From f12e1b2fbeed3aea6b8c68e8ed17d050294c59af Mon Sep 17 00:00:00 2001
From: atu-sharm <131497429+atu-sharm@users.noreply.github.com>
Date: Sat, 13 May 2023 12:42:57 +0530
Subject: [PATCH] KAFKA-14994: jose4j is vulnerable to CVE- Improper
 Cryptographic Algorithm (#13717)

Reviewers: Manikumar Reddy <manikumar.reddy@gmail.com>
---
 LICENSE-binary             | 2 +-
 gradle/dependencies.gradle | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/LICENSE-binary b/LICENSE-binary
index 842962e61ad2..4cd1dfe09eeb 100644
--- a/LICENSE-binary
+++ b/LICENSE-binary
@@ -234,7 +234,7 @@ jetty-util-9.4.48.v20220622
 jetty-util-ajax-9.4.48.v20220622
 jersey-common-2.34
 jersey-server-2.34
-jose4j-0.7.9
+jose4j-0.9.3
 lz4-java-1.8.0
 maven-artifact-3.8.4
 metrics-core-4.1.12.1
diff --git a/gradle/dependencies.gradle b/gradle/dependencies.gradle
index 0f66979c3350..8e798d3848fe 100644
--- a/gradle/dependencies.gradle
+++ b/gradle/dependencies.gradle
@@ -81,7 +81,7 @@ versions += [
   jaxrs: "2.1.1",
   jfreechart: "1.0.0",
   jopt: "5.0.4",
-  jose4j: "0.7.9",
+  jose4j: "0.9.3",
   junit: "5.9.3",
   jqwik: "1.7.2",
   kafka_0100: "0.10.0.1",
@@ -210,7 +210,7 @@ libs += [
   slf4jApi: "org.slf4j:slf4j-api:$versions.slf4j",
   slf4jlog4j: "org.slf4j:slf4j-log4j12:$versions.slf4j",
   snappy: "org.xerial.snappy:snappy-java:$versions.snappy",
-  swaggerAnnotations: "io.swagger.core.v3:swagger-annotations:$versions.swaggerAnnotations", 
+  swaggerAnnotations: "io.swagger.core.v3:swagger-annotations:$versions.swaggerAnnotations",
   swaggerJaxrs2: "io.swagger.core.v3:swagger-jaxrs2:$versions.swaggerJaxrs2",
   zookeeper: "org.apache.zookeeper:zookeeper:$versions.zookeeper",
   jfreechart: "jfreechart:jfreechart:$versions.jfreechart",