth-jwt/issues/41 Thanks to @paul-eeoc for opening the issue.