I am looking for a vulnerabilities list for JOSE4J if any. We want to apply the library in our product to validate Azure AD tokens and generate so called entitlement tokens which contain more product related data, we like the library a lot, but the question from the security team came up if there are any vulnerabilities identified for JOSE4J and if any where are they posted, and how bug fixes are communicated in case of a discovered vulnerability
Thanks
Jan
The Release Notes of the project lists the changes made including anything security related.