Security advisory for pac4j-jwt (JwtAuthenticator)
A security vulnerability affecting the JwtAuthenticator in the pac4j-jwt module has been identified and fixed.
To stay safe, you MUST upgrade:
- If you use the 4.x line: upgrade to 4.5.9 (or newer)
- If you use the 5.x line: upgrade to 5.7.9 (or newer)
- If you use the 6.x line: upgrade to 6.3.3 (or newer)
No additional details will be shared in this post.
This vulnerability was discovered by CodeAnt AI Security Research Team, part of https://www.codeant.ai/, [email protected].
Jérôme LELEU - March 2026