{"id":5122,"name":"Microsoft.IdentityModel.JsonWebTokens","ecosystem":"nuget","repository_url":null,"issues_count":208,"created_at":"2025-06-06T17:08:28.299Z","updated_at":"2025-06-06T17:08:28.299Z","purl":"pkg:nuget/Microsoft.IdentityModel.JsonWebTokens","unique_repositories_count":49,"unique_repositories_count_past_30_days":4,"recent_issues":[{"uuid":"4584152602","node_id":"PR_kwDOGnKBAc7icQiZ","number":148,"state":"closed","title":"Bump Microsoft.IdentityModel.JsonWebTokens from 8.17.0 to 8.19.1","user":"dependabot[bot]","labels":["dependencies",".NET"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-06-05T05:46:47.000Z","author_association":null,"state_reason":null,"created_at":"2026-06-03T22:32:48.000Z","updated_at":"2026-06-05T05:46:49.000Z","time_to_close":112439,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"Microsoft.IdentityModel.JsonWebTokens","old_version":"8.17.0","new_version":"8.19.1","repository_url":"https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet"}],"path":null,"ecosystem":"nuget"},"body":"Updated [Microsoft.IdentityModel.JsonWebTokens](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet) from 8.17.0 to 8.19.1.\n\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\n_Sourced from [Microsoft.IdentityModel.JsonWebTokens's releases](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/releases)._\n\n## 8.19.1\n\n## Bug Fixes\n- Update `JwtSecurityTokenHandler` for `IssuerSigningKeyResolverUsingConfiguration` toi take priority over `IssuerSigningKeyResolver`, matching the documented contract and the correct behavior already present in `JsonWebTokenHandler`. See [PR #​3519](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3519).\n\n## 8.19.0\n\n## New Features\n- Add ML-DSA (FIPS 204) post-quantum signature support. See [PR #​3479](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3479).\n- Cache custom crypto providers in CryptoProviderFactory. See [PR #​3489](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3489).\n\n## Bug Fixes\n- Disable automatic redirects on default HttpClient for JKU retrieval. See [PR #​3494](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3494).\n- Adjust rented buffer handling in claim set parsing. See [PR #​3493](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3493).\n- Tidy null handling in SAML conditions validation. See [PR #​3491](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3491).\n- Improve validation of `jku` claim. See [PR #​3481](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3481).\n- Limit telemetry algorithm dimension cardinality. See [PR #​3490](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3490).\n- Add defensive copy of collections in ValidationParameters. See [PR #​3492](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3492).\n- Update TokenValidationParameter copy constructor to make a deep copy. See [PR #​3488](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3488).\n- Update to fail-closed when replay protection isn't configured and other DPoP hardening. See [PR #​3505](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3505).\n- Apply RFC 3986 section 6.2.2 normalization to DPoP `htu` comparison. See [PR #​3509](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3509).\n\n## 8.18.0\n\n## New Features\n- Introduced a new interface `IConfigurationEventHandlerContextAware\u003cT\u003e` that provides context to the configuration event handler implementation, allowing it to optionally bypass a cache lookup. See [PR #​3444](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3444).\n- Added Microsoft.IdentityModel.Dpop — a new package implementing DPoP (Demonstrating Proof-of-Possession) per RFC 9449. Provides both client-side and server-side proof validation with no System.Net.Http dependency. See [PR #​3443](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3443).\n\n\nCommits viewable in [compare view](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.17.0...8.19.1).\n\u003c/details\u003e\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/NosCoreIO/NosCore.Networking/pull/148","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/NosCoreIO%2FNosCore.Networking/issues/148","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/148/packages"},{"uuid":"4492660295","node_id":"PR_kwDOLkzEy87d1j9w","number":146,"state":"open","title":"Bump MediatR and Microsoft.IdentityModel.JsonWebTokens","user":"dependabot[bot]","labels":[],"assignees":[],"locked":false,"comments_count":9,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-21T07:35:07.000Z","updated_at":"2026-05-21T07:41:25.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"MediatR","repository_url":"https://github.com/LuckyPennySoftware/MediatR"},{"name":"Microsoft.IdentityModel.JsonWebTokens","repository_url":"https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet"}],"path":null,"ecosystem":"nuget"},"body":"Updated [MediatR](https://github.com/LuckyPennySoftware/MediatR) from 12.4.1 to 14.1.0.\n\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\n_Sourced from [MediatR's releases](https://github.com/LuckyPennySoftware/MediatR/releases)._\n\n## 14.1.0\n\n## What's Changed\n* Migrating to slnx by @​jbogard in https://github.com/LuckyPennySoftware/MediatR/pull/1147\n* Remove Azure-dependent CI steps to fix forked PR builds by @​Copilot in https://github.com/LuckyPennySoftware/MediatR/pull/1154\n* Handling nested generic arguments by @​jbogard in https://github.com/LuckyPennySoftware/MediatR/pull/1155\n* Handling F# assemblies correctly by catching reflection exceptions an… by @​jbogard in https://github.com/LuckyPennySoftware/MediatR/pull/1156\n* Simplify CheckLicense to use GetRequiredService instead of fallback constructors by @​Copilot in https://github.com/LuckyPennySoftware/MediatR/pull/1158\n* Fix: Cryptic \"No constructor\" Error When ILoggerFactory Is Not Registered (Issue #​1153) by @​jbogard in https://github.com/LuckyPennySoftware/MediatR/pull/1157\n* De-duping notification handlers before dispatching by @​jbogard in https://github.com/LuckyPennySoftware/MediatR/pull/1159\n* Log warning when perpetual license cannot be applied due to missing build date by @​Copilot in https://github.com/LuckyPennySoftware/MediatR/pull/1163\n* Perpetual licensing by @​jbogard in https://github.com/LuckyPennySoftware/MediatR/pull/1162\n\n## New Contributors\n* @​Copilot made their first contribution in https://github.com/LuckyPennySoftware/MediatR/pull/1154\n\n**Full Changelog**: https://github.com/LuckyPennySoftware/MediatR/compare/v14.0.0...v14.1.0\n\n## 14.0.0\n\n## What's Changed\n* Bumping to .NET 10 by @​jbogard in https://github.com/LuckyPennySoftware/MediatR/pull/1143\n* Enabling package signing\n\n**Full Changelog**: https://github.com/LuckyPennySoftware/MediatR/compare/v13.1.0...v14.0.0\n\n## 14.0.0-beta-1\n\n## What's Changed\n* Bumping to .NET 10 by @​jbogard in https://github.com/LuckyPennySoftware/MediatR/pull/1143\n* [Signed packages](https://learn.microsoft.com/en-us/nuget/create-packages/sign-a-package)\n\n**Full Changelog**: https://github.com/LuckyPennySoftware/MediatR/compare/v13.1.0...v14.0.0-beta-1\n\nThis release is a beta release that introduces .NET 10 support and package signing. Signed packages means going forward packages can be validated against trusted authorities that the package has been published by Lucky Penny Software and not tampered with.\n\n## 13.1.0\n\n## What's Changed\n* Do not require non-public license classes to be registered; fixes #​1127 by @​jbogard in https://github.com/LuckyPennySoftware/MediatR/pull/1129\n* Adding direct .NET 4.x support by @​jbogard in https://github.com/LuckyPennySoftware/MediatR/pull/1131\n* Update release.yml by @​dhgatjeye in https://github.com/LuckyPennySoftware/MediatR/pull/1132\n* Allowing static license key values by @​jbogard in https://github.com/LuckyPennySoftware/MediatR/pull/1136\n* Dependency Injection tests for various providers by @​jithu7432 in https://github.com/LuckyPennySoftware/MediatR/pull/1134\n* Upgrade to System.Text.Json version without transitive vulnerability by @​kanilsz in https://github.com/LuckyPennySoftware/MediatR/pull/1139\n* Add DI tests for `LightInject`, `StashBox`, `Lamar` by @​jithu7432 in https://github.com/LuckyPennySoftware/MediatR/pull/1137\n\n## New Contributors\n* @​dhgatjeye made their first contribution in https://github.com/LuckyPennySoftware/MediatR/pull/1132\n* @​kanilsz made their first contribution in https://github.com/LuckyPennySoftware/MediatR/pull/1139\n\n**Full Changelog**: https://github.com/LuckyPennySoftware/MediatR/compare/v13.0.0...v13.1.0\n\n## 13.0.0\n\n**Full Changelog**: https://github.com/LuckyPennySoftware/MediatR/compare/v12.5.0...v13.0.0\n\n* Added support for .NET Standard 2.0\n* Requiring license key\n* Moving from Apache license to dual commercial/OSS license\n\nTo set your license key:\n\n```csharp\nservices.AddMediatR(cfg =\u003e {\n    cfg.LicenseKey = \"\u003cLicense key here\u003e\";\n});\n```\n\nYou can obtain your license key at [MediatR.io](https://mediatr.io)\n\n## 12.5.0\n\n## What's Changed\n* Open behavior multiple registration extensions by @​Emopusta in https://github.com/jbogard/MediatR/pull/1065\n* Remove duplicate `Nullable` property from `MediatR.Contracts` by @​jithu7432 in https://github.com/jbogard/MediatR/pull/1061\n* Timeout behavior support by @​zachpainter77 in https://github.com/jbogard/MediatR/pull/1058\n* GitHub Actions upload-artifacts@​v2 deprecated moving to v4 by @​jithu7432 in https://github.com/jbogard/MediatR/pull/1072\n* update MinVer from 4.3.0 to 6.0.0 by @​adamralph in https://github.com/jbogard/MediatR/pull/1102\n* Update setup-dotnet package version. by @​Emopusta in https://github.com/jbogard/MediatR/pull/1086\n* Add test for multiple open behavior registration feature. by @​Emopusta in https://github.com/jbogard/MediatR/pull/1077\n* Add validation and comments to OpenBehavior entity. by @​Emopusta in https://github.com/jbogard/MediatR/pull/1078\n* Passing CancellationToken to the call chain by @​podobaas in https://github.com/jbogard/MediatR/pull/1100\n\n## New Contributors\n* @​Emopusta made their first contribution in https://github.com/jbogard/MediatR/pull/1065\n* @​jithu7432 made their first contribution in https://github.com/jbogard/MediatR/pull/1061\n* @​podobaas made their first contribution in https://github.com/jbogard/MediatR/pull/1100\n\n**Full Changelog**: https://github.com/jbogard/MediatR/compare/v12.4.1...v12.5.0\n\nCommits viewable in [compare view](https://github.com/LuckyPennySoftware/MediatR/compare/v12.4.1...v14.1.0).\n\u003c/details\u003e\n\nUpdated [Microsoft.IdentityModel.JsonWebTokens](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet) from 7.4.0 to 8.14.0.\n\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\n_Sourced from [Microsoft.IdentityModel.JsonWebTokens's releases](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/releases)._\n\n## 8.14.0\n\n8.14.0\n====\n## Bug Fixes\n- Switch back to use `ValidationResult` instead of `OperationResult` when validating a token in a new experimental validation flow. Additionally removed the dependency on Microsoft.IdentityModel.Abstractions. See [#​3299](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3299) for details.\n\n## 8.13.1\n\n8.13.1\n====\n## Dependencies\nMicrosoft.IdentityModel now depends on Microsoft.Identity.Abstractions 9.3.0\n\n## Bug Fixes\n- Fixed a decompression failure happening for large JWE payloads. See [#​3286](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3286) for details.\n\n### Work related to redesign of IdentityModel's token validation logic [#​2711](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2711)\n- Update the validation methods to return Microsoft.Identity.Abstractions.OperationResult. See [#​3284](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3284) for details.\n\n8.13.0\n\n## 8.13.0\n\n8.13.0\n====\n### Fundamentals\n- `CaseSensitiveClaimsIdentity.SecurityToken` setter is now protected internal (was internal). See PR [#​3278](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3278) for details.\n- Update .NET SDK version to 9.0.108 used when building or running the code. See PR [#​3274](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3274) for details.\n- Update RsaSecurityKey.cs to replace the Pkcs1 padding by Pss from HasPrivateKey check. See [#​3280](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3280) for details.\n\n## What's Changed\n* Make CaseSensitiveClaimsIdentity.SecurityToken setter protected by @​keegan-caruso in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3278\n* Update .NET SDK version in global.json from 9.0.107 to 9.0.108 by @​Copilot in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3274\n* Update RsaSecurityKey.cs to remove Pkcs 1 by @​keegan-caruso in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3280\n* changelog for 8.13 by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3282\n\n## New Contributors\n* @​Copilot made their first contribution in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3274\n\n**Full Changelog**: https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.12.1...8.13.0\n\n## 8.12.1\n\n8.12.1\n====\n### Fundamentals\n- Update .NET SDK version to 9.0.107 used when building or running the code. See [#​3263](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3263) for details.\n- To keep our experimental code separate from production code, all files associated with experimental features have been moved to the Experimental folders. See PR [#​3261](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3261) for details.\n- Experimental code leaked into TokenValidationResult from early prototypes. See PR [#​3259](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3259) for details.\n\n## What's Changed\n* Remove experimental code from TokenValidationResult by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3259\n* Moved files to experimental folder by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3261\n* Update global.json to latest by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3263\n\n\n**Full Changelog**: https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.12.0...8.12.1\n\n## 8.12.0\n\n8.12.0\n====\n\n## New Features\n- **Enhance ConfigurationManager with event handling**  \n  Added event handling capabilities to the `ConfigurationManager`, enabling consumers to subscribe to configuration change events. This enhancement improves extensibility and allows more responsive applications. For details see [#​3253](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3253)  \n\n## Bug Fixes\n- **Add expected Base64UrlEncoder.Decode overload for NET6 and 8**  \n  Introduced the expected overload of `Base64UrlEncoder.Decode` for .NET 6 and 8, ensuring compatibility and preventing missing method issues on these frameworks.  \n  For details see [#​3249](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3249)  \n\n## Fundamentals\n- **Add AI assist rules**  \n  Incorporated AI assist rules to enhance AI agents effectiveness.  \n  For details see [#​3255](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3255)  \n- **Update PublicApiAnalyzers and BannedApiAnalyzers to 4.14.0**  \n  Upgraded analyzer packages for improved diagnostics and code consistency (in particular delegates are added).  \n  For details see [#​3256](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3256)  \n- **Move suppression of RS006 to csproj**  \n  Centralized suppression of RS006 warnings in project files for easier management.  \n  For details see [#​3230](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3230)\n\n## What's Changed\n* Move suppression of RS006 to csproj. by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3230\n* Add expected Base64UrlEncoder.Decode overload for NET6 and 8 by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3250\n* add ai assist rules by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3255\n* Enhance ConfigurationManager with event handling by @​GeoK in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3254\n* Update PublicApiAnalyzers and BannedApiAnalyzers to 4.14.0 by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3256\n* Update CHANGELOG.md for 8.12.0 by @​jmprieur in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3258\n\n\n**Full Changelog**: https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.11.0...8.12.0\n\n## 8.11.0\n\n8.11.0\n=====\n## New Features:\n- Microsoft.IdentityModel now exposes the AadIssuerValidator factory method publicly to enable caching functionality for AadIssuerValidator instances. See issue [#​3245](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3245) for details.\n- Added a new public async API: `JsonWebTokenHandler.DecryptTokenWithConfigurationAsync`, which decrypts a JWE token using keys from either `TokenValidationParameters` or, if not present, from configuration (such as via a ConfigurationManager). This enhancement improves developer experience by enabling asynchronous, cancellation-aware JWE decryption scenarios, aligning with modern .NET async patterns and making integration with external key/configuration sources more robust and observable. See PR [#​3243](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3243) for details.\n\n## What's Changed\n* few updates by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3242\n* Changelog for 8.10.0 by @​sruke in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3241\n* Exposes publicly override of AadIssuerValidator factory taking a delegate by @​jmprieur in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3244\n* update current version to 8.10.0 by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3246\n* Add DecryptTokenWithConfiguration API by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3243\n* changelog for 8.11 by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3248\n\n\n**Full Changelog**: https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.10.0...8.11.0\n\n## 8.10.0\n\n8.10.0\n=====\n## Bug Fixes\n- Corrected casing of the Type attribute in SubjectConfirmationData. See [#​3206](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3206).\n- Removed Microsoft.Bcl.Memory dependency for pre-.NET 9.0 targets. See [#​3220](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/commit/33784b8ec0ff4300efad788535f90b3adc5bdfd1).\n- Aligned Microsoft.Extensions.Logging.Abstractions version to 8.0.0 for .NET 9 to match other targets. See [#​3226](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/commit/793bd34e945eb8ba7528cf87c4a29a29c4704a65).\n\n## Fundamentals\n- Introduced Long-Term Support (LTS) policy. See [#​3228](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/commit/946bec18cdeb26b8133a04e8c056dd5f17588f89) and [#​3232](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/commit/14842aedb3d57c32b9ce784061cd9beccbdd1eb1).\n\n## 8.9.0\n\n8.9.0\n=====\n## Bug Fixes\n- syncAfter has been updated to preserve UTC information, addressing a bug where GetConfigurationAsync does not refresh configuration in ConfigurationManager. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3213.\n- Fixed a null reference issue in KeyInfo. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3203.\n\n## New Features\n- Introduced a new delegate for reading custom token payload values on JsonWebToken. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2981.\n- Added an overload for ReadJsonWebToken to take a ReadOnlyMemory. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3205.\n\n## Fundamentals\n- Utilized IList to avoid enumerator allocation during audience validation. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3204.\n\n## 8.8.0\n\n8.8.0\n=====\n## New Features\n- Adds the ability for the metadata refresh to be done as a blocking call, as per 8.0.1 behavior. This is done through the `Switch.Microsoft.IdentityModel.UpdateConfigAsBlocking` switch. If set, configuration calls will be blocking when metadata is updated, otherwise, if token arrive with a new signing keys, validation errors will be returned to the caller. See PR [#​3193](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3193) for details.\n- Identity.Model updates some log and error messages (IDX10214, IDX10215). If the information is needed for debugging purposes, it can be reverted via the `Switch.Microsoft.IdentityModel.DoNotScrubExceptions` AppContextSwitch. See PR [#​3195](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3195) and https://aka.ms/identitymodel/app-context-switches for details.\n- Change all plain object locks to `System.Thread.Lock` objects for .NET 9 or greater. See PRs [#​3185](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3185) and [#​3189](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3189) for details.\n\n\n## 8.7.0\n\n## Bug Fixes\n- Add back internal methods `IsRecoverableException` and `IsRecoverableExceptionType` whose signatures were changed in the previous version. See [#​3181](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3181).\n\n## New Features\n- Make `Cnf` class public and move it to Microsoft.IdentityModel.Tokens package. See [#​3165](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3165).\n\n## What's Changed\n* Post Release 8.6.1 cleanup  by @​mdchennu in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3160\n* Updates CodeQL.yaml to exclude test files by @​sruke in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3163\n* Adds explanation for CodeQL warnings by @​sruke in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3167\n* Fix typo by @​rstm-sf in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3175\n* Need to change the locks by @​JoshLozensky in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3171\n* Move CNF from SHR to M.IM.Tokens by @​keegan-caruso in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3168\n* Add back IsRecoverableException methods. by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3183\n* Revert \"Need to change the locks\" by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3186\n* 8.7.0 changelog by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3184\n\n## New Contributors\n* @​rstm-sf made their first contribution in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3175\n\n**Full Changelog**: https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.6.1...8.7.0\n\n## 8.6.1\n\n8.6.1\n=====\n## Bug fix\n- Microsoft.IdentityModel now triggers a configuration refresh if token decryption fails. See issue [#​3148](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3148) for details.\n- Fix a bug in `JsonWebTokenHandler` where `JwtTokenDecryptionParameters`'s `Alg` and `Enc` were not set during token decryption, causing `IDX10611` and `IDX10619` errors to show null values in the messages. See issue [#​3003](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3003) for details.\n\n## Fundamentals\n- For development, IdentityModel now has a global.json file to specify the .NET SDK version. See issue [#​2995](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2995) for details.\n\n## What's Changed\n* Update version.props to next version by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3145\n* Update the public API shipped files by @​jmprieur in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3146\n* Add global.json file by @​mdchennu in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3153\n* Trigger metadata refresh for token decryption errors by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3149\n* Populate error messages correctly from JwtTokenUtilities.DecryptJwtToken by @​ksaaf in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3152\n* first changelog update by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3156\n\n## New Contributors\n* @​mdchennu made their first contribution in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3153\n* @​ksaaf made their first contribution in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3152\n\n**Full Changelog**: https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.6.0...8.6.1\n\n## 8.6.0\n\n8.6.0\n=====\n## New Features\n- TokenValidationParameters has a new boolean property `TryAllDecryptionKeys` that let you choose whether to try all decrypt keys when no key matches the token decrypt key IDs. By default it's set to **true** (legacy behavior) but you can set it to false to avoid tyring all keys which is more performant. See [#​3128](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3128)\n- Promote KeyInfo.MatchesKey from internal to protected internal virtual to enable SAML extensibility (for CoreWcf). See [#​3140](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3140)\n\n## Fundamentals\n* Update dependency on Microsoft.Extensions.Logging.Abstractions from 9.0.0 to 8.0.2 to avoid package downgrade in apps on .NET 9 using a netstandard2.0 library referencing logging.abstractions. See [3143](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3143)\n* Add more tests for encrypted tokens. See [#​3139](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3139)\n\n## What's Changed\n* Update CHANGELOG.md by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3133\n* Update version.props to next version by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3137\n* Add TryAllDecryptionKeys flag to whether decrypt if no key IDs match by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3128\n* Change KeyInfo.MatchesKey from internal to protected internal virtual. by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3140\n* Fix #​3112 by @​jmprieur in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3143\n* Add more auto-decryption related tests by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3139\n* Update changelog.md for 8.6.0 by @​jmprieur in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3144\n\n\n**Full Changelog**: https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.5.0...8.6.0\n\n## 8.5.0\n\n8.5.0\n=====\n## Reverting previous breaking change\n- The Configuration Manager has been reverted to version 8.3.1. The changes made in 8.4.0 assume the configuration manager is used as a singleton, which is similar to marking the type as disposable. We have since learned that [adding IDisposable is a breaking change](https://learn.microsoft.com/en-us/dotnet/fundamentals/runtime-libraries/system-idisposable), so we are following [semver guidance](https://semver.org/#what-do-i-do-if-i-accidentally-release-a-backward-incompatible-change-as-a-minor-version) and reverting and releasing a minor version (8.5.0).\n- Cherry-picked Changes: Included changes from PR [#​3022](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3022) and [#​3104](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3104).\n\n## What's Changed\n* Update version.props by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3126\n* fix formatting error by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3134\n* Revert configuration manager to 8.3.1 by @​keegan-caruso in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3132\n\n\n**Full Changelog**: https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.4.0...8.5.0\n\n## 8.4.0\n\n8.4.0\n=====\n## New Features\n- App context switch allows blocking or non-blocking calls for configuration. See PR [#​3106](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3106) for details and issue [#​3082](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3082) for details. If you are not using the ConfigurationManager as a singleton and not using the blocking option, you may need to call ShutdownBackgroundTask() to stop the background task to avoid leaking Tasks.\n- IdentityModel now enables symmetric and asymmetric keys to be created publicly with JWK. See [#​3094](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3094) for details.\n- IdentityModel now allows specifying the HTTP protocol version and version policy. See [#​2808](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2808) for details.\n\n## Repair items\n- Add request count and duration telemetry for configuration requests. See [#​3022](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3022) for details.\n- `KeyID` should be present in exception messages and is no longer PII. See [#​3104](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3104) for details.\n\n## Fundamentals\n- Fix spelling issues in xml comments. See [#​3117](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3117) for details.\n- Fix comment coverage in PR builds. See [#​3079](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3079) for details.\n\n### Work related to redesign of IdentityModel's token validation logic [#​2711](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2711)\n- See [#​3056](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3056). [#​3100](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3100), [#​3017](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3107), and [#​3111](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3111).\n- Add internal virtual on TokenHandler. See [#​3084](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3084) for details.\n\n* @​prochnowc made their first contribution in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2809\n\n## 8.3.1\n\n8.3.1\n=====\n## Bug Fixes\n* Respect TVP.RequireAudience when set to false. See [#​3055](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3055)\n* For net4.6.2 select RSACng for PSS support. See [#​3097](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3097)\n* Fix package downgrade in consuming libraries. See[#​3062](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3062)\n* Fix integer overflow in `AuthenticationEncryptionProvider.cs`. See [#​3063](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3063)\n\n## Fundamentals\n* Removed unused property on JsonWebToken ClaimsIdentity. See [#​3071](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3071) for details.\n* Upgrade to C# 13. See [#​2998](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2998)\n* Use new Base64Url API. See [#​22817](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2817)\n* Add warning quality check. See [#​3067](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3067)\n* Update dotnet actions. see [#​3074](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3074)\n* Fix warnings. See [#​3081](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3081)\n* Test updates in JsonWebToken. See [#​3080](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3080).\n\n### Work related to redesign of IdentityModel's token validation logic [#​2711](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2711)\n- [#​3027](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3027), [#​3028](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3028), [#​3051](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3051), [#​3054](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3054)\n\n## What's Changed\n* Update CHANGELOG.md by @​jmprieur in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3053\n* Extensibility tests: Audience - JWT, SAML and SAML2 by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3027\n* Extensibility tests: Lifetime - JWT, SAML and SAML2 by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3028\n* Implement lazy ClaimsIdentity creation from ValidatedToken on SAML and SAML2 on the new validation model by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3051\n* Add logging to the new validation model by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3054\n* update version by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3057\n* lower version to avoid downgrades. by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3058\n* Respect TVP.RequireAudience when set to false by @​kllysng in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3055\n* Fix package downgrade in consuming libraries by @​jmprieur in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3062\n* Add slnf for running perf and stress tests by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3066\n* Add Warning Quality Check Build Task 🔨 by @​kllysng in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3067\n* Update template-Build-run-tests-sign.yml by @​ciaozhang in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3069\n* Removed unused property on JsonWebToken by @​keegan-caruso in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3072\n* Update setup dotnet actions by @​keegan-caruso in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3074\n* fixed #​2983 and re-add code coverage comments to PRs by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3076\n* Remove duplicate keyid into var keysAttempted by @​bdapoigny in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2899\n* Upgrade to C# 13 by @​westin-m in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2998\n* Use new Base64Url API by @​msbw2 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2817\n* Update common.props by @​ciaozhang in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3078\n* fix warnings by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3081\n* Fixed integer overflow in AuthenticatedEncryptionProvider.cs by @​gparametr in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3063\n* Test updates by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3080\n* For net4.6.2 select RSACng for PSS support. by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3085\n* changelog for 8.3.1 by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3098\n\n## New Contributors\n* @​bdapoigny made their first contribution in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2899\n* @​gparametr made their first contribution in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3063\n\n ... (truncated)\n\n## 8.3.0\n\n## New features\n\n### Work related to redesign of IdentityModel's token validation logic [#​2711](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2711)\n* SAML and SAML2 new model validation: Token Replay. See [#​2994](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2994)\n* Extensibility tests: Token Type - JWT ([#​3030](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3030)), Issuer - SAML and SAML2 ([#​3026](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3026)), Algorithm and Signature - JWT, SAML and SAML2 ([#​3034](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3034)), Token Replay - JWT, SAML and SAML2 ([#​3032](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3032)),  Issuer signing key - JWT, SAML and SAML2 ([#​3029](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/302))\n* Avoid code duplication in extensibility testing. See [#​3041](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3041)\n* Extensibility Testing: Refactor. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3011\n* Remove duplicate code in extensibility tests. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3044\n\n## Bug fixes\n* Fix bug with AadIssuerValidator. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3042\n* Fixed SignedHttpRequest flaky test. See [#​3037](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3037)\n \n## Fundamentals\n* Install all .NET versions in pipeline to fix run tests task. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3018\n* Changelog for 8.2.1. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3009\n* Remove unnecessary AoT test project. See in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3045\n* Fix powershell script for nuget update. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3046\n* Update to next version. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3010\n* Disable Coverage PR comments. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3048\n* Updates GitHub Action to support long paths, See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3049\n* Stack parameters to improve reading of code. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3031\n\n## New Contributors\n* @​ssmelov made their first contribution in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3042\n\n**Full Changelog**: https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.2.1...8.3.0\n\n## 8.2.1\n\n8.2.1\n=====\n### New features\n- Update to use .NET 9 GA. See [2990](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2990).\n\n### Bug fixes\n- Remove dependency on Microsoft.Bcl.TimeProvider for .NET 8+ targets. See [2935](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2935).\n- Update cgmanifest to align with the JSON schema. See [2969](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2969).\n\n### Fundamentals\n- Streamline token creation in `SecurityTokenDescriptor`. See [2993](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2993).\n- Prevent inlining to guarantee stack frames in test. See [2999](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2999).\n\n### Work related to redesign of IdentityModel's token validation logic [#​2711](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2711)\n- Simplify stack frame caching. See [2976](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2976).\n- Implement reading SAML and SAML2 tokens. See [2980](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2980).\n- Implement validating SAML signature. See [2950](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2950).\n- Add tests for `IssuerExtensibility`. See [2987](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2987).\n- Add validation for SAML and SAML2 issuer signing key. See [2965](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2965).\n- Add validation for SAML and SAML2 algorithm. See [2984](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2984).\n\n## What's Changed\n* Microsoft.Rest.ClientRuntime has been deprecated, which results in so… by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2970\n* Update to next version after 8.2.0 release by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2975\n* Consolidating test statics by @​trwalke in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2956\n* New token validation model: Simplify stack frame caching by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2976\n* Remove dependency on Microsoft.Bcl.TimeProvider for .NET 8+ targets by @​filipnavara in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2935\n* Update cgmanifest to align with the JSON schema by @​jeffhandley in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2969\n* SAML and SAML2 new model validation: Read Token by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2980\n* SAML2 new model validation: Signature by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2961\n* JsonWebTokenHandler IssuerExtensibility by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2987\n* SAML and SAML2 new model validation: Issuer Signing Key by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2965\n* Ignore AotCompatibilityTests on ADO by @​jmprieur in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2992\n* SAML and SAML2 new model validation: Algorithm by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2984\n* Use SecurityTokenDescriptor when creating tokens by @​msbw2 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2991\n* Prevent inlining to guarantee stack frames in test by @​westin-m in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3002\n* Update to .NET 9 GA. Update some test dependencies. by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2990\n* Add Abstractions.Tests to strong name bypass file. by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3004\n\n## New Contributors\n* @​jeffhandley made their first contribution in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2969\n\n**Full Changelog**: https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.2.0...8.2.1\n\n## 8.2.0\n\n8.2.0\n=====\n### Fundamentals\n- Update System.Text.Json to 8.0.5 CVE-2024-43485. See [2892](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2892).\n- Using FixedTimeEquals in NETCore targets. See [2857](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2857).\n- Updated .NET 9 to RC 2 [2898](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2898).\n- Adds ability to create token without kid [2968](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2968)\n- Enables code coverage in PRs [2946](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2946)\n- Various test improvements:\n- [#​2953](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2953)\n- [#​2955](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2955)\n- [#​2951](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2951)\n- [#​2952](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2952)\n- [#​2947](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2947)\n\n### Work related to redesign of IdentityModel's token validation logic [#​2711](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2711)\n- Validates Audience for SAML2TokenHandler with New Model [2863](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2863)\n- Improvements to AudienceValidation [2902](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2902)\n- Added properties to ValidationResult [2923](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2923)\n- Implements Audience and Lifetime validations in SamlSecurityTokenHandler [2925](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2925)\n- Implements Issuer validation in SamlSecurityTokenHandler [2948](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2948)\n\n## What's Changed\n* update to next version by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2890\n* Use FixedTimeEquals in NETCore targets  by @​westin-m in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2857\n* Update System.Text.Json to 8.0.5 CVE-2024-43485 by @​msbw2 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2892\n* Update .NET 9 to RC 2 by @​msbw2 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2898\n* Validate Audience for SAML2TokenHandler with New Model by @​FuPingFranco in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2863\n* Regression tests: Issuer by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2868\n* Mark Wilson APIs as Shipped by @​westin-m in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2903\n* Add Tests for Lifetime Validation Using New Validation Model For SAML2 by @​FuPingFranco in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2906\n* Suggested changes to AudienceValidation by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2902\n* Extensibility tests: Audience by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2861\n* Added properties to ValidationResult without throwing by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2923\n* Extensibility tests: Lifetime by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2867\n* Regression tests: Issuer signing key by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2927\n* Do not serialize CaseSensitiveClaimsIdentity.SecurityToken. by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2896\n* Fix typo by @​westin-m in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2894\n* Implement and Test Audience and Lifetime validations in SamlSecurityTokenHandler with New Validation Model by @​FuPingFranco in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2925\n* Fix Flaky Tests: NameAndRoleClaimDelegates and RoleClaims by @​kellyyangsong in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2873\n* Regression tests: Signature by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2930\n* Validate Issuer Using New Validation Model in Saml2SecurityTokenHandler by @​FuPingFranco in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2929\n* Fix builds on macOS / Linux using the build.sh script by @​filipnavara in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2937\n* Regression tests: Algorithm by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2934\n* Regression tests: Token Type by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2932\n* Regression tests: Token Replay by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2931\n* Fix DevEx and IDDP builds such that when building internally, use an internal Nuget feed instead of nuget.org by @​kellyyangsong in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2936\n* Restore PopKeyResolvingTests.GetPopKeysFromJkuAsync by @​kellyyangsong in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2947\n* Restore skipped test: ReferenceCountingTest_MultiThreaded by @​kellyyangsong in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2952\n* Restore EnsureAotCompatibility test by @​kellyyangsong in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2951\n ... (truncated)\n\n## 8.1.2\n\n## What's Changed\n\n### Bug fixes\n\n* CaseSensitiveClaimsIdentity.Clone() now returns a `CaseSensitiveClaimsIdentity` as expected, by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2879\n* Multiple unused and unusable (for the moment) public APIs were removed. These were introduced by mistake leaking from the work done on logging and exception handling, by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2888\n\n### Fundamentals\n* Enabled PublicApiAnalyzers to better understand and trace changes to the public API, by @​keegan-caruso in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2782\n\n\n**Full Changelog**: https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.1.1...8.1.2\n\n## 8.1.1\n\n8.1.1\n=====\n### Bug fixes\n- Fix bug where ConfigurationManager was updating keys too frequently. See [2866](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2866) for details.\n\n## What's Changed\n* Rename validation delegates by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2847\n* Remove TransformBeforeSignatureValidationDelegate from ValidationParameters by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2848\n* Add disable discovery enumeration = true to all theory tests by @​kellyyangsong in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2849\n* Make CaseSensitiveClaimIdentity serializable by @​kellyyangsong in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2850\n* Remove Obsolete BinaryFormatter  by @​kellyyangsong in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2851\n* Refactor ValidateConditions in Saml2SecurityTokenHandler by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2855\n* Set custom BenchmarkDotNetconfig as default by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2852\n* Regression tests: Audience by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2838\n* Fix ValidateJsonWebTokenClaimMapping Flaky Test 🐞 by @​kellyyangsong in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2859\n* update current version by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2862\n* Regression tests: Lifetime by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2839\n* Rename ResolveTokenDecryptionKeyDelegate to DecryptionKeyResolverDelegate by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2869\n* Set internal _syncAfter using only AutomaticRefreshInterval. by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2865\n* 8.1.1 Changelog by @​kellyyangsong in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2864\n* Adjust for RefreshInterval not influencing AutomaticRefreshInterval. by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2870\n\n\n**Full Changelog**: https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.1.0...8.1.1\n\n## 8.1.0\n\n8.1.0\n=====\n### Performance improvements\n- Improves performance during issuer validation by replacing string comparison with span comparison. See PR [#​2826](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2826).\n\n### New features\n- Add optional check to prevent using keys that are shared across multiple clouds. See issue [#​2832](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2832) for details.\n\n### Bug fixes\n- JsonWebTokenHandler would only return unwrapped keys if there was no errors. This change is to align with the behavior in JwtSecurityTokenHandler, that is it returns the keys that were able to be unwrapped, and only throw if no keys were able to be unwrapped. See issue [#​2695](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2695) for details.\n\n### Fundamentals\n- Fix flaky tests. See [#​2793](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2793) for details.\n- Update XUnit versoin and fix test warnings due to new XUnit analyzers. See PR [#​2796](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2796) for details.\n- Onhboard to code coverage in ADO. See PR [#​2798](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2798).\n- Use `IsTargetFrameworkCompatible(*)` so AOT is forward-compatible with .NET 9 and beyond. See PR [#​2790](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2790) for details.\n- Fix a merge conflict impacting dev. See PR [#​2819](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2819).\n- Defining the following attribute in multiple assemblies (.Tokens, .Logging) causes an internal error.\n[DynamicallyAccessedMembers(DynamicallyAccessedMemberTypes.PublicConstructors)]. See PR [#​2820](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2820).\n- Remove perl dependency. See PR [#​2830](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2830).\n\n### Work related to redesign of IdentityModel's token validation logic [#​2711](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2711)\n- [#​2794](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2794)\n- [#​2800](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2800)\n- [#​2810](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2810)\n- [#​2811](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2811)\n- [#​2816](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2816)\n- [#​2822](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2822)\n- [#​2815](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2815)\n- [#​2818](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2818)\n- [#​2813](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2813)\n- [#​2827](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2827)\n\n## What's Changed\n* changelog 8.0.2 by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2792\n* Update version.props to 8.0.2 by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2791\n* Fix Async Issue in Extensibility Tests by @​FuPingFranco in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2795\n* Update xUnit version and fix test warnings by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2796\n* ValidateTokenAsync - New Path: Refactor result types by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2794\n* Onboard to code coverage in ADO by @​keegan-caruso in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2798\n* Exception refinement: Adding additional information by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2800\n* Add initial regression tests for the new validation path by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2810\n* Use IsTargetFrameworkCompatible() by @​martincostello in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2790\n* Regression tests: Added inner exception detail and invalid signature failure due to invalid algorithm used by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2811\n* Return unwrapped keys if able by @​keegan-caruso in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2812\n* New token validation path: Renamed result types by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2816\n* Fix merge conflict by @​msbw2 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2819\n* Removed attribute that causes issues with internal builds. by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2820\n* Add missing exception type to ValidationError -\u003e GetException() by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2822\n* Regression testing: Add JWE use cases by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2815\n ... (truncated)\n\n## 8.0.2\n\n8.0.2\n=====\n\n### Security fundamentals\n- Add `BannedApiAnalyzers` to prevent use of `ClaimsIdentity` constructors. See PR [#​2778](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2778) for details.\n\n### Bug fixes\n- IdentityModel now allows the JWT payload to be an empty string. See issue [#​2656](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2656) for details.\n- Cache `UseRfcDefinitionOfEpkAndKid` switch. See PR [#​2747](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2747) for details.\n- Method was named `DoNotFailOnMissingTid` in 7x and `DontFailOnMissingTid` in 8x, adding the method for back compat. See issue [#​2750](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2750) for details.\n- Metadata is now updated on a background thread. See [#​2780](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2780) for details.\n- `JsonWebKeySet` stores the original string it was created with. See PR [#​2755](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2755) for details.\n- Restore AOT compatibility. See [#​2711](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2711).\n- Fix OpenIdConnect parsing bug. See [#​2772](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2772) for details.\n- Remove the lock on creating a `SignatureProvider`. See [#​2788](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2788) for details.\n\n### Fundamentals\n- Test clean up [#​2742](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2742).\n- Use only FxCop in .NET framework targets [#​2693](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2693).\n- Add rule to add file headers automatically [#​2748](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2748).\n- Code analysis updates [#​2746](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2746).\n- Include README packages in NuGet [#​2752](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2752).\n- Update projects inside WilsonUnix solution [#​2768](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2768).\n- Code style enforced in build [#​2603](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2603).\n- CodeQL update [#​2767](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2767).\n- Update build pipeline to new one release build format [#​2777](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2777).\n- Update GitHub actions to `9.0.100-preview.7.24407.12` and add `\u003cNoWarn\u003e$(NoWarn);SYSLIB0057\u003c/NoWarn\u003e` due to breaking changes in preview7. [#​2786](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2786).\n\n### Work relating to [#​2711](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2711)\n- [#​2725](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2725), [#​2729](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2729), [#​2753](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2753), [#​2758](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2758), [#​2759](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2759), [#​2757](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2758), [#​2759](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2757), [#​2764](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2758), [#​2759](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2764), [#​2771](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2758), [#​2759](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2759), and [#​2779](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2779).\n\n\n## What's Changed\n* Remove old 6x tests used that are not needed anymore by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2742\n* Only use fxcop in netfw by @​keegan-caruso in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2693\n* Allow Jwt payload to be the empty string. by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2745\n* Add rule to add file headers automatically. by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2748\n* Remove Delegate Checks in Multiple Validators and Prevents Null Setting of Delegates by @​FuPingFranco in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2725\n* Fix CodeQL by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2746\n* Cache UseRfcDefinitionOfEpkAndKid switch. by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2747\n* Decrypt token: Remove exceptions + use new ValidationParameters by @​iNinja in https://githu.....\n\n_Description has been truncated_","html_url":"https://github.com/behdad088/EshopMicroservices/pull/146","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/behdad088%2FEshopMicroservices/issues/146","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/146/packages"},{"uuid":"4483460433","node_id":"PR_kwDOPtbroc7dX3xR","number":117,"state":"open","title":"Bump Microsoft.IdentityModel.JsonWebTokens and 2 others","user":"dependabot[bot]","labels":[],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-20T05:33:29.000Z","updated_at":"2026-05-20T05:33:30.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"Microsoft.IdentityModel.JsonWebTokens","repository_url":"https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet"},{"name":"2 others"}],"path":null,"ecosystem":"nuget"},"body":"Updated [Microsoft.IdentityModel.JsonWebTokens](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet) from 8.1.2 to 8.18.0.\n\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\n_Sourced from [Microsoft.IdentityModel.JsonWebTokens's releases](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/releases)._\n\n## 8.18.0\n\n## New Features\n- Introduced a new interface `IConfigurationEventHandlerContextAware\u003cT\u003e` that provides context to the configuration event handler implementation, allowing it to optionally bypass a cache lookup. See [PR #​3444](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3444).\n- Added Microsoft.IdentityModel.Dpop — a new package implementing DPoP (Demonstrating Proof-of-Possession) per RFC 9449. Provides both client-side and server-side proof validation with no System.Net.Http dependency. See [PR #​3443](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3443).\n\n\n## 8.17.0\n\n## Dependencies\n* Downgrade MicrosoftExtensionsLoggingAbstractionsVersion to 8.0.0 on .NET 10. See [PR #​3435](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3435).\n\n\n## 8.16.0\n\n## New Features\n* Add telemetry around signature validation. See [PR #​3415](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3415) for details.\n\n## Fundamentals\n* Fix FileVersion format to use two-digit year and day of year. See [PR #​3389](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3389) for details.\n\n## 8.15.0\n\n## New Features\n- **Add ECDsa support in `X509SecurityKey` and `JsonWebKeyConverter.ConvertFromX509SecurityKey`**  \n  Extended `X509SecurityKey` and `JsonWebKeyConverter.ConvertFromX509SecurityKey` to support ECDSA keys.  \n  See PR [#​2377](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2377) for details.\n\n## Bug Fixes\n- **Sanitize logs to avoid leaking sensitive data**  \n  Updated logging to sanitize sensitive values, reducing the risk of inadvertently exposing secrets or PII in logs.  \n  See PR [#​3316](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3316) for details.\n- **Optimize log sanitization with `SearchValues`**  \n  Improved the performance of the log sanitization logic introduced earlier by using `SearchValues`, making sanitization more efficient in high-throughput scenarios.  \n  See PR [#​3341](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3341) for details.\n- **Update test for `IDX10400`**  \n  Adjusted the `IDX10400` test to align with the current behavior and error messaging.  \n  See PR [#​3314](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3314) for details.\n\n## Fundamentals\n- **Add supported algorithm tests**  \n  Added new tests to validate the set of supported cryptographic algorithms, increasing confidence in algorithm coverage and compatibility.  \n  See PR [#​3296](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3296) for details.\n- **Migrate repository agent rules from `.clinerules` to `agents.md`**  \n  Moved repository agent/AI-assist rules into markdown documentation to make them more visible and easier to maintain.  \n  See PR [#​3313](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3313) for details.\n- **Migrate `Microsoft.IdentityModel.TestExtensions` from Newtonsoft.Json to System.Text.Json**  \n  Updated `Microsoft.IdentityModel.TestExtensions` to use `System.Text.Json` instead of `Newtonsoft.Json`, aligning tests with the runtime serialization stack.  \n  See PR [#​3356](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3356) for details.\n- **Disable code coverage comments**  \n  Turned off automated code coverage comments on PRs to reduce noise while retaining coverage data elsewhere.  \n  See PR [#​3349](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3349) for details.\n- **Fix CodeQL alerts**  \n  Addressed CodeQL-reported issues to improve security posture and static analysis cleanliness.  \n  See PR [#​3364](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3364) for details.\n\n### .NET 10 / SDK and tooling updates\n- **Building with .NET 10 preview / RC 1**  \n  Updated the repository to build and test against .NET 10.0 preview/RC1, ensuring early compatibility with the upcoming runtime.  \n  See PRs [#​3287](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3287), [#​3357](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3357), and [#​3358](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3358) for details.\n- **Fix .NET 10 test execution consistency**  \n  Ensured consistent use of the `TargetNetNext` parameter across build, test, and pack phases so .NET 10.0 tests execute reliably.  \n  See PR [#​3337](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3337) for details.\n- **Update project files and workflows for .NET 10.0 compatibility**  \n  Adjusted project files and CI workflows to correctly target and run on .NET 10.0, including test and pack scenarios.  \n  See PR [#​3363](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3363) for details.\n- **Update .NET version to meet CG compliance**  \n  Updated the .NET version references to be compliant with corporate governance (CG) requirements.  \n  See PR [#​3353](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3353) for details.\n- **Update Coverlet collector and test SDK**  \n  - Bumped `CoverletCollectorVersion` to 6.0.4.  \n    See PR [#​3333](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3333) for details.  \n  - Upgraded `Microsoft.NET.Test.Sdk` to a newer version for improved test reliability and tooling support.  \n ... (truncated)\n\n## 8.14.0\n\n8.14.0\n====\n## Bug Fixes\n- Switch back to use `ValidationResult` instead of `OperationResult` when validating a token in a new experimental validation flow. Additionally removed the dependency on Microsoft.IdentityModel.Abstractions. See [#​3299](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3299) for details.\n\n## 8.13.1\n\n8.13.1\n====\n## Dependencies\nMicrosoft.IdentityModel now depends on Microsoft.Identity.Abstractions 9.3.0\n\n## Bug Fixes\n- Fixed a decompression failure happening for large JWE payloads. See [#​3286](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3286) for details.\n\n### Work related to redesign of IdentityModel's token validation logic [#​2711](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2711)\n- Update the validation methods to return Microsoft.Identity.Abstractions.OperationResult. See [#​3284](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3284) for details.\n\n8.13.0\n\n## 8.13.0\n\n8.13.0\n====\n### Fundamentals\n- `CaseSensitiveClaimsIdentity.SecurityToken` setter is now protected internal (was internal). See PR [#​3278](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3278) for details.\n- Update .NET SDK version to 9.0.108 used when building or running the code. See PR [#​3274](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3274) for details.\n- Update RsaSecurityKey.cs to replace the Pkcs1 padding by Pss from HasPrivateKey check. See [#​3280](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3280) for details.\n\n## What's Changed\n* Make CaseSensitiveClaimsIdentity.SecurityToken setter protected by @​keegan-caruso in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3278\n* Update .NET SDK version in global.json from 9.0.107 to 9.0.108 by @​Copilot in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3274\n* Update RsaSecurityKey.cs to remove Pkcs 1 by @​keegan-caruso in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3280\n* changelog for 8.13 by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3282\n\n## New Contributors\n* @​Copilot made their first contribution in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3274\n\n**Full Changelog**: https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.12.1...8.13.0\n\n## 8.12.1\n\n8.12.1\n====\n### Fundamentals\n- Update .NET SDK version to 9.0.107 used when building or running the code. See [#​3263](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3263) for details.\n- To keep our experimental code separate from production code, all files associated with experimental features have been moved to the Experimental folders. See PR [#​3261](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3261) for details.\n- Experimental code leaked into TokenValidationResult from early prototypes. See PR [#​3259](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3259) for details.\n\n## What's Changed\n* Remove experimental code from TokenValidationResult by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3259\n* Moved files to experimental folder by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3261\n* Update global.json to latest by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3263\n\n\n**Full Changelog**: https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.12.0...8.12.1\n\n## 8.12.0\n\n8.12.0\n====\n\n## New Features\n- **Enhance ConfigurationManager with event handling**  \n  Added event handling capabilities to the `ConfigurationManager`, enabling consumers to subscribe to configuration change events. This enhancement improves extensibility and allows more responsive applications. For details see [#​3253](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3253)  \n\n## Bug Fixes\n- **Add expected Base64UrlEncoder.Decode overload for NET6 and 8**  \n  Introduced the expected overload of `Base64UrlEncoder.Decode` for .NET 6 and 8, ensuring compatibility and preventing missing method issues on these frameworks.  \n  For details see [#​3249](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3249)  \n\n## Fundamentals\n- **Add AI assist rules**  \n  Incorporated AI assist rules to enhance AI agents effectiveness.  \n  For details see [#​3255](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3255)  \n- **Update PublicApiAnalyzers and BannedApiAnalyzers to 4.14.0**  \n  Upgraded analyzer packages for improved diagnostics and code consistency (in particular delegates are added).  \n  For details see [#​3256](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3256)  \n- **Move suppression of RS006 to csproj**  \n  Centralized suppression of RS006 warnings in project files for easier management.  \n  For details see [#​3230](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3230)\n\n## What's Changed\n* Move suppression of RS006 to csproj. by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3230\n* Add expected Base64UrlEncoder.Decode overload for NET6 and 8 by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3250\n* add ai assist rules by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3255\n* Enhance ConfigurationManager with event handling by @​GeoK in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3254\n* Update PublicApiAnalyzers and BannedApiAnalyzers to 4.14.0 by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3256\n* Update CHANGELOG.md for 8.12.0 by @​jmprieur in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3258\n\n\n**Full Changelog**: https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.11.0...8.12.0\n\n## 8.11.0\n\n8.11.0\n=====\n## New Features:\n- Microsoft.IdentityModel now exposes the AadIssuerValidator factory method publicly to enable caching functionality for AadIssuerValidator instances. See issue [#​3245](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3245) for details.\n- Added a new public async API: `JsonWebTokenHandler.DecryptTokenWithConfigurationAsync`, which decrypts a JWE token using keys from either `TokenValidationParameters` or, if not present, from configuration (such as via a ConfigurationManager). This enhancement improves developer experience by enabling asynchronous, cancellation-aware JWE decryption scenarios, aligning with modern .NET async patterns and making integration with external key/configuration sources more robust and observable. See PR [#​3243](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3243) for details.\n\n## What's Changed\n* few updates by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3242\n* Changelog for 8.10.0 by @​sruke in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3241\n* Exposes publicly override of AadIssuerValidator factory taking a delegate by @​jmprieur in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3244\n* update current version to 8.10.0 by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3246\n* Add DecryptTokenWithConfiguration API by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3243\n* changelog for 8.11 by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3248\n\n\n**Full Changelog**: https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.10.0...8.11.0\n\n## 8.10.0\n\n8.10.0\n=====\n## Bug Fixes\n- Corrected casing of the Type attribute in SubjectConfirmationData. See [#​3206](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3206).\n- Removed Microsoft.Bcl.Memory dependency for pre-.NET 9.0 targets. See [#​3220](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/commit/33784b8ec0ff4300efad788535f90b3adc5bdfd1).\n- Aligned Microsoft.Extensions.Logging.Abstractions version to 8.0.0 for .NET 9 to match other targets. See [#​3226](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/commit/793bd34e945eb8ba7528cf87c4a29a29c4704a65).\n\n## Fundamentals\n- Introduced Long-Term Support (LTS) policy. See [#​3228](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/commit/946bec18cdeb26b8133a04e8c056dd5f17588f89) and [#​3232](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/commit/14842aedb3d57c32b9ce784061cd9beccbdd1eb1).\n\n## 8.9.0\n\n8.9.0\n=====\n## Bug Fixes\n- syncAfter has been updated to preserve UTC information, addressing a bug where GetConfigurationAsync does not refresh configuration in ConfigurationManager. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3213.\n- Fixed a null reference issue in KeyInfo. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3203.\n\n## New Features\n- Introduced a new delegate for reading custom token payload values on JsonWebToken. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2981.\n- Added an overload for ReadJsonWebToken to take a ReadOnlyMemory. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3205.\n\n## Fundamentals\n- Utilized IList to avoid enumerator allocation during audience validation. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3204.\n\n## 8.8.0\n\n8.8.0\n=====\n## New Features\n- Adds the ability for the metadata refresh to be done as a blocking call, as per 8.0.1 behavior. This is done through the `Switch.Microsoft.IdentityModel.UpdateConfigAsBlocking` switch. If set, configuration calls will be blocking when metadata is updated, otherwise, if token arrive with a new signing keys, validation errors will be returned to the caller. See PR [#​3193](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3193) for details.\n- Identity.Model updates some log and error messages (IDX10214, IDX10215). If the information is needed for debugging purposes, it can be reverted via the `Switch.Microsoft.IdentityModel.DoNotScrubExceptions` AppContextSwitch. See PR [#​3195](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3195) and https://aka.ms/identitymodel/app-context-switches for details.\n- Change all plain object locks to `System.Thread.Lock` objects for .NET 9 or greater. See PRs [#​3185](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3185) and [#​3189](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3189) for details.\n\n\n## 8.7.0\n\n## Bug Fixes\n- Add back internal methods `IsRecoverableException` and `IsRecoverableExceptionType` whose signatures were changed in the previous version. See [#​3181](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3181).\n\n## New Features\n- Make `Cnf` class public and move it to Microsoft.IdentityModel.Tokens package. See [#​3165](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3165).\n\n## What's Changed\n* Post Release 8.6.1 cleanup  by @​mdchennu in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3160\n* Updates CodeQL.yaml to exclude test files by @​sruke in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3163\n* Adds explanation for CodeQL warnings by @​sruke in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3167\n* Fix typo by @​rstm-sf in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3175\n* Need to change the locks by @​JoshLozensky in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3171\n* Move CNF from SHR to M.IM.Tokens by @​keegan-caruso in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3168\n* Add back IsRecoverableException methods. by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3183\n* Revert \"Need to change the locks\" by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3186\n* 8.7.0 changelog by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3184\n\n## New Contributors\n* @​rstm-sf made their first contribution in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3175\n\n**Full Changelog**: https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.6.1...8.7.0\n\n## 8.6.1\n\n8.6.1\n=====\n## Bug fix\n- Microsoft.IdentityModel now triggers a configuration refresh if token decryption fails. See issue [#​3148](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3148) for details.\n- Fix a bug in `JsonWebTokenHandler` where `JwtTokenDecryptionParameters`'s `Alg` and `Enc` were not set during token decryption, causing `IDX10611` and `IDX10619` errors to show null values in the messages. See issue [#​3003](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3003) for details.\n\n## Fundamentals\n- For development, IdentityModel now has a global.json file to specify the .NET SDK version. See issue [#​2995](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2995) for details.\n\n## What's Changed\n* Update version.props to next version by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3145\n* Update the public API shipped files by @​jmprieur in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3146\n* Add global.json file by @​mdchennu in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3153\n* Trigger metadata refresh for token decryption errors by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3149\n* Populate error messages correctly from JwtTokenUtilities.DecryptJwtToken by @​ksaaf in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3152\n* first changelog update by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3156\n\n## New Contributors\n* @​mdchennu made their first contribution in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3153\n* @​ksaaf made their first contribution in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3152\n\n**Full Changelog**: https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.6.0...8.6.1\n\n## 8.6.0\n\n8.6.0\n=====\n## New Features\n- TokenValidationParameters has a new boolean property `TryAllDecryptionKeys` that let you choose whether to try all decrypt keys when no key matches the token decrypt key IDs. By default it's set to **true** (legacy behavior) but you can set it to false to avoid tyring all keys which is more performant. See [#​3128](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3128)\n- Promote KeyInfo.MatchesKey from internal to protected internal virtual to enable SAML extensibility (for CoreWcf). See [#​3140](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3140)\n\n## Fundamentals\n* Update dependency on Microsoft.Extensions.Logging.Abstractions from 9.0.0 to 8.0.2 to avoid package downgrade in apps on .NET 9 using a netstandard2.0 library referencing logging.abstractions. See [3143](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3143)\n* Add more tests for encrypted tokens. See [#​3139](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3139)\n\n## What's Changed\n* Update CHANGELOG.md by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3133\n* Update version.props to next version by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3137\n* Add TryAllDecryptionKeys flag to whether decrypt if no key IDs match by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3128\n* Change KeyInfo.MatchesKey from internal to protected internal virtual. by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3140\n* Fix #​3112 by @​jmprieur in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3143\n* Add more auto-decryption related tests by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3139\n* Update changelog.md for 8.6.0 by @​jmprieur in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3144\n\n\n**Full Changelog**: https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.5.0...8.6.0\n\n## 8.5.0\n\n8.5.0\n=====\n## Reverting previous breaking change\n- The Configuration Manager has been reverted to version 8.3.1. The changes made in 8.4.0 assume the configuration manager is used as a singleton, which is similar to marking the type as disposable. We have since learned that [adding IDisposable is a breaking change](https://learn.microsoft.com/en-us/dotnet/fundamentals/runtime-libraries/system-idisposable), so we are following [semver guidance](https://semver.org/#what-do-i-do-if-i-accidentally-release-a-backward-incompatible-change-as-a-minor-version) and reverting and releasing a minor version (8.5.0).\n- Cherry-picked Changes: Included changes from PR [#​3022](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3022) and [#​3104](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3104).\n\n## What's Changed\n* Update version.props by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3126\n* fix formatting error by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3134\n* Revert configuration manager to 8.3.1 by @​keegan-caruso in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3132\n\n\n**Full Changelog**: https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.4.0...8.5.0\n\n## 8.4.0\n\n8.4.0\n=====\n## New Features\n- App context switch allows blocking or non-blocking calls for configuration. See PR [#​3106](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3106) for details and issue [#​3082](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3082) for details. If you are not using the ConfigurationManager as a singleton and not using the blocking option, you may need to call ShutdownBackgroundTask() to stop the background task to avoid leaking Tasks.\n- IdentityModel now enables symmetric and asymmetric keys to be created publicly with JWK. See [#​3094](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3094) for details.\n- IdentityModel now allows specifying the HTTP protocol version and version policy. See [#​2808](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2808) for details.\n\n## Repair items\n- Add request count and duration telemetry for configuration requests. See [#​3022](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3022) for details.\n- `KeyID` should be present in exception messages and is no longer PII. See [#​3104](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3104) for details.\n\n## Fundamentals\n- Fix spelling issues in xml comments. See [#​3117](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3117) for details.\n- Fix comment coverage in PR builds. See [#​3079](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3079) for details.\n\n### Work related to redesign of IdentityModel's token validation logic [#​2711](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2711)\n- See [#​3056](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3056). [#​3100](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3100), [#​3017](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3107), and [#​3111](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3111).\n- Add internal virtual on TokenHandler. See [#​3084](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3084) for details.\n\n* @​prochnowc made their first contribution in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2809\n\n## 8.3.1\n\n8.3.1\n=====\n## Bug Fixes\n* Respect TVP.RequireAudience when set to false. See [#​3055](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3055)\n* For net4.6.2 select RSACng for PSS support. See [#​3097](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3097)\n* Fix package downgrade in consuming libraries. See[#​3062](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3062)\n* Fix integer overflow in `AuthenticationEncryptionProvider.cs`. See [#​3063](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3063)\n\n## Fundamentals\n* Removed unused property on JsonWebToken ClaimsIdentity. See [#​3071](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3071) for details.\n* Upgrade to C# 13. See [#​2998](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2998)\n* Use new Base64Url API. See [#​22817](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2817)\n* Add warning quality check. See [#​3067](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3067)\n* Update dotnet actions. see [#​3074](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3074)\n* Fix warnings. See [#​3081](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3081)\n* Test updates in JsonWebToken. See [#​3080](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3080).\n\n### Work related to redesign of IdentityModel's token validation logic [#​2711](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2711)\n- [#​3027](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3027), [#​3028](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3028), [#​3051](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3051), [#​3054](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3054)\n\n## What's Changed\n* Update CHANGELOG.md by @​jmprieur in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3053\n* Extensibility tests: Audience - JWT, SAML and SAML2 by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3027\n* Extensibility tests: Lifetime - JWT, SAML and SAML2 by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3028\n* Implement lazy ClaimsIdentity creation from ValidatedToken on SAML and SAML2 on the new validation model by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3051\n* Add logging to the new validation model by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3054\n* update version by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3057\n* lower version to avoid downgrades. by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3058\n* Respect TVP.RequireAudience when set to false by @​kllysng in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3055\n* Fix package downgrade in consuming libraries by @​jmprieur in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3062\n* Add slnf for running perf and stress tests by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3066\n* Add Warning Quality Check Build Task 🔨 by @​kllysng in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3067\n* Update template-Build-run-tests-sign.yml by @​ciaozhang in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3069\n* Removed unused property on JsonWebToken by @​keegan-caruso in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3072\n* Update setup dotnet actions by @​keegan-caruso in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3074\n* fixed #​2983 and re-add code coverage comments to PRs by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3076\n* Remove duplicate keyid into var keysAttempted by @​bdapoigny in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2899\n* Upgrade to C# 13 by @​westin-m in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2998\n* Use new Base64Url API by @​msbw2 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2817\n* Update common.props by @​ciaozhang in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3078\n* fix warnings by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3081\n* Fixed integer overflow in AuthenticatedEncryptionProvider.cs by @​gparametr in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3063\n* Test updates by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3080\n* For net4.6.2 select RSACng for PSS support. by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3085\n* changelog for 8.3.1 by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3098\n\n## New Contributors\n* @​bdapoigny made their first contribution in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2899\n* @​gparametr made their first contribution in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3063\n\n ... (truncated)\n\n## 8.3.0\n\n## New features\n\n### Work related to redesign of IdentityModel's token validation logic [#​2711](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2711)\n* SAML and SAML2 new model validation: Token Replay. See [#​2994](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2994)\n* Extensibility tests: Token Type - JWT ([#​3030](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3030)), Issuer - SAML and SAML2 ([#​3026](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3026)), Algorithm and Signature - JWT, SAML and SAML2 ([#​3034](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3034)), Token Replay - JWT, SAML and SAML2 ([#​3032](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3032)),  Issuer signing key - JWT, SAML and SAML2 ([#​3029](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/302))\n* Avoid code duplication in extensibility testing. See [#​3041](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3041)\n* Extensibility Testing: Refactor. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3011\n* Remove duplicate code in extensibility tests. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3044\n\n## Bug fixes\n* Fix bug with AadIssuerValidator. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3042\n* Fixed SignedHttpRequest flaky test. See [#​3037](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3037)\n \n## Fundamentals\n* Install all .NET versions in pipeline to fix run tests task. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3018\n* Changelog for 8.2.1. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3009\n* Remove unnecessary AoT test project. See in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3045\n* Fix powershell script for nuget update. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3046\n* Update to next version. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3010\n* Disable Coverage PR comments. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3048\n* Updates GitHub Action to support long paths, See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3049\n* Stack parameters to improve reading of code. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3031\n\n## New Contributors\n* @​ssmelov made their first contribution in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3042\n\n**Full Changelog**: https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.2.1...8.3.0\n\n## 8.2.1\n\n8.2.1\n=====\n### New features\n- Update to use .NET 9 GA. See [2990](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2990).\n\n### Bug fixes\n- Remove dependency on Microsoft.Bcl.TimeProvider for .NET 8+ targets. See [2935](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2935).\n- Update cgmanifest to align with the JSON schema. See [2969](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2969).\n\n### Fundamentals\n- Streamline token creation in `SecurityTokenDescriptor`. See [2993](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2993).\n- Prevent inlining to guarantee stack frames in test. See [2999](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2999).\n\n### Work related to redesign of IdentityModel's token validation logic [#​2711](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2711)\n- Simplify stack frame caching. See [2976](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2976).\n- Implement reading SAML and SAML2 tokens. See [2980](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2980).\n- Implement validating SAML signature. See [2950](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2950).\n- Add tests for `IssuerExtensibility`. See [2987](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2987).\n- Add validation for SAML and SAML2 issuer signing key. See [2965](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2965).\n- Add validation for SAML and SAML2 algorithm. See [2984](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2984).\n\n## What's Changed\n* Microsoft.Rest.ClientRuntime has been deprecated, which results in so… by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2970\n* Update to next version after 8.2.0 release by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2975\n* Consolidating test statics by @​trwalke in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2956\n* New token validation model: Simplify stack frame caching by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2976\n* Remove dependency on Microsoft.Bcl.TimeProvider for .NET 8+ targets by @​filipnavara in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2935\n* Update cgmanifest to align with the JSON schema by @​jeffhandley in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2969\n* SAML and SAML2 new model validation: Read Token by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2980\n* SAML2 new model validation: Signature by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2961\n* JsonWebTokenHandler IssuerExtensibility by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2987\n* SAML and SAML2 new model validation: Issuer Signing Key by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2965\n* Ignore AotCompatibilityTests on ADO by @​jmprieur in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2992\n* SAML and SAML2 new model validation: Algorithm by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2984\n* Use SecurityTokenDescriptor when creating tokens by @​msbw2 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2991\n* Prevent inlining to guarantee stack frames in test by @​westin-m in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3002\n* Update to .NET 9 GA. Update some test dependencies. by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2990\n* Add Abstractions.Tests to strong name bypass file. by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3004\n\n## New Contributors\n* @​jeffhandley made their first contribution in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2969\n\n**Full Changelog**: https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.2.0...8.2.1\n\n## 8.2.0\n\n8.2.0\n=====\n### Fundamentals\n- Update System.Text.Json to 8.0.5 CVE-2024-43485. See [2892](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2892).\n- Using FixedTimeEquals in NETCore targets. See [2857](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2857).\n- Updated .NET 9 to RC 2 [2898](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2898).\n- Adds ability to create token without kid [2968](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2968)\n- Enables code coverage in PRs [2946](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2946)\n- Various test improvements:\n- [#​2953](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2953)\n- [#​2955](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2955)\n- [#​2951](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2951)\n- [#​2952](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2952)\n- [#​2947](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2947)\n\n### Work related to redesign of IdentityModel's token validation logic [#​2711](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2711)\n- Validates Audience for SAML2TokenHandler with New Model [2863](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2863)\n- Improvements to AudienceValidation [2902](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2902)\n- Added properties to ValidationResult [2923](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2923)\n- Implements Audience and Lifetime validations in SamlSecurityTokenHandler [2925](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2925)\n- Implements Issuer validation in SamlSecurityTokenHandler [2948](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2948)\n\n## What's Changed\n* update to next version by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2890\n* Use FixedTimeEquals in NETCore targets  by @​westin-m in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2857\n* Update System.Text.Json to 8.0.5 CVE-2024-43485 by @​msbw2 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2892\n* Update .NET 9 to RC 2 by @​msbw2 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2898\n* Validate Audience for SAML2TokenHandler with New Model by @​FuPingFranco in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2863\n* Regression tests: Issuer by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2868\n* Mark Wilson APIs as Shipped by @​westin-m in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2903\n* Add Tests for Lifetime Validation Using New Validation Model For SAML2 by @​FuPingFranco in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2906\n* Suggested changes to AudienceValidation by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2902\n* Extensibility tests: Audience by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2861\n* Added properties to ValidationResult without throwing by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2923\n* Extensibility tests: Lifetime by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2867\n* Regression tests: Issuer signing key by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2927\n* Do not serialize CaseSensitiveClaimsIdentity.SecurityToken. by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2896\n* Fix typo by @​westin-m in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2894\n* Implement and Test Audience and Lifetime validations in SamlSecurityTokenHandler with New Validation Model by @​FuPingFranco in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2925\n* Fix Flaky Tests: NameAndRoleClaimDelegates and RoleClaims by @​kellyyangsong in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2873\n* Regression tests: Signature by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2930\n* Validate Issuer Using New Validation Model in Saml2SecurityTokenHandler by @​FuPingFranco in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2929\n* Fix builds on macOS / Linux using the build.sh script by @​filipnavara in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2937\n* Regression tests: Algorithm by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2934\n* Regression tests: Token Type by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2932\n* Regression tests: Token Replay by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2931\n* Fix DevEx and IDDP builds such that when building internally, use an internal Nuget feed instead of nuget.org by @​kellyyangsong in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2936\n* Restore PopKeyResolvingTests.GetPopKeysFromJkuAsync by @​kellyyangsong in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2947\n* Restore skipped test: ReferenceCountingTest_MultiThreaded by @​kellyyangsong in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2952\n* Restore EnsureAotCompatibility test by @​kellyyangsong in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2951\n ... (truncated)\n\nCommits viewable in [compare view](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.1.2...8.18.0).\n\u003c/details\u003e\n\nUpdated [Microsoft.IdentityModel.Tokens](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet) from 8.1.2 to 8.18.0.\n\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\n_Sourced from [Microsoft.IdentityModel.Tokens's releases](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/releases)._\n\n## 8.18.0\n\n## New Features\n- Introduced a new interface `IConfigurationEventHandlerContextAware\u003cT\u003e` that provides context to the configuration event handler implementation, allowing it to optionally bypass a cache lookup. See [PR #​3444](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3444).\n- Added Microsoft.IdentityModel.Dpop — a new package implementing DPoP (Demonstrating Proof-of-Possession) per RFC 9449. Provides both client-side and server-side proof validation with no System.Net.Http dependency. See [PR #​3443](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3443).\n\n\n## 8.17.0\n\n## Dependencies\n* Downgrade MicrosoftExtensionsLoggingAbstractionsVersion to 8.0.0 on .NET 10. See [PR #​3435](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3435).\n\n\n## 8.16.0\n\n## New Features\n* Add telemetry around signature validation. See [PR #​3415](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3415) for details.\n\n## Fundamentals\n* Fix FileVersion format to use two-digit year and day of year. See [PR #​3389](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3389) for details.\n\n## 8.15.0\n\n## New Features\n- **Add ECDsa support in `X509SecurityKey` and `JsonWebKeyConverter.ConvertFromX509SecurityKey`**  \n  Extended `X509SecurityKey` and `JsonWebKeyConverter.ConvertFromX509SecurityKey` to support ECDSA keys.  \n  See PR [#​2377](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2377) for details.\n\n## Bug Fixes\n- **Sanitize logs to avoid leaking sensitive data**  \n  Updated logging to sanitize sensitive values, reducing the risk of inadvertently exposing secrets or PII in logs.  \n  See PR [#​3316](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3316) for details.\n- **Optimize log sanitization with `SearchValues`**  \n  Improved the performance of the log sanitization logic introduced earlier by using `SearchValues`, making sanitization more efficient in high-throughput scenarios.  \n  See PR [#​3341](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3341) for details.\n- **Update test for `IDX10400`**  \n  Adjusted the `IDX10400` test to align with the current behavior and error messaging.  \n  See PR [#​3314](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3314) for details.\n\n## Fundamentals\n- **Add supported algorithm tests**  \n  Added new tests to validate the set of supported cryptographic algorithms, increasing confidence in algorithm coverage and compatibility.  \n  See PR [#​3296](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3296) for details.\n- **Migrate repository agent rules from `.clinerules` to `agents.md`**  \n  Moved repository agent/AI-assist rules into markdown documentation to make them more visible and easier to maintain.  \n  See PR [#​3313](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3313) for details.\n- **Migrate `Microsoft.IdentityModel.TestExtensions` from Newtonsoft.Json to System.Text.Json**  \n  Updated `Microsoft.IdentityModel.TestExtensions` to use `System.Text.Json` instead of `Newtonsoft.Json`, aligning tests with the runtime serialization stack.  \n  See PR [#​3356](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3356) for details.\n- **Disable code coverage comments**  \n  Turned off automated code coverage comments on PRs to reduce noise while retaining coverage data elsewhere.  \n  See PR [#​3349](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3349) for details.\n- **Fix CodeQL alerts**  \n  Addressed CodeQL-reported issues to improve security posture and static analysis cleanliness.  \n  See PR [#​3364](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3364) for details.\n\n### .NET 10 / SDK and tooling updates\n- **Building with .NET 10 preview / RC 1**  \n  Updated the repository to build and test against .NET 10.0 preview/RC1, ensuring early compatibility with the upcoming runtime.  \n  See PRs [#​3287](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3287), [#​3357](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3357), and [#​3358](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3358) for details.\n- **Fix .NET 10 test execution consistency**  \n  Ensured consistent use of the `TargetNetNext` parameter across build, test, and pack phases so .NET 10.0 tests execute reliably.  \n  See PR [#​3337](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3337) for details.\n- **Update project files and workflows for .NET 10.0 compatibility**  \n  Adjusted project files and CI workflows to correctly target and run on .NET 10.0, including test and pack scenarios.  \n  See PR [#​3363](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3363) for details.\n- **Update .NET version to meet CG compliance**  \n  Updated the .NET version references to be compliant with corporate governance (CG) requirements.  \n  See PR [#​3353](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3353) for details.\n- **Update Coverlet collector and test SDK**  \n  - Bumped `CoverletCollectorVersion` to 6.0.4.  \n    See PR [#​3333](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3333) for details.  \n  - Upgraded `Microsoft.NET.Test.Sdk` to a newer version for improved test reliability and tooling support.  \n ... (truncated)\n\n## 8.14.0\n\n8.14.0\n====\n## Bug Fixes\n- Switch back to use `ValidationResult` instead of `OperationResult` when validating a token in a new experimental validation flow. Additionally removed the dependency on Microsoft.IdentityModel.Abstractions. See [#​3299](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3299) for details.\n\n## 8.13.1\n\n8.13.1\n====\n## Dependencies\nMicrosoft.IdentityModel now depends on Microsoft.Identity.Abstractions 9.3.0\n\n## Bug Fixes\n- Fixed a decompression failure happening for large JWE payloads. See [#​3286](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3286) for details.\n\n### Work related to redesign of IdentityModel's token validation logic [#​2711](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2711)\n- Update the validation methods to return Microsoft.Identity.Abstractions.OperationResult. See [#​3284](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3284) for details.\n\n8.13.0\n\n## 8.13.0\n\n8.13.0\n====\n### Fundamentals\n- `CaseSensitiveClaimsIdentity.SecurityToken` setter is now protected internal (was internal). See PR [#​3278](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3278) for details.\n- Update .NET SDK version to 9.0.108 used when building or running the code. See PR [#​3274](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3274) for details.\n- Update RsaSecurityKey.cs to replace the Pkcs1 padding by Pss from HasPrivateKey check. See [#​3280](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3280) for details.\n\n## What's Changed\n* Make CaseSensitiveClaimsIdentity.SecurityToken setter protected by @​keegan-caruso in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3278\n* Update .NET SDK version in global.json from 9.0.107 to 9.0.108 by @​Copilot in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3274\n* Update RsaSecurityKey.cs to remove Pkcs 1 by @​keegan-caruso in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3280\n* changelog for 8.13 by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3282\n\n## New Contributors\n* @​Copilot made their first contribution in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3274\n\n**Full Changelog**: https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.12.1...8.13.0\n\n## 8.12.1\n\n8.12.1\n====\n### Fundamentals\n- Update .NET SDK version to 9.0.107 used when building or running the code. See [#​3263](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3263) for details.\n- To keep our experimental code separate from production code, all files associated with experimental features have been moved to the Experimental folders. See PR [#​3261](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3261) for details.\n- Experimental code leaked into TokenValidationResult from early prototypes. See PR [#​3259](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3259) for details.\n\n## What's Changed\n* Remove experimental code from TokenValidationResult by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3259\n* Moved files to experimental folder by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3261\n* Update global.json to latest by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3263\n\n\n**Full Changelog**: https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.12.0...8.12.1\n\n## 8.12.0\n\n8.12.0\n====\n\n## New Features\n- **Enhance ConfigurationManager with event handling**  \n  Added event handling capabilities to the `ConfigurationManager`, enabling consumers to subscribe to configuration change events. This enhancement improves extensibility and allows more responsive applications. For details see [#​3253](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3253)  \n\n## Bug Fixes\n- **Add expected Base64UrlEncoder.Decode overload for NET6 and 8**  \n  Introduced the expected overload of `Base64UrlEncoder.Decode` for .NET 6 and 8, ensuring compatibility and preventing missing method issues on these frameworks.  \n  For details see [#​3249](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3249)  \n\n## Fundamentals\n- **Add AI assist rules**  \n  Incorporated AI assist rules to enhance AI agents effectiveness.  \n  For details see [#​3255](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3255)  \n- **Update PublicApiAnalyzers and BannedApiAnalyzers to 4.14.0**  \n  Upgraded analyzer packages for improved diagnostics and code consistency (in particular delegates are added).  \n  For details see [#​3256](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3256)  \n- **Move suppression of RS006 to csproj**  \n  Centralized suppression of RS006 warnings in project files for easier management.  \n  For details see [#​3230](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3230)\n\n## What's Changed\n* Move suppression of RS006 to csproj. by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3230\n* Add expected Base64UrlEncoder.Decode overload for NET6 and 8 by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3250\n* add ai assist rules by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3255\n* Enhance ConfigurationManager with event handling by @​GeoK in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3254\n* Update PublicApiAnalyzers and BannedApiAnalyzers to 4.14.0 by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3256\n* Update CHANGELOG.md for 8.12.0 by @​jmprieur in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3258\n\n\n**Full Changelog**: https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.11.0...8.12.0\n\n## 8.11.0\n\n8.11.0\n=====\n## New Features:\n- Microsoft.IdentityModel now exposes the AadIssuerValidator factory method publicly to enable caching functionality for AadIssuerValidator instances. See issue [#​3245](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3245) for details.\n- Added a new public async API: `JsonWebTokenHandler.DecryptTokenWithConfigurationAsync`, which decrypts a JWE token using keys from either `TokenValidationParameters` or, if not present, from configuration (such as via a ConfigurationManager). This enhancement improves developer experience by enabling asynchronous, cancellation-aware JWE decryption scenarios, aligning with modern .NET async patterns and making integration with external key/configuration sources more robust and observable. See PR [#​3243](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3243) for details.\n\n## What's Changed\n* few updates by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3242\n* Changelog for 8.10.0 by @​sruke in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3241\n* Exposes publicly override of AadIssuerValidator factory taking a delegate by @​jmprieur in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3244\n* update current version to 8.10.0 by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3246\n* Add DecryptTokenWithConfiguration API by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3243\n* changelog for 8.11 by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3248\n\n\n**Full Changelog**: https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.10.0...8.11.0\n\n## 8.10.0\n\n8.10.0\n=====\n## Bug Fixes\n- Corrected casing of the Type attribute in SubjectConfirm....\n\n_Description has been truncated_","html_url":"https://github.com/AzureCosmosDB/MCPToolKit/pull/117","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/AzureCosmosDB%2FMCPToolKit/issues/117","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/117/packages"},{"uuid":"4483448919","node_id":"PR_kwDOPtbroc7dX1bc","number":112,"state":"closed","title":"Bump Microsoft.IdentityModel.JsonWebTokens and Microsoft.IdentityModel.Tokens","user":"dependabot[bot]","labels":[],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":"2026-05-20T05:32:13.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-20T05:31:11.000Z","updated_at":"2026-05-20T05:32:15.000Z","time_to_close":62,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"Microsoft.IdentityModel.JsonWebTokens","repository_url":"https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet"},{"name":"Microsoft.IdentityModel.Tokens","repository_url":"https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet"}],"path":null,"ecosystem":"nuget"},"body":"Updated [Microsoft.IdentityModel.JsonWebTokens](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet) from 8.1.2 to 8.18.0.\n\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\n_Sourced from [Microsoft.IdentityModel.JsonWebTokens's releases](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/releases)._\n\n## 8.18.0\n\n## New Features\n- Introduced a new interface `IConfigurationEventHandlerContextAware\u003cT\u003e` that provides context to the configuration event handler implementation, allowing it to optionally bypass a cache lookup. See [PR #​3444](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3444).\n- Added Microsoft.IdentityModel.Dpop — a new package implementing DPoP (Demonstrating Proof-of-Possession) per RFC 9449. Provides both client-side and server-side proof validation with no System.Net.Http dependency. See [PR #​3443](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3443).\n\n\n## 8.17.0\n\n## Dependencies\n* Downgrade MicrosoftExtensionsLoggingAbstractionsVersion to 8.0.0 on .NET 10. See [PR #​3435](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3435).\n\n\n## 8.16.0\n\n## New Features\n* Add telemetry around signature validation. See [PR #​3415](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3415) for details.\n\n## Fundamentals\n* Fix FileVersion format to use two-digit year and day of year. See [PR #​3389](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3389) for details.\n\n## 8.15.0\n\n## New Features\n- **Add ECDsa support in `X509SecurityKey` and `JsonWebKeyConverter.ConvertFromX509SecurityKey`**  \n  Extended `X509SecurityKey` and `JsonWebKeyConverter.ConvertFromX509SecurityKey` to support ECDSA keys.  \n  See PR [#​2377](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2377) for details.\n\n## Bug Fixes\n- **Sanitize logs to avoid leaking sensitive data**  \n  Updated logging to sanitize sensitive values, reducing the risk of inadvertently exposing secrets or PII in logs.  \n  See PR [#​3316](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3316) for details.\n- **Optimize log sanitization with `SearchValues`**  \n  Improved the performance of the log sanitization logic introduced earlier by using `SearchValues`, making sanitization more efficient in high-throughput scenarios.  \n  See PR [#​3341](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3341) for details.\n- **Update test for `IDX10400`**  \n  Adjusted the `IDX10400` test to align with the current behavior and error messaging.  \n  See PR [#​3314](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3314) for details.\n\n## Fundamentals\n- **Add supported algorithm tests**  \n  Added new tests to validate the set of supported cryptographic algorithms, increasing confidence in algorithm coverage and compatibility.  \n  See PR [#​3296](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3296) for details.\n- **Migrate repository agent rules from `.clinerules` to `agents.md`**  \n  Moved repository agent/AI-assist rules into markdown documentation to make them more visible and easier to maintain.  \n  See PR [#​3313](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3313) for details.\n- **Migrate `Microsoft.IdentityModel.TestExtensions` from Newtonsoft.Json to System.Text.Json**  \n  Updated `Microsoft.IdentityModel.TestExtensions` to use `System.Text.Json` instead of `Newtonsoft.Json`, aligning tests with the runtime serialization stack.  \n  See PR [#​3356](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3356) for details.\n- **Disable code coverage comments**  \n  Turned off automated code coverage comments on PRs to reduce noise while retaining coverage data elsewhere.  \n  See PR [#​3349](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3349) for details.\n- **Fix CodeQL alerts**  \n  Addressed CodeQL-reported issues to improve security posture and static analysis cleanliness.  \n  See PR [#​3364](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3364) for details.\n\n### .NET 10 / SDK and tooling updates\n- **Building with .NET 10 preview / RC 1**  \n  Updated the repository to build and test against .NET 10.0 preview/RC1, ensuring early compatibility with the upcoming runtime.  \n  See PRs [#​3287](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3287), [#​3357](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3357), and [#​3358](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3358) for details.\n- **Fix .NET 10 test execution consistency**  \n  Ensured consistent use of the `TargetNetNext` parameter across build, test, and pack phases so .NET 10.0 tests execute reliably.  \n  See PR [#​3337](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3337) for details.\n- **Update project files and workflows for .NET 10.0 compatibility**  \n  Adjusted project files and CI workflows to correctly target and run on .NET 10.0, including test and pack scenarios.  \n  See PR [#​3363](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3363) for details.\n- **Update .NET version to meet CG compliance**  \n  Updated the .NET version references to be compliant with corporate governance (CG) requirements.  \n  See PR [#​3353](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3353) for details.\n- **Update Coverlet collector and test SDK**  \n  - Bumped `CoverletCollectorVersion` to 6.0.4.  \n    See PR [#​3333](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3333) for details.  \n  - Upgraded `Microsoft.NET.Test.Sdk` to a newer version for improved test reliability and tooling support.  \n ... (truncated)\n\n## 8.14.0\n\n8.14.0\n====\n## Bug Fixes\n- Switch back to use `ValidationResult` instead of `OperationResult` when validating a token in a new experimental validation flow. Additionally removed the dependency on Microsoft.IdentityModel.Abstractions. See [#​3299](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3299) for details.\n\n## 8.13.1\n\n8.13.1\n====\n## Dependencies\nMicrosoft.IdentityModel now depends on Microsoft.Identity.Abstractions 9.3.0\n\n## Bug Fixes\n- Fixed a decompression failure happening for large JWE payloads. See [#​3286](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3286) for details.\n\n### Work related to redesign of IdentityModel's token validation logic [#​2711](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2711)\n- Update the validation methods to return Microsoft.Identity.Abstractions.OperationResult. See [#​3284](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3284) for details.\n\n8.13.0\n\n## 8.13.0\n\n8.13.0\n====\n### Fundamentals\n- `CaseSensitiveClaimsIdentity.SecurityToken` setter is now protected internal (was internal). See PR [#​3278](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3278) for details.\n- Update .NET SDK version to 9.0.108 used when building or running the code. See PR [#​3274](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3274) for details.\n- Update RsaSecurityKey.cs to replace the Pkcs1 padding by Pss from HasPrivateKey check. See [#​3280](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3280) for details.\n\n## What's Changed\n* Make CaseSensitiveClaimsIdentity.SecurityToken setter protected by @​keegan-caruso in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3278\n* Update .NET SDK version in global.json from 9.0.107 to 9.0.108 by @​Copilot in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3274\n* Update RsaSecurityKey.cs to remove Pkcs 1 by @​keegan-caruso in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3280\n* changelog for 8.13 by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3282\n\n## New Contributors\n* @​Copilot made their first contribution in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3274\n\n**Full Changelog**: https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.12.1...8.13.0\n\n## 8.12.1\n\n8.12.1\n====\n### Fundamentals\n- Update .NET SDK version to 9.0.107 used when building or running the code. See [#​3263](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3263) for details.\n- To keep our experimental code separate from production code, all files associated with experimental features have been moved to the Experimental folders. See PR [#​3261](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3261) for details.\n- Experimental code leaked into TokenValidationResult from early prototypes. See PR [#​3259](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3259) for details.\n\n## What's Changed\n* Remove experimental code from TokenValidationResult by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3259\n* Moved files to experimental folder by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3261\n* Update global.json to latest by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3263\n\n\n**Full Changelog**: https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.12.0...8.12.1\n\n## 8.12.0\n\n8.12.0\n====\n\n## New Features\n- **Enhance ConfigurationManager with event handling**  \n  Added event handling capabilities to the `ConfigurationManager`, enabling consumers to subscribe to configuration change events. This enhancement improves extensibility and allows more responsive applications. For details see [#​3253](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3253)  \n\n## Bug Fixes\n- **Add expected Base64UrlEncoder.Decode overload for NET6 and 8**  \n  Introduced the expected overload of `Base64UrlEncoder.Decode` for .NET 6 and 8, ensuring compatibility and preventing missing method issues on these frameworks.  \n  For details see [#​3249](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3249)  \n\n## Fundamentals\n- **Add AI assist rules**  \n  Incorporated AI assist rules to enhance AI agents effectiveness.  \n  For details see [#​3255](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3255)  \n- **Update PublicApiAnalyzers and BannedApiAnalyzers to 4.14.0**  \n  Upgraded analyzer packages for improved diagnostics and code consistency (in particular delegates are added).  \n  For details see [#​3256](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3256)  \n- **Move suppression of RS006 to csproj**  \n  Centralized suppression of RS006 warnings in project files for easier management.  \n  For details see [#​3230](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3230)\n\n## What's Changed\n* Move suppression of RS006 to csproj. by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3230\n* Add expected Base64UrlEncoder.Decode overload for NET6 and 8 by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3250\n* add ai assist rules by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3255\n* Enhance ConfigurationManager with event handling by @​GeoK in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3254\n* Update PublicApiAnalyzers and BannedApiAnalyzers to 4.14.0 by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3256\n* Update CHANGELOG.md for 8.12.0 by @​jmprieur in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3258\n\n\n**Full Changelog**: https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.11.0...8.12.0\n\n## 8.11.0\n\n8.11.0\n=====\n## New Features:\n- Microsoft.IdentityModel now exposes the AadIssuerValidator factory method publicly to enable caching functionality for AadIssuerValidator instances. See issue [#​3245](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3245) for details.\n- Added a new public async API: `JsonWebTokenHandler.DecryptTokenWithConfigurationAsync`, which decrypts a JWE token using keys from either `TokenValidationParameters` or, if not present, from configuration (such as via a ConfigurationManager). This enhancement improves developer experience by enabling asynchronous, cancellation-aware JWE decryption scenarios, aligning with modern .NET async patterns and making integration with external key/configuration sources more robust and observable. See PR [#​3243](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3243) for details.\n\n## What's Changed\n* few updates by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3242\n* Changelog for 8.10.0 by @​sruke in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3241\n* Exposes publicly override of AadIssuerValidator factory taking a delegate by @​jmprieur in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3244\n* update current version to 8.10.0 by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3246\n* Add DecryptTokenWithConfiguration API by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3243\n* changelog for 8.11 by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3248\n\n\n**Full Changelog**: https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.10.0...8.11.0\n\n## 8.10.0\n\n8.10.0\n=====\n## Bug Fixes\n- Corrected casing of the Type attribute in SubjectConfirmationData. See [#​3206](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3206).\n- Removed Microsoft.Bcl.Memory dependency for pre-.NET 9.0 targets. See [#​3220](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/commit/33784b8ec0ff4300efad788535f90b3adc5bdfd1).\n- Aligned Microsoft.Extensions.Logging.Abstractions version to 8.0.0 for .NET 9 to match other targets. See [#​3226](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/commit/793bd34e945eb8ba7528cf87c4a29a29c4704a65).\n\n## Fundamentals\n- Introduced Long-Term Support (LTS) policy. See [#​3228](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/commit/946bec18cdeb26b8133a04e8c056dd5f17588f89) and [#​3232](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/commit/14842aedb3d57c32b9ce784061cd9beccbdd1eb1).\n\n## 8.9.0\n\n8.9.0\n=====\n## Bug Fixes\n- syncAfter has been updated to preserve UTC information, addressing a bug where GetConfigurationAsync does not refresh configuration in ConfigurationManager. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3213.\n- Fixed a null reference issue in KeyInfo. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3203.\n\n## New Features\n- Introduced a new delegate for reading custom token payload values on JsonWebToken. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2981.\n- Added an overload for ReadJsonWebToken to take a ReadOnlyMemory. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3205.\n\n## Fundamentals\n- Utilized IList to avoid enumerator allocation during audience validation. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3204.\n\n## 8.8.0\n\n8.8.0\n=====\n## New Features\n- Adds the ability for the metadata refresh to be done as a blocking call, as per 8.0.1 behavior. This is done through the `Switch.Microsoft.IdentityModel.UpdateConfigAsBlocking` switch. If set, configuration calls will be blocking when metadata is updated, otherwise, if token arrive with a new signing keys, validation errors will be returned to the caller. See PR [#​3193](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3193) for details.\n- Identity.Model updates some log and error messages (IDX10214, IDX10215). If the information is needed for debugging purposes, it can be reverted via the `Switch.Microsoft.IdentityModel.DoNotScrubExceptions` AppContextSwitch. See PR [#​3195](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3195) and https://aka.ms/identitymodel/app-context-switches for details.\n- Change all plain object locks to `System.Thread.Lock` objects for .NET 9 or greater. See PRs [#​3185](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3185) and [#​3189](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3189) for details.\n\n\n## 8.7.0\n\n## Bug Fixes\n- Add back internal methods `IsRecoverableException` and `IsRecoverableExceptionType` whose signatures were changed in the previous version. See [#​3181](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3181).\n\n## New Features\n- Make `Cnf` class public and move it to Microsoft.IdentityModel.Tokens package. See [#​3165](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3165).\n\n## What's Changed\n* Post Release 8.6.1 cleanup  by @​mdchennu in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3160\n* Updates CodeQL.yaml to exclude test files by @​sruke in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3163\n* Adds explanation for CodeQL warnings by @​sruke in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3167\n* Fix typo by @​rstm-sf in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3175\n* Need to change the locks by @​JoshLozensky in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3171\n* Move CNF from SHR to M.IM.Tokens by @​keegan-caruso in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3168\n* Add back IsRecoverableException methods. by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3183\n* Revert \"Need to change the locks\" by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3186\n* 8.7.0 changelog by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3184\n\n## New Contributors\n* @​rstm-sf made their first contribution in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3175\n\n**Full Changelog**: https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.6.1...8.7.0\n\n## 8.6.1\n\n8.6.1\n=====\n## Bug fix\n- Microsoft.IdentityModel now triggers a configuration refresh if token decryption fails. See issue [#​3148](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3148) for details.\n- Fix a bug in `JsonWebTokenHandler` where `JwtTokenDecryptionParameters`'s `Alg` and `Enc` were not set during token decryption, causing `IDX10611` and `IDX10619` errors to show null values in the messages. See issue [#​3003](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3003) for details.\n\n## Fundamentals\n- For development, IdentityModel now has a global.json file to specify the .NET SDK version. See issue [#​2995](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2995) for details.\n\n## What's Changed\n* Update version.props to next version by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3145\n* Update the public API shipped files by @​jmprieur in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3146\n* Add global.json file by @​mdchennu in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3153\n* Trigger metadata refresh for token decryption errors by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3149\n* Populate error messages correctly from JwtTokenUtilities.DecryptJwtToken by @​ksaaf in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3152\n* first changelog update by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3156\n\n## New Contributors\n* @​mdchennu made their first contribution in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3153\n* @​ksaaf made their first contribution in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3152\n\n**Full Changelog**: https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.6.0...8.6.1\n\n## 8.6.0\n\n8.6.0\n=====\n## New Features\n- TokenValidationParameters has a new boolean property `TryAllDecryptionKeys` that let you choose whether to try all decrypt keys when no key matches the token decrypt key IDs. By default it's set to **true** (legacy behavior) but you can set it to false to avoid tyring all keys which is more performant. See [#​3128](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3128)\n- Promote KeyInfo.MatchesKey from internal to protected internal virtual to enable SAML extensibility (for CoreWcf). See [#​3140](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3140)\n\n## Fundamentals\n* Update dependency on Microsoft.Extensions.Logging.Abstractions from 9.0.0 to 8.0.2 to avoid package downgrade in apps on .NET 9 using a netstandard2.0 library referencing logging.abstractions. See [3143](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3143)\n* Add more tests for encrypted tokens. See [#​3139](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3139)\n\n## What's Changed\n* Update CHANGELOG.md by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3133\n* Update version.props to next version by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3137\n* Add TryAllDecryptionKeys flag to whether decrypt if no key IDs match by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3128\n* Change KeyInfo.MatchesKey from internal to protected internal virtual. by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3140\n* Fix #​3112 by @​jmprieur in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3143\n* Add more auto-decryption related tests by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3139\n* Update changelog.md for 8.6.0 by @​jmprieur in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3144\n\n\n**Full Changelog**: https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.5.0...8.6.0\n\n## 8.5.0\n\n8.5.0\n=====\n## Reverting previous breaking change\n- The Configuration Manager has been reverted to version 8.3.1. The changes made in 8.4.0 assume the configuration manager is used as a singleton, which is similar to marking the type as disposable. We have since learned that [adding IDisposable is a breaking change](https://learn.microsoft.com/en-us/dotnet/fundamentals/runtime-libraries/system-idisposable), so we are following [semver guidance](https://semver.org/#what-do-i-do-if-i-accidentally-release-a-backward-incompatible-change-as-a-minor-version) and reverting and releasing a minor version (8.5.0).\n- Cherry-picked Changes: Included changes from PR [#​3022](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3022) and [#​3104](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3104).\n\n## What's Changed\n* Update version.props by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3126\n* fix formatting error by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3134\n* Revert configuration manager to 8.3.1 by @​keegan-caruso in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3132\n\n\n**Full Changelog**: https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.4.0...8.5.0\n\n## 8.4.0\n\n8.4.0\n=====\n## New Features\n- App context switch allows blocking or non-blocking calls for configuration. See PR [#​3106](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3106) for details and issue [#​3082](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3082) for details. If you are not using the ConfigurationManager as a singleton and not using the blocking option, you may need to call ShutdownBackgroundTask() to stop the background task to avoid leaking Tasks.\n- IdentityModel now enables symmetric and asymmetric keys to be created publicly with JWK. See [#​3094](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3094) for details.\n- IdentityModel now allows specifying the HTTP protocol version and version policy. See [#​2808](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2808) for details.\n\n## Repair items\n- Add request count and duration telemetry for configuration requests. See [#​3022](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3022) for details.\n- `KeyID` should be present in exception messages and is no longer PII. See [#​3104](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3104) for details.\n\n## Fundamentals\n- Fix spelling issues in xml comments. See [#​3117](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3117) for details.\n- Fix comment coverage in PR builds. See [#​3079](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3079) for details.\n\n### Work related to redesign of IdentityModel's token validation logic [#​2711](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2711)\n- See [#​3056](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3056). [#​3100](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3100), [#​3017](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3107), and [#​3111](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3111).\n- Add internal virtual on TokenHandler. See [#​3084](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3084) for details.\n\n* @​prochnowc made their first contribution in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2809\n\n## 8.3.1\n\n8.3.1\n=====\n## Bug Fixes\n* Respect TVP.RequireAudience when set to false. See [#​3055](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3055)\n* For net4.6.2 select RSACng for PSS support. See [#​3097](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3097)\n* Fix package downgrade in consuming libraries. See[#​3062](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3062)\n* Fix integer overflow in `AuthenticationEncryptionProvider.cs`. See [#​3063](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3063)\n\n## Fundamentals\n* Removed unused property on JsonWebToken ClaimsIdentity. See [#​3071](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3071) for details.\n* Upgrade to C# 13. See [#​2998](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2998)\n* Use new Base64Url API. See [#​22817](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2817)\n* Add warning quality check. See [#​3067](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3067)\n* Update dotnet actions. see [#​3074](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3074)\n* Fix warnings. See [#​3081](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3081)\n* Test updates in JsonWebToken. See [#​3080](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3080).\n\n### Work related to redesign of IdentityModel's token validation logic [#​2711](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2711)\n- [#​3027](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3027), [#​3028](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3028), [#​3051](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3051), [#​3054](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3054)\n\n## What's Changed\n* Update CHANGELOG.md by @​jmprieur in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3053\n* Extensibility tests: Audience - JWT, SAML and SAML2 by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3027\n* Extensibility tests: Lifetime - JWT, SAML and SAML2 by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3028\n* Implement lazy ClaimsIdentity creation from ValidatedToken on SAML and SAML2 on the new validation model by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3051\n* Add logging to the new validation model by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3054\n* update version by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3057\n* lower version to avoid downgrades. by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3058\n* Respect TVP.RequireAudience when set to false by @​kllysng in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3055\n* Fix package downgrade in consuming libraries by @​jmprieur in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3062\n* Add slnf for running perf and stress tests by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3066\n* Add Warning Quality Check Build Task 🔨 by @​kllysng in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3067\n* Update template-Build-run-tests-sign.yml by @​ciaozhang in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3069\n* Removed unused property on JsonWebToken by @​keegan-caruso in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3072\n* Update setup dotnet actions by @​keegan-caruso in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3074\n* fixed #​2983 and re-add code coverage comments to PRs by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3076\n* Remove duplicate keyid into var keysAttempted by @​bdapoigny in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2899\n* Upgrade to C# 13 by @​westin-m in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2998\n* Use new Base64Url API by @​msbw2 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2817\n* Update common.props by @​ciaozhang in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3078\n* fix warnings by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3081\n* Fixed integer overflow in AuthenticatedEncryptionProvider.cs by @​gparametr in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3063\n* Test updates by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3080\n* For net4.6.2 select RSACng for PSS support. by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3085\n* changelog for 8.3.1 by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3098\n\n## New Contributors\n* @​bdapoigny made their first contribution in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2899\n* @​gparametr made their first contribution in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3063\n\n ... (truncated)\n\n## 8.3.0\n\n## New features\n\n### Work related to redesign of IdentityModel's token validation logic [#​2711](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2711)\n* SAML and SAML2 new model validation: Token Replay. See [#​2994](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2994)\n* Extensibility tests: Token Type - JWT ([#​3030](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3030)), Issuer - SAML and SAML2 ([#​3026](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3026)), Algorithm and Signature - JWT, SAML and SAML2 ([#​3034](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3034)), Token Replay - JWT, SAML and SAML2 ([#​3032](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3032)),  Issuer signing key - JWT, SAML and SAML2 ([#​3029](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/302))\n* Avoid code duplication in extensibility testing. See [#​3041](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3041)\n* Extensibility Testing: Refactor. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3011\n* Remove duplicate code in extensibility tests. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3044\n\n## Bug fixes\n* Fix bug with AadIssuerValidator. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3042\n* Fixed SignedHttpRequest flaky test. See [#​3037](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3037)\n \n## Fundamentals\n* Install all .NET versions in pipeline to fix run tests task. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3018\n* Changelog for 8.2.1. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3009\n* Remove unnecessary AoT test project. See in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3045\n* Fix powershell script for nuget update. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3046\n* Update to next version. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3010\n* Disable Coverage PR comments. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3048\n* Updates GitHub Action to support long paths, See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3049\n* Stack parameters to improve reading of code. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3031\n\n## New Contributors\n* @​ssmelov made their first contribution in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3042\n\n**Full Changelog**: https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.2.1...8.3.0\n\n## 8.2.1\n\n8.2.1\n=====\n### New features\n- Update to use .NET 9 GA. See [2990](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2990).\n\n### Bug fixes\n- Remove dependency on Microsoft.Bcl.TimeProvider for .NET 8+ targets. See [2935](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2935).\n- Update cgmanifest to align with the JSON schema. See [2969](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2969).\n\n### Fundamentals\n- Streamline token creation in `SecurityTokenDescriptor`. See [2993](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2993).\n- Prevent inlining to guarantee stack frames in test. See [2999](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2999).\n\n### Work related to redesign of IdentityModel's token validation logic [#​2711](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2711)\n- Simplify stack frame caching. See [2976](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2976).\n- Implement reading SAML and SAML2 tokens. See [2980](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2980).\n- Implement validating SAML signature. See [2950](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2950).\n- Add tests for `IssuerExtensibility`. See [2987](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2987).\n- Add validation for SAML and SAML2 issuer signing key. See [2965](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2965).\n- Add validation for SAML and SAML2 algorithm. See [2984](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2984).\n\n## What's Changed\n* Microsoft.Rest.ClientRuntime has been deprecated, which results in so… by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2970\n* Update to next version after 8.2.0 release by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2975\n* Consolidating test statics by @​trwalke in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2956\n* New token validation model: Simplify stack frame caching by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2976\n* Remove dependency on Microsoft.Bcl.TimeProvider for .NET 8+ targets by @​filipnavara in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2935\n* Update cgmanifest to align with the JSON schema by @​jeffhandley in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2969\n* SAML and SAML2 new model validation: Read Token by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2980\n* SAML2 new model validation: Signature by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2961\n* JsonWebTokenHandler IssuerExtensibility by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2987\n* SAML and SAML2 new model validation: Issuer Signing Key by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2965\n* Ignore AotCompatibilityTests on ADO by @​jmprieur in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2992\n* SAML and SAML2 new model validation: Algorithm by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2984\n* Use SecurityTokenDescriptor when creating tokens by @​msbw2 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2991\n* Prevent inlining to guarantee stack frames in test by @​westin-m in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3002\n* Update to .NET 9 GA. Update some test dependencies. by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2990\n* Add Abstractions.Tests to strong name bypass file. by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3004\n\n## New Contributors\n* @​jeffhandley made their first contribution in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2969\n\n**Full Changelog**: https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.2.0...8.2.1\n\n## 8.2.0\n\n8.2.0\n=====\n### Fundamentals\n- Update System.Text.Json to 8.0.5 CVE-2024-43485. See [2892](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2892).\n- Using FixedTimeEquals in NETCore targets. See [2857](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2857).\n- Updated .NET 9 to RC 2 [2898](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2898).\n- Adds ability to create token without kid [2968](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2968)\n- Enables code coverage in PRs [2946](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2946)\n- Various test improvements:\n- [#​2953](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2953)\n- [#​2955](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2955)\n- [#​2951](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2951)\n- [#​2952](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2952)\n- [#​2947](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2947)\n\n### Work related to redesign of IdentityModel's token validation logic [#​2711](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2711)\n- Validates Audience for SAML2TokenHandler with New Model [2863](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2863)\n- Improvements to AudienceValidation [2902](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2902)\n- Added properties to ValidationResult [2923](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2923)\n- Implements Audience and Lifetime validations in SamlSecurityTokenHandler [2925](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2925)\n- Implements Issuer validation in SamlSecurityTokenHandler [2948](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2948)\n\n## What's Changed\n* update to next version by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2890\n* Use FixedTimeEquals in NETCore targets  by @​westin-m in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2857\n* Update System.Text.Json to 8.0.5 CVE-2024-43485 by @​msbw2 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2892\n* Update .NET 9 to RC 2 by @​msbw2 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2898\n* Validate Audience for SAML2TokenHandler with New Model by @​FuPingFranco in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2863\n* Regression tests: Issuer by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2868\n* Mark Wilson APIs as Shipped by @​westin-m in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2903\n* Add Tests for Lifetime Validation Using New Validation Model For SAML2 by @​FuPingFranco in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2906\n* Suggested changes to AudienceValidation by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2902\n* Extensibility tests: Audience by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2861\n* Added properties to ValidationResult without throwing by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2923\n* Extensibility tests: Lifetime by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2867\n* Regression tests: Issuer signing key by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2927\n* Do not serialize CaseSensitiveClaimsIdentity.SecurityToken. by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2896\n* Fix typo by @​westin-m in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2894\n* Implement and Test Audience and Lifetime validations in SamlSecurityTokenHandler with New Validation Model by @​FuPingFranco in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2925\n* Fix Flaky Tests: NameAndRoleClaimDelegates and RoleClaims by @​kellyyangsong in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2873\n* Regression tests: Signature by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2930\n* Validate Issuer Using New Validation Model in Saml2SecurityTokenHandler by @​FuPingFranco in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2929\n* Fix builds on macOS / Linux using the build.sh script by @​filipnavara in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2937\n* Regression tests: Algorithm by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2934\n* Regression tests: Token Type by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2932\n* Regression tests: Token Replay by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2931\n* Fix DevEx and IDDP builds such that when building internally, use an internal Nuget feed instead of nuget.org by @​kellyyangsong in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2936\n* Restore PopKeyResolvingTests.GetPopKeysFromJkuAsync by @​kellyyangsong in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2947\n* Restore skipped test: ReferenceCountingTest_MultiThreaded by @​kellyyangsong in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2952\n* Restore EnsureAotCompatibility test by @​kellyyangsong in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2951\n ... (truncated)\n\nCommits viewable in [compare view](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.1.2...8.18.0).\n\u003c/details\u003e\n\nUpdated [Microsoft.IdentityModel.Tokens](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet) from 8.1.2 to 8.18.0.\n\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\n_Sourced from [Microsoft.IdentityModel.Tokens's releases](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/releases)._\n\n## 8.18.0\n\n## New Features\n- Introduced a new interface `IConfigurationEventHandlerContextAware\u003cT\u003e` that provides context to the configuration event handler implementation, allowing it to optionally bypass a cache lookup. See [PR #​3444](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3444).\n- Added Microsoft.IdentityModel.Dpop — a new package implementing DPoP (Demonstrating Proof-of-Possession) per RFC 9449. Provides both client-side and server-side proof validation with no System.Net.Http dependency. See [PR #​3443](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3443).\n\n\n## 8.17.0\n\n## Dependencies\n* Downgrade MicrosoftExtensionsLoggingAbstractionsVersion to 8.0.0 on .NET 10. See [PR #​3435](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3435).\n\n\n## 8.16.0\n\n## New Features\n* Add telemetry around signature validation. See [PR #​3415](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3415) for details.\n\n## Fundamentals\n* Fix FileVersion format to use two-digit year and day of year. See [PR #​3389](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3389) for details.\n\n## 8.15.0\n\n## New Features\n- **Add ECDsa support in `X509SecurityKey` and `JsonWebKeyConverter.ConvertFromX509SecurityKey`**  \n  Extended `X509SecurityKey` and `JsonWebKeyConverter.ConvertFromX509SecurityKey` to support ECDSA keys.  \n  See PR [#​2377](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2377) for details.\n\n## Bug Fixes\n- **Sanitize logs to avoid leaking sensitive data**  \n  Updated logging to sanitize sensitive values, reducing the risk of inadvertently exposing secrets or PII in logs.  \n  See PR [#​3316](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3316) for details.\n- **Optimize log sanitization with `SearchValues`**  \n  Improved the performance of the log sanitization logic introduced earlier by using `SearchValues`, making sanitization more efficient in high-throughput scenarios.  \n  See PR [#​3341](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3341) for details.\n- **Update test for `IDX10400`**  \n  Adjusted the `IDX10400` test to align with the current behavior and error messaging.  \n  See PR [#​3314](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3314) for details.\n\n## Fundamentals\n- **Add supported algorithm tests**  \n  Added new tests to validate the set of supported cryptographic algorithms, increasing confidence in algorithm coverage and compatibility.  \n  See PR [#​3296](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3296) for details.\n- **Migrate repository agent rules from `.clinerules` to `agents.md`**  \n  Moved repository agent/AI-assist rules into markdown documentation to make them more visible and easier to maintain.  \n  See PR [#​3313](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3313) for details.\n- **Migrate `Microsoft.IdentityModel.TestExtensions` from Newtonsoft.Json to System.Text.Json**  \n  Updated `Microsoft.IdentityModel.TestExtensions` to use `System.Text.Json` instead of `Newtonsoft.Json`, aligning tests with the runtime serialization stack.  \n  See PR [#​3356](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3356) for details.\n- **Disable code coverage comments**  \n  Turned off automated code coverage comments on PRs to reduce noise while retaining coverage data elsewhere.  \n  See PR [#​3349](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3349) for details.\n- **Fix CodeQL alerts**  \n  Addressed CodeQL-reported issues to improve security posture and static analysis cleanliness.  \n  See PR [#​3364](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3364) for details.\n\n### .NET 10 / SDK and tooling updates\n- **Building with .NET 10 preview / RC 1**  \n  Updated the repository to build and test against .NET 10.0 preview/RC1, ensuring early compatibility with the upcoming runtime.  \n  See PRs [#​3287](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3287), [#​3357](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3357), and [#​3358](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3358) for details.\n- **Fix .NET 10 test execution consistency**  \n  Ensured consistent use of the `TargetNetNext` parameter across build, test, and pack phases so .NET 10.0 tests execute reliably.  \n  See PR [#​3337](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3337) for details.\n- **Update project files and workflows for .NET 10.0 compatibility**  \n  Adjusted project files and CI workflows to correctly target and run on .NET 10.0, including test and pack scenarios.  \n  See PR [#​3363](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3363) for details.\n- **Update .NET version to meet CG compliance**  \n  Updated the .NET version references to be compliant with corporate governance (CG) requirements.  \n  See PR [#​3353](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3353) for details.\n- **Update Coverlet collector and test SDK**  \n  - Bumped `CoverletCollectorVersion` to 6.0.4.  \n    See PR [#​3333](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3333) for details.  \n  - Upgraded `Microsoft.NET.Test.Sdk` to a newer version for improved test reliability and tooling support.  \n ... (truncated)\n\n## 8.14.0\n\n8.14.0\n====\n## Bug Fixes\n- Switch back to use `ValidationResult` instead of `OperationResult` when validating a token in a new experimental validation flow. Additionally removed the dependency on Microsoft.IdentityModel.Abstractions. See [#​3299](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3299) for details.\n\n## 8.13.1\n\n8.13.1\n====\n## Dependencies\nMicrosoft.IdentityModel now depends on Microsoft.Identity.Abstractions 9.3.0\n\n## Bug Fixes\n- Fixed a decompression failure happening for large JWE payloads. See [#​3286](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3286) for details.\n\n### Work related to redesign of IdentityModel's token validation logic [#​2711](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2711)\n- Update the validation methods to return Microsoft.Identity.Abstractions.OperationResult. See [#​3284](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3284) for details.\n\n8.13.0\n\n## 8.13.0\n\n8.13.0\n====\n### Fundamentals\n- `CaseSensitiveClaimsIdentity.SecurityToken` setter is now protected internal (was internal). See PR [#​3278](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3278) for details.\n- Update .NET SDK version to 9.0.108 used when building or running the code. See PR [#​3274](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3274) for details.\n- Update RsaSecurityKey.cs to replace the Pkcs1 padding by Pss from HasPrivateKey check. See [#​3280](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3280) for details.\n\n## What's Changed\n* Make CaseSensitiveClaimsIdentity.SecurityToken setter protected by @​keegan-caruso in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3278\n* Update .NET SDK version in global.json from 9.0.107 to 9.0.108 by @​Copilot in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3274\n* Update RsaSecurityKey.cs to remove Pkcs 1 by @​keegan-caruso in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3280\n* changelog for 8.13 by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3282\n\n## New Contributors\n* @​Copilot made their first contribution in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3274\n\n**Full Changelog**: https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.12.1...8.13.0\n\n## 8.12.1\n\n8.12.1\n====\n### Fundamentals\n- Update .NET SDK version to 9.0.107 used when building or running the code. See [#​3263](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3263) for details.\n- To keep our experimental code separate from production code, all files associated with experimental features have been moved to the Experimental folders. See PR [#​3261](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3261) for details.\n- Experimental code leaked into TokenValidationResult from early prototypes. See PR [#​3259](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3259) for details.\n\n## What's Changed\n* Remove experimental code from TokenValidationResult by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3259\n* Moved files to experimental folder by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3261\n* Update global.json to latest by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3263\n\n\n**Full Changelog**: https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.12.0...8.12.1\n\n## 8.12.0\n\n8.12.0\n====\n\n## New Features\n- **Enhance ConfigurationManager with event handling**  \n  Added event handling capabilities to the `ConfigurationManager`, enabling consumers to subscribe to configuration change events. This enhancement improves extensibility and allows more responsive applications. For details see [#​3253](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3253)  \n\n## Bug Fixes\n- **Add expected Base64UrlEncoder.Decode overload for NET6 and 8**  \n  Introduced the expected overload of `Base64UrlEncoder.Decode` for .NET 6 and 8, ensuring compatibility and preventing missing method issues on these frameworks.  \n  For details see [#​3249](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3249)  \n\n## Fundamentals\n- **Add AI assist rules**  \n  Incorporated AI assist rules to enhance AI agents effectiveness.  \n  For details see [#​3255](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3255)  \n- **Update PublicApiAnalyzers and BannedApiAnalyzers to 4.14.0**  \n  Upgraded analyzer packages for improved diagnostics and code consistency (in particular delegates are added).  \n  For details see [#​3256](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3256)  \n- **Move suppression of RS006 to csproj**  \n  Centralized suppression of RS006 warnings in project files for easier management.  \n  For details see [#​3230](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3230)\n\n## What's Changed\n* Move suppression of RS006 to csproj. by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3230\n* Add expected Base64UrlEncoder.Decode overload for NET6 and 8 by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3250\n* add ai assist rules by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3255\n* Enhance ConfigurationManager with event handling by @​GeoK in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3254\n* Update PublicApiAnalyzers and BannedApiAnalyzers to 4.14.0 by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3256\n* Update CHANGELOG.md for 8.12.0 by @​jmprieur in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3258\n\n\n**Full Changelog**: https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.11.0...8.12.0\n\n## 8.11.0\n\n8.11.0\n=====\n## New Features:\n- Microsoft.IdentityModel now exposes the AadIssuerValidator factory method publicly to enable caching functionality for AadIssuerValidator instances. See issue [#​3245](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3245) for details.\n- Added a new public async API: `JsonWebTokenHandler.DecryptTokenWithConfigurationAsync`, which decrypts a JWE token using keys from either `TokenValidationParameters` or, if not present, from configuration (such as via a ConfigurationManager). This enhancement improves developer experience by enabling asynchronous, cancellation-aware JWE decryption scenarios, aligning with modern .NET async patterns and making integration with external key/configuration sources more robust and observable. See PR [#​3243](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3243) for details.\n\n## What's Changed\n* few updates by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3242\n* Changelog for 8.10.0 by @​sruke in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3241\n* Exposes publicly override of AadIssuerValidator factory taking a delegate by @​jmprieur in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3244\n* update current version to 8.10.0 by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3246\n* Add DecryptTokenWithConfiguration API by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3243\n* changelog for 8.11 by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3248\n\n\n**Full Changelog**: https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.10.0...8.11.0\n\n## 8.10.0\n\n8.10.0\n=====\n## Bug Fixes\n- Corrected casing of the Type attribute in SubjectConfirm....\n\n_Description has been truncated_","html_url":"https://github.com/AzureCosmosDB/MCPToolKit/pull/112","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/AzureCosmosDB%2FMCPToolKit/issues/112","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/112/packages"},{"uuid":"4402371124","node_id":"PR_kwDOLkzEy87ZU3e9","number":134,"state":"open","title":"Bump MediatR and Microsoft.IdentityModel.JsonWebTokens","user":"dependabot[bot]","labels":[],"assignees":[],"locked":false,"comments_count":3,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-07T22:20:32.000Z","updated_at":"2026-05-07T22:39:55.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"MediatR","repository_url":"https://github.com/LuckyPennySoftware/MediatR"},{"name":"Microsoft.IdentityModel.JsonWebTokens","repository_url":"https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet"}],"path":null,"ecosystem":"nuget"},"body":"Updated [MediatR](https://github.com/LuckyPennySoftware/MediatR) from 12.4.1 to 14.1.0.\n\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\n_Sourced from [MediatR's releases](https://github.com/LuckyPennySoftware/MediatR/releases)._\n\n## 14.1.0\n\n## What's Changed\n* Migrating to slnx by @​jbogard in https://github.com/LuckyPennySoftware/MediatR/pull/1147\n* Remove Azure-dependent CI steps to fix forked PR builds by @​Copilot in https://github.com/LuckyPennySoftware/MediatR/pull/1154\n* Handling nested generic arguments by @​jbogard in https://github.com/LuckyPennySoftware/MediatR/pull/1155\n* Handling F# assemblies correctly by catching reflection exceptions an… by @​jbogard in https://github.com/LuckyPennySoftware/MediatR/pull/1156\n* Simplify CheckLicense to use GetRequiredService instead of fallback constructors by @​Copilot in https://github.com/LuckyPennySoftware/MediatR/pull/1158\n* Fix: Cryptic \"No constructor\" Error When ILoggerFactory Is Not Registered (Issue #​1153) by @​jbogard in https://github.com/LuckyPennySoftware/MediatR/pull/1157\n* De-duping notification handlers before dispatching by @​jbogard in https://github.com/LuckyPennySoftware/MediatR/pull/1159\n* Log warning when perpetual license cannot be applied due to missing build date by @​Copilot in https://github.com/LuckyPennySoftware/MediatR/pull/1163\n* Perpetual licensing by @​jbogard in https://github.com/LuckyPennySoftware/MediatR/pull/1162\n\n## New Contributors\n* @​Copilot made their first contribution in https://github.com/LuckyPennySoftware/MediatR/pull/1154\n\n**Full Changelog**: https://github.com/LuckyPennySoftware/MediatR/compare/v14.0.0...v14.1.0\n\n## 14.0.0\n\n## What's Changed\n* Bumping to .NET 10 by @​jbogard in https://github.com/LuckyPennySoftware/MediatR/pull/1143\n* Enabling package signing\n\n**Full Changelog**: https://github.com/LuckyPennySoftware/MediatR/compare/v13.1.0...v14.0.0\n\n## 14.0.0-beta-1\n\n## What's Changed\n* Bumping to .NET 10 by @​jbogard in https://github.com/LuckyPennySoftware/MediatR/pull/1143\n* [Signed packages](https://learn.microsoft.com/en-us/nuget/create-packages/sign-a-package)\n\n**Full Changelog**: https://github.com/LuckyPennySoftware/MediatR/compare/v13.1.0...v14.0.0-beta-1\n\nThis release is a beta release that introduces .NET 10 support and package signing. Signed packages means going forward packages can be validated against trusted authorities that the package has been published by Lucky Penny Software and not tampered with.\n\n## 13.1.0\n\n## What's Changed\n* Do not require non-public license classes to be registered; fixes #​1127 by @​jbogard in https://github.com/LuckyPennySoftware/MediatR/pull/1129\n* Adding direct .NET 4.x support by @​jbogard in https://github.com/LuckyPennySoftware/MediatR/pull/1131\n* Update release.yml by @​dhgatjeye in https://github.com/LuckyPennySoftware/MediatR/pull/1132\n* Allowing static license key values by @​jbogard in https://github.com/LuckyPennySoftware/MediatR/pull/1136\n* Dependency Injection tests for various providers by @​jithu7432 in https://github.com/LuckyPennySoftware/MediatR/pull/1134\n* Upgrade to System.Text.Json version without transitive vulnerability by @​kanilsz in https://github.com/LuckyPennySoftware/MediatR/pull/1139\n* Add DI tests for `LightInject`, `StashBox`, `Lamar` by @​jithu7432 in https://github.com/LuckyPennySoftware/MediatR/pull/1137\n\n## New Contributors\n* @​dhgatjeye made their first contribution in https://github.com/LuckyPennySoftware/MediatR/pull/1132\n* @​kanilsz made their first contribution in https://github.com/LuckyPennySoftware/MediatR/pull/1139\n\n**Full Changelog**: https://github.com/LuckyPennySoftware/MediatR/compare/v13.0.0...v13.1.0\n\n## 13.0.0\n\n**Full Changelog**: https://github.com/LuckyPennySoftware/MediatR/compare/v12.5.0...v13.0.0\n\n* Added support for .NET Standard 2.0\n* Requiring license key\n* Moving from Apache license to dual commercial/OSS license\n\nTo set your license key:\n\n```csharp\nservices.AddMediatR(cfg =\u003e {\n    cfg.LicenseKey = \"\u003cLicense key here\u003e\";\n});\n```\n\nYou can obtain your license key at [MediatR.io](https://mediatr.io)\n\n## 12.5.0\n\n## What's Changed\n* Open behavior multiple registration extensions by @​Emopusta in https://github.com/jbogard/MediatR/pull/1065\n* Remove duplicate `Nullable` property from `MediatR.Contracts` by @​jithu7432 in https://github.com/jbogard/MediatR/pull/1061\n* Timeout behavior support by @​zachpainter77 in https://github.com/jbogard/MediatR/pull/1058\n* GitHub Actions upload-artifacts@​v2 deprecated moving to v4 by @​jithu7432 in https://github.com/jbogard/MediatR/pull/1072\n* update MinVer from 4.3.0 to 6.0.0 by @​adamralph in https://github.com/jbogard/MediatR/pull/1102\n* Update setup-dotnet package version. by @​Emopusta in https://github.com/jbogard/MediatR/pull/1086\n* Add test for multiple open behavior registration feature. by @​Emopusta in https://github.com/jbogard/MediatR/pull/1077\n* Add validation and comments to OpenBehavior entity. by @​Emopusta in https://github.com/jbogard/MediatR/pull/1078\n* Passing CancellationToken to the call chain by @​podobaas in https://github.com/jbogard/MediatR/pull/1100\n\n## New Contributors\n* @​Emopusta made their first contribution in https://github.com/jbogard/MediatR/pull/1065\n* @​jithu7432 made their first contribution in https://github.com/jbogard/MediatR/pull/1061\n* @​podobaas made their first contribution in https://github.com/jbogard/MediatR/pull/1100\n\n**Full Changelog**: https://github.com/jbogard/MediatR/compare/v12.4.1...v12.5.0\n\nCommits viewable in [compare view](https://github.com/LuckyPennySoftware/MediatR/compare/v12.4.1...v14.1.0).\n\u003c/details\u003e\n\nUpdated [Microsoft.IdentityModel.JsonWebTokens](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet) from 7.4.0 to 8.14.0.\n\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\n_Sourced from [Microsoft.IdentityModel.JsonWebTokens's releases](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/releases)._\n\n## 8.14.0\n\n8.14.0\n====\n## Bug Fixes\n- Switch back to use `ValidationResult` instead of `OperationResult` when validating a token in a new experimental validation flow. Additionally removed the dependency on Microsoft.IdentityModel.Abstractions. See [#​3299](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3299) for details.\n\n## 8.13.1\n\n8.13.1\n====\n## Dependencies\nMicrosoft.IdentityModel now depends on Microsoft.Identity.Abstractions 9.3.0\n\n## Bug Fixes\n- Fixed a decompression failure happening for large JWE payloads. See [#​3286](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3286) for details.\n\n### Work related to redesign of IdentityModel's token validation logic [#​2711](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2711)\n- Update the validation methods to return Microsoft.Identity.Abstractions.OperationResult. See [#​3284](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3284) for details.\n\n8.13.0\n\n## 8.13.0\n\n8.13.0\n====\n### Fundamentals\n- `CaseSensitiveClaimsIdentity.SecurityToken` setter is now protected internal (was internal). See PR [#​3278](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3278) for details.\n- Update .NET SDK version to 9.0.108 used when building or running the code. See PR [#​3274](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3274) for details.\n- Update RsaSecurityKey.cs to replace the Pkcs1 padding by Pss from HasPrivateKey check. See [#​3280](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3280) for details.\n\n## What's Changed\n* Make CaseSensitiveClaimsIdentity.SecurityToken setter protected by @​keegan-caruso in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3278\n* Update .NET SDK version in global.json from 9.0.107 to 9.0.108 by @​Copilot in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3274\n* Update RsaSecurityKey.cs to remove Pkcs 1 by @​keegan-caruso in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3280\n* changelog for 8.13 by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3282\n\n## New Contributors\n* @​Copilot made their first contribution in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3274\n\n**Full Changelog**: https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.12.1...8.13.0\n\n## 8.12.1\n\n8.12.1\n====\n### Fundamentals\n- Update .NET SDK version to 9.0.107 used when building or running the code. See [#​3263](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3263) for details.\n- To keep our experimental code separate from production code, all files associated with experimental features have been moved to the Experimental folders. See PR [#​3261](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3261) for details.\n- Experimental code leaked into TokenValidationResult from early prototypes. See PR [#​3259](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3259) for details.\n\n## What's Changed\n* Remove experimental code from TokenValidationResult by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3259\n* Moved files to experimental folder by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3261\n* Update global.json to latest by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3263\n\n\n**Full Changelog**: https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.12.0...8.12.1\n\n## 8.12.0\n\n8.12.0\n====\n\n## New Features\n- **Enhance ConfigurationManager with event handling**  \n  Added event handling capabilities to the `ConfigurationManager`, enabling consumers to subscribe to configuration change events. This enhancement improves extensibility and allows more responsive applications. For details see [#​3253](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3253)  \n\n## Bug Fixes\n- **Add expected Base64UrlEncoder.Decode overload for NET6 and 8**  \n  Introduced the expected overload of `Base64UrlEncoder.Decode` for .NET 6 and 8, ensuring compatibility and preventing missing method issues on these frameworks.  \n  For details see [#​3249](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3249)  \n\n## Fundamentals\n- **Add AI assist rules**  \n  Incorporated AI assist rules to enhance AI agents effectiveness.  \n  For details see [#​3255](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3255)  \n- **Update PublicApiAnalyzers and BannedApiAnalyzers to 4.14.0**  \n  Upgraded analyzer packages for improved diagnostics and code consistency (in particular delegates are added).  \n  For details see [#​3256](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3256)  \n- **Move suppression of RS006 to csproj**  \n  Centralized suppression of RS006 warnings in project files for easier management.  \n  For details see [#​3230](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3230)\n\n## What's Changed\n* Move suppression of RS006 to csproj. by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3230\n* Add expected Base64UrlEncoder.Decode overload for NET6 and 8 by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3250\n* add ai assist rules by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3255\n* Enhance ConfigurationManager with event handling by @​GeoK in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3254\n* Update PublicApiAnalyzers and BannedApiAnalyzers to 4.14.0 by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3256\n* Update CHANGELOG.md for 8.12.0 by @​jmprieur in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3258\n\n\n**Full Changelog**: https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.11.0...8.12.0\n\n## 8.11.0\n\n8.11.0\n=====\n## New Features:\n- Microsoft.IdentityModel now exposes the AadIssuerValidator factory method publicly to enable caching functionality for AadIssuerValidator instances. See issue [#​3245](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3245) for details.\n- Added a new public async API: `JsonWebTokenHandler.DecryptTokenWithConfigurationAsync`, which decrypts a JWE token using keys from either `TokenValidationParameters` or, if not present, from configuration (such as via a ConfigurationManager). This enhancement improves developer experience by enabling asynchronous, cancellation-aware JWE decryption scenarios, aligning with modern .NET async patterns and making integration with external key/configuration sources more robust and observable. See PR [#​3243](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3243) for details.\n\n## What's Changed\n* few updates by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3242\n* Changelog for 8.10.0 by @​sruke in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3241\n* Exposes publicly override of AadIssuerValidator factory taking a delegate by @​jmprieur in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3244\n* update current version to 8.10.0 by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3246\n* Add DecryptTokenWithConfiguration API by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3243\n* changelog for 8.11 by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3248\n\n\n**Full Changelog**: https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.10.0...8.11.0\n\n## 8.10.0\n\n8.10.0\n=====\n## Bug Fixes\n- Corrected casing of the Type attribute in SubjectConfirmationData. See [#​3206](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3206).\n- Removed Microsoft.Bcl.Memory dependency for pre-.NET 9.0 targets. See [#​3220](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/commit/33784b8ec0ff4300efad788535f90b3adc5bdfd1).\n- Aligned Microsoft.Extensions.Logging.Abstractions version to 8.0.0 for .NET 9 to match other targets. See [#​3226](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/commit/793bd34e945eb8ba7528cf87c4a29a29c4704a65).\n\n## Fundamentals\n- Introduced Long-Term Support (LTS) policy. See [#​3228](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/commit/946bec18cdeb26b8133a04e8c056dd5f17588f89) and [#​3232](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/commit/14842aedb3d57c32b9ce784061cd9beccbdd1eb1).\n\n## 8.9.0\n\n8.9.0\n=====\n## Bug Fixes\n- syncAfter has been updated to preserve UTC information, addressing a bug where GetConfigurationAsync does not refresh configuration in ConfigurationManager. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3213.\n- Fixed a null reference issue in KeyInfo. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3203.\n\n## New Features\n- Introduced a new delegate for reading custom token payload values on JsonWebToken. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2981.\n- Added an overload for ReadJsonWebToken to take a ReadOnlyMemory. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3205.\n\n## Fundamentals\n- Utilized IList to avoid enumerator allocation during audience validation. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3204.\n\n## 8.8.0\n\n8.8.0\n=====\n## New Features\n- Adds the ability for the metadata refresh to be done as a blocking call, as per 8.0.1 behavior. This is done through the `Switch.Microsoft.IdentityModel.UpdateConfigAsBlocking` switch. If set, configuration calls will be blocking when metadata is updated, otherwise, if token arrive with a new signing keys, validation errors will be returned to the caller. See PR [#​3193](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3193) for details.\n- Identity.Model updates some log and error messages (IDX10214, IDX10215). If the information is needed for debugging purposes, it can be reverted via the `Switch.Microsoft.IdentityModel.DoNotScrubExceptions` AppContextSwitch. See PR [#​3195](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3195) and https://aka.ms/identitymodel/app-context-switches for details.\n- Change all plain object locks to `System.Thread.Lock` objects for .NET 9 or greater. See PRs [#​3185](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3185) and [#​3189](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3189) for details.\n\n\n## 8.7.0\n\n## Bug Fixes\n- Add back internal methods `IsRecoverableException` and `IsRecoverableExceptionType` whose signatures were changed in the previous version. See [#​3181](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3181).\n\n## New Features\n- Make `Cnf` class public and move it to Microsoft.IdentityModel.Tokens package. See [#​3165](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3165).\n\n## What's Changed\n* Post Release 8.6.1 cleanup  by @​mdchennu in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3160\n* Updates CodeQL.yaml to exclude test files by @​sruke in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3163\n* Adds explanation for CodeQL warnings by @​sruke in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3167\n* Fix typo by @​rstm-sf in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3175\n* Need to change the locks by @​JoshLozensky in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3171\n* Move CNF from SHR to M.IM.Tokens by @​keegan-caruso in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3168\n* Add back IsRecoverableException methods. by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3183\n* Revert \"Need to change the locks\" by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3186\n* 8.7.0 changelog by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3184\n\n## New Contributors\n* @​rstm-sf made their first contribution in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3175\n\n**Full Changelog**: https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.6.1...8.7.0\n\n## 8.6.1\n\n8.6.1\n=====\n## Bug fix\n- Microsoft.IdentityModel now triggers a configuration refresh if token decryption fails. See issue [#​3148](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3148) for details.\n- Fix a bug in `JsonWebTokenHandler` where `JwtTokenDecryptionParameters`'s `Alg` and `Enc` were not set during token decryption, causing `IDX10611` and `IDX10619` errors to show null values in the messages. See issue [#​3003](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3003) for details.\n\n## Fundamentals\n- For development, IdentityModel now has a global.json file to specify the .NET SDK version. See issue [#​2995](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2995) for details.\n\n## What's Changed\n* Update version.props to next version by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3145\n* Update the public API shipped files by @​jmprieur in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3146\n* Add global.json file by @​mdchennu in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3153\n* Trigger metadata refresh for token decryption errors by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3149\n* Populate error messages correctly from JwtTokenUtilities.DecryptJwtToken by @​ksaaf in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3152\n* first changelog update by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3156\n\n## New Contributors\n* @​mdchennu made their first contribution in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3153\n* @​ksaaf made their first contribution in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3152\n\n**Full Changelog**: https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.6.0...8.6.1\n\n## 8.6.0\n\n8.6.0\n=====\n## New Features\n- TokenValidationParameters has a new boolean property `TryAllDecryptionKeys` that let you choose whether to try all decrypt keys when no key matches the token decrypt key IDs. By default it's set to **true** (legacy behavior) but you can set it to false to avoid tyring all keys which is more performant. See [#​3128](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3128)\n- Promote KeyInfo.MatchesKey from internal to protected internal virtual to enable SAML extensibility (for CoreWcf). See [#​3140](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3140)\n\n## Fundamentals\n* Update dependency on Microsoft.Extensions.Logging.Abstractions from 9.0.0 to 8.0.2 to avoid package downgrade in apps on .NET 9 using a netstandard2.0 library referencing logging.abstractions. See [3143](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3143)\n* Add more tests for encrypted tokens. See [#​3139](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3139)\n\n## What's Changed\n* Update CHANGELOG.md by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3133\n* Update version.props to next version by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3137\n* Add TryAllDecryptionKeys flag to whether decrypt if no key IDs match by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3128\n* Change KeyInfo.MatchesKey from internal to protected internal virtual. by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3140\n* Fix #​3112 by @​jmprieur in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3143\n* Add more auto-decryption related tests by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3139\n* Update changelog.md for 8.6.0 by @​jmprieur in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3144\n\n\n**Full Changelog**: https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.5.0...8.6.0\n\n## 8.5.0\n\n8.5.0\n=====\n## Reverting previous breaking change\n- The Configuration Manager has been reverted to version 8.3.1. The changes made in 8.4.0 assume the configuration manager is used as a singleton, which is similar to marking the type as disposable. We have since learned that [adding IDisposable is a breaking change](https://learn.microsoft.com/en-us/dotnet/fundamentals/runtime-libraries/system-idisposable), so we are following [semver guidance](https://semver.org/#what-do-i-do-if-i-accidentally-release-a-backward-incompatible-change-as-a-minor-version) and reverting and releasing a minor version (8.5.0).\n- Cherry-picked Changes: Included changes from PR [#​3022](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3022) and [#​3104](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3104).\n\n## What's Changed\n* Update version.props by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3126\n* fix formatting error by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3134\n* Revert configuration manager to 8.3.1 by @​keegan-caruso in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3132\n\n\n**Full Changelog**: https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.4.0...8.5.0\n\n## 8.4.0\n\n8.4.0\n=====\n## New Features\n- App context switch allows blocking or non-blocking calls for configuration. See PR [#​3106](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3106) for details and issue [#​3082](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3082) for details. If you are not using the ConfigurationManager as a singleton and not using the blocking option, you may need to call ShutdownBackgroundTask() to stop the background task to avoid leaking Tasks.\n- IdentityModel now enables symmetric and asymmetric keys to be created publicly with JWK. See [#​3094](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3094) for details.\n- IdentityModel now allows specifying the HTTP protocol version and version policy. See [#​2808](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2808) for details.\n\n## Repair items\n- Add request count and duration telemetry for configuration requests. See [#​3022](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3022) for details.\n- `KeyID` should be present in exception messages and is no longer PII. See [#​3104](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3104) for details.\n\n## Fundamentals\n- Fix spelling issues in xml comments. See [#​3117](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3117) for details.\n- Fix comment coverage in PR builds. See [#​3079](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3079) for details.\n\n### Work related to redesign of IdentityModel's token validation logic [#​2711](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2711)\n- See [#​3056](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3056). [#​3100](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3100), [#​3017](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3107), and [#​3111](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3111).\n- Add internal virtual on TokenHandler. See [#​3084](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3084) for details.\n\n* @​prochnowc made their first contribution in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2809\n\n## 8.3.1\n\n8.3.1\n=====\n## Bug Fixes\n* Respect TVP.RequireAudience when set to false. See [#​3055](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3055)\n* For net4.6.2 select RSACng for PSS support. See [#​3097](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3097)\n* Fix package downgrade in consuming libraries. See[#​3062](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3062)\n* Fix integer overflow in `AuthenticationEncryptionProvider.cs`. See [#​3063](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3063)\n\n## Fundamentals\n* Removed unused property on JsonWebToken ClaimsIdentity. See [#​3071](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3071) for details.\n* Upgrade to C# 13. See [#​2998](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2998)\n* Use new Base64Url API. See [#​22817](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2817)\n* Add warning quality check. See [#​3067](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3067)\n* Update dotnet actions. see [#​3074](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3074)\n* Fix warnings. See [#​3081](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3081)\n* Test updates in JsonWebToken. See [#​3080](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3080).\n\n### Work related to redesign of IdentityModel's token validation logic [#​2711](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2711)\n- [#​3027](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3027), [#​3028](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3028), [#​3051](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3051), [#​3054](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3054)\n\n## What's Changed\n* Update CHANGELOG.md by @​jmprieur in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3053\n* Extensibility tests: Audience - JWT, SAML and SAML2 by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3027\n* Extensibility tests: Lifetime - JWT, SAML and SAML2 by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3028\n* Implement lazy ClaimsIdentity creation from ValidatedToken on SAML and SAML2 on the new validation model by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3051\n* Add logging to the new validation model by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3054\n* update version by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3057\n* lower version to avoid downgrades. by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3058\n* Respect TVP.RequireAudience when set to false by @​kllysng in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3055\n* Fix package downgrade in consuming libraries by @​jmprieur in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3062\n* Add slnf for running perf and stress tests by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3066\n* Add Warning Quality Check Build Task 🔨 by @​kllysng in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3067\n* Update template-Build-run-tests-sign.yml by @​ciaozhang in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3069\n* Removed unused property on JsonWebToken by @​keegan-caruso in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3072\n* Update setup dotnet actions by @​keegan-caruso in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3074\n* fixed #​2983 and re-add code coverage comments to PRs by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3076\n* Remove duplicate keyid into var keysAttempted by @​bdapoigny in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2899\n* Upgrade to C# 13 by @​westin-m in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2998\n* Use new Base64Url API by @​msbw2 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2817\n* Update common.props by @​ciaozhang in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3078\n* fix warnings by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3081\n* Fixed integer overflow in AuthenticatedEncryptionProvider.cs by @​gparametr in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3063\n* Test updates by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3080\n* For net4.6.2 select RSACng for PSS support. by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3085\n* changelog for 8.3.1 by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3098\n\n## New Contributors\n* @​bdapoigny made their first contribution in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2899\n* @​gparametr made their first contribution in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3063\n\n ... (truncated)\n\n## 8.3.0\n\n## New features\n\n### Work related to redesign of IdentityModel's token validation logic [#​2711](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2711)\n* SAML and SAML2 new model validation: Token Replay. See [#​2994](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2994)\n* Extensibility tests: Token Type - JWT ([#​3030](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3030)), Issuer - SAML and SAML2 ([#​3026](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3026)), Algorithm and Signature - JWT, SAML and SAML2 ([#​3034](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3034)), Token Replay - JWT, SAML and SAML2 ([#​3032](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3032)),  Issuer signing key - JWT, SAML and SAML2 ([#​3029](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/302))\n* Avoid code duplication in extensibility testing. See [#​3041](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3041)\n* Extensibility Testing: Refactor. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3011\n* Remove duplicate code in extensibility tests. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3044\n\n## Bug fixes\n* Fix bug with AadIssuerValidator. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3042\n* Fixed SignedHttpRequest flaky test. See [#​3037](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3037)\n \n## Fundamentals\n* Install all .NET versions in pipeline to fix run tests task. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3018\n* Changelog for 8.2.1. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3009\n* Remove unnecessary AoT test project. See in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3045\n* Fix powershell script for nuget update. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3046\n* Update to next version. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3010\n* Disable Coverage PR comments. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3048\n* Updates GitHub Action to support long paths, See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3049\n* Stack parameters to improve reading of code. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3031\n\n## New Contributors\n* @​ssmelov made their first contribution in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3042\n\n**Full Changelog**: https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.2.1...8.3.0\n\n## 8.2.1\n\n8.2.1\n=====\n### New features\n- Update to use .NET 9 GA. See [2990](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2990).\n\n### Bug fixes\n- Remove dependency on Microsoft.Bcl.TimeProvider for .NET 8+ targets. See [2935](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2935).\n- Update cgmanifest to align with the JSON schema. See [2969](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2969).\n\n### Fundamentals\n- Streamline token creation in `SecurityTokenDescriptor`. See [2993](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2993).\n- Prevent inlining to guarantee stack frames in test. See [2999](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2999).\n\n### Work related to redesign of IdentityModel's token validation logic [#​2711](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2711)\n- Simplify stack frame caching. See [2976](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2976).\n- Implement reading SAML and SAML2 tokens. See [2980](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2980).\n- Implement validating SAML signature. See [2950](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2950).\n- Add tests for `IssuerExtensibility`. See [2987](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2987).\n- Add validation for SAML and SAML2 issuer signing key. See [2965](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2965).\n- Add validation for SAML and SAML2 algorithm. See [2984](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2984).\n\n## What's Changed\n* Microsoft.Rest.ClientRuntime has been deprecated, which results in so… by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2970\n* Update to next version after 8.2.0 release by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2975\n* Consolidating test statics by @​trwalke in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2956\n* New token validation model: Simplify stack frame caching by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2976\n* Remove dependency on Microsoft.Bcl.TimeProvider for .NET 8+ targets by @​filipnavara in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2935\n* Update cgmanifest to align with the JSON schema by @​jeffhandley in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2969\n* SAML and SAML2 new model validation: Read Token by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2980\n* SAML2 new model validation: Signature by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2961\n* JsonWebTokenHandler IssuerExtensibility by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2987\n* SAML and SAML2 new model validation: Issuer Signing Key by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2965\n* Ignore AotCompatibilityTests on ADO by @​jmprieur in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2992\n* SAML and SAML2 new model validation: Algorithm by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2984\n* Use SecurityTokenDescriptor when creating tokens by @​msbw2 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2991\n* Prevent inlining to guarantee stack frames in test by @​westin-m in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3002\n* Update to .NET 9 GA. Update some test dependencies. by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2990\n* Add Abstractions.Tests to strong name bypass file. by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3004\n\n## New Contributors\n* @​jeffhandley made their first contribution in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2969\n\n**Full Changelog**: https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.2.0...8.2.1\n\n## 8.2.0\n\n8.2.0\n=====\n### Fundamentals\n- Update System.Text.Json to 8.0.5 CVE-2024-43485. See [2892](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2892).\n- Using FixedTimeEquals in NETCore targets. See [2857](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2857).\n- Updated .NET 9 to RC 2 [2898](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2898).\n- Adds ability to create token without kid [2968](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2968)\n- Enables code coverage in PRs [2946](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2946)\n- Various test improvements:\n- [#​2953](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2953)\n- [#​2955](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2955)\n- [#​2951](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2951)\n- [#​2952](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2952)\n- [#​2947](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2947)\n\n### Work related to redesign of IdentityModel's token validation logic [#​2711](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2711)\n- Validates Audience for SAML2TokenHandler with New Model [2863](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2863)\n- Improvements to AudienceValidation [2902](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2902)\n- Added properties to ValidationResult [2923](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2923)\n- Implements Audience and Lifetime validations in SamlSecurityTokenHandler [2925](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2925)\n- Implements Issuer validation in SamlSecurityTokenHandler [2948](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2948)\n\n## What's Changed\n* update to next version by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2890\n* Use FixedTimeEquals in NETCore targets  by @​westin-m in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2857\n* Update System.Text.Json to 8.0.5 CVE-2024-43485 by @​msbw2 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2892\n* Update .NET 9 to RC 2 by @​msbw2 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2898\n* Validate Audience for SAML2TokenHandler with New Model by @​FuPingFranco in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2863\n* Regression tests: Issuer by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2868\n* Mark Wilson APIs as Shipped by @​westin-m in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2903\n* Add Tests for Lifetime Validation Using New Validation Model For SAML2 by @​FuPingFranco in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2906\n* Suggested changes to AudienceValidation by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2902\n* Extensibility tests: Audience by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2861\n* Added properties to ValidationResult without throwing by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2923\n* Extensibility tests: Lifetime by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2867\n* Regression tests: Issuer signing key by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2927\n* Do not serialize CaseSensitiveClaimsIdentity.SecurityToken. by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2896\n* Fix typo by @​westin-m in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2894\n* Implement and Test Audience and Lifetime validations in SamlSecurityTokenHandler with New Validation Model by @​FuPingFranco in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2925\n* Fix Flaky Tests: NameAndRoleClaimDelegates and RoleClaims by @​kellyyangsong in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2873\n* Regression tests: Signature by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2930\n* Validate Issuer Using New Validation Model in Saml2SecurityTokenHandler by @​FuPingFranco in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2929\n* Fix builds on macOS / Linux using the build.sh script by @​filipnavara in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2937\n* Regression tests: Algorithm by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2934\n* Regression tests: Token Type by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2932\n* Regression tests: Token Replay by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2931\n* Fix DevEx and IDDP builds such that when building internally, use an internal Nuget feed instead of nuget.org by @​kellyyangsong in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2936\n* Restore PopKeyResolvingTests.GetPopKeysFromJkuAsync by @​kellyyangsong in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2947\n* Restore skipped test: ReferenceCountingTest_MultiThreaded by @​kellyyangsong in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2952\n* Restore EnsureAotCompatibility test by @​kellyyangsong in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2951\n ... (truncated)\n\n## 8.1.2\n\n## What's Changed\n\n### Bug fixes\n\n* CaseSensitiveClaimsIdentity.Clone() now returns a `CaseSensitiveClaimsIdentity` as expected, by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2879\n* Multiple unused and unusable (for the moment) public APIs were removed. These were introduced by mistake leaking from the work done on logging and exception handling, by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2888\n\n### Fundamentals\n* Enabled PublicApiAnalyzers to better understand and trace changes to the public API, by @​keegan-caruso in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2782\n\n\n**Full Changelog**: https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.1.1...8.1.2\n\n## 8.1.1\n\n8.1.1\n=====\n### Bug fixes\n- Fix bug where ConfigurationManager was updating keys too frequently. See [2866](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2866) for details.\n\n## What's Changed\n* Rename validation delegates by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2847\n* Remove TransformBeforeSignatureValidationDelegate from ValidationParameters by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2848\n* Add disable discovery enumeration = true to all theory tests by @​kellyyangsong in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2849\n* Make CaseSensitiveClaimIdentity serializable by @​kellyyangsong in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2850\n* Remove Obsolete BinaryFormatter  by @​kellyyangsong in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2851\n* Refactor ValidateConditions in Saml2SecurityTokenHandler by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2855\n* Set custom BenchmarkDotNetconfig as default by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2852\n* Regression tests: Audience by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2838\n* Fix ValidateJsonWebTokenClaimMapping Flaky Test 🐞 by @​kellyyangsong in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2859\n* update current version by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2862\n* Regression tests: Lifetime by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2839\n* Rename ResolveTokenDecryptionKeyDelegate to DecryptionKeyResolverDelegate by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2869\n* Set internal _syncAfter using only AutomaticRefreshInterval. by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2865\n* 8.1.1 Changelog by @​kellyyangsong in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2864\n* Adjust for RefreshInterval not influencing AutomaticRefreshInterval. by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2870\n\n\n**Full Changelog**: https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.1.0...8.1.1\n\n## 8.1.0\n\n8.1.0\n=====\n### Performance improvements\n- Improves performance during issuer validation by replacing string comparison with span comparison. See PR [#​2826](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2826).\n\n### New features\n- Add optional check to prevent using keys that are shared across multiple clouds. See issue [#​2832](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2832) for details.\n\n### Bug fixes\n- JsonWebTokenHandler would only return unwrapped keys if there was no errors. This change is to align with the behavior in JwtSecurityTokenHandler, that is it returns the keys that were able to be unwrapped, and only throw if no keys were able to be unwrapped. See issue [#​2695](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2695) for details.\n\n### Fundamentals\n- Fix flaky tests. See [#​2793](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2793) for details.\n- Update XUnit versoin and fix test warnings due to new XUnit analyzers. See PR [#​2796](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2796) for details.\n- Onhboard to code coverage in ADO. See PR [#​2798](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2798).\n- Use `IsTargetFrameworkCompatible(*)` so AOT is forward-compatible with .NET 9 and beyond. See PR [#​2790](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2790) for details.\n- Fix a merge conflict impacting dev. See PR [#​2819](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2819).\n- Defining the following attribute in multiple assemblies (.Tokens, .Logging) causes an internal error.\n[DynamicallyAccessedMembers(DynamicallyAccessedMemberTypes.PublicConstructors)]. See PR [#​2820](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2820).\n- Remove perl dependency. See PR [#​2830](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2830).\n\n### Work related to redesign of IdentityModel's token validation logic [#​2711](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2711)\n- [#​2794](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2794)\n- [#​2800](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2800)\n- [#​2810](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2810)\n- [#​2811](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2811)\n- [#​2816](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2816)\n- [#​2822](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2822)\n- [#​2815](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2815)\n- [#​2818](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2818)\n- [#​2813](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2813)\n- [#​2827](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2827)\n\n## What's Changed\n* changelog 8.0.2 by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2792\n* Update version.props to 8.0.2 by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2791\n* Fix Async Issue in Extensibility Tests by @​FuPingFranco in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2795\n* Update xUnit version and fix test warnings by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2796\n* ValidateTokenAsync - New Path: Refactor result types by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2794\n* Onboard to code coverage in ADO by @​keegan-caruso in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2798\n* Exception refinement: Adding additional information by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2800\n* Add initial regression tests for the new validation path by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2810\n* Use IsTargetFrameworkCompatible() by @​martincostello in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2790\n* Regression tests: Added inner exception detail and invalid signature failure due to invalid algorithm used by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2811\n* Return unwrapped keys if able by @​keegan-caruso in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2812\n* New token validation path: Renamed result types by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2816\n* Fix merge conflict by @​msbw2 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2819\n* Removed attribute that causes issues with internal builds. by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2820\n* Add missing exception type to ValidationError -\u003e GetException() by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2822\n* Regression testing: Add JWE use cases by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2815\n ... (truncated)\n\n## 8.0.2\n\n8.0.2\n=====\n\n### Security fundamentals\n- Add `BannedApiAnalyzers` to prevent use of `ClaimsIdentity` constructors. See PR [#​2778](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2778) for details.\n\n### Bug fixes\n- IdentityModel now allows the JWT payload to be an empty string. See issue [#​2656](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2656) for details.\n- Cache `UseRfcDefinitionOfEpkAndKid` switch. See PR [#​2747](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2747) for details.\n- Method was named `DoNotFailOnMissingTid` in 7x and `DontFailOnMissingTid` in 8x, adding the method for back compat. See issue [#​2750](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2750) for details.\n- Metadata is now updated on a background thread. See [#​2780](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2780) for details.\n- `JsonWebKeySet` stores the original string it was created with. See PR [#​2755](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2755) for details.\n- Restore AOT compatibility. See [#​2711](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2711).\n- Fix OpenIdConnect parsing bug. See [#​2772](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2772) for details.\n- Remove the lock on creating a `SignatureProvider`. See [#​2788](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2788) for details.\n\n### Fundamentals\n- Test clean up [#​2742](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2742).\n- Use only FxCop in .NET framework targets [#​2693](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2693).\n- Add rule to add file headers automatically [#​2748](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2748).\n- Code analysis updates [#​2746](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2746).\n- Include README packages in NuGet [#​2752](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2752).\n- Update projects inside WilsonUnix solution [#​2768](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2768).\n- Code style enforced in build [#​2603](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2603).\n- CodeQL update [#​2767](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2767).\n- Update build pipeline to new one release build format [#​2777](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2777).\n- Update GitHub actions to `9.0.100-preview.7.24407.12` and add `\u003cNoWarn\u003e$(NoWarn);SYSLIB0057\u003c/NoWarn\u003e` due to breaking changes in preview7. [#​2786](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2786).\n\n### Work relating to [#​2711](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2711)\n- [#​2725](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2725), [#​2729](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2729), [#​2753](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2753), [#​2758](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2758), [#​2759](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2759), [#​2757](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2758), [#​2759](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2757), [#​2764](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2758), [#​2759](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2764), [#​2771](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2758), [#​2759](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2759), and [#​2779](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2779).\n\n\n## What's Changed\n* Remove old 6x tests used that are not needed anymore by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2742\n* Only use fxcop in netfw by @​keegan-caruso in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2693\n* Allow Jwt payload to be the empty string. by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2745\n* Add rule to add file headers automatically. by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2748\n* Remove Delegate Checks in Multiple Validators and Prevents Null Setting of Delegates by @​FuPingFranco in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2725\n* Fix CodeQL by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2746\n* Cache UseRfcDefinitionOfEpkAndKid switch. by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2747\n* Decrypt token: Remove exceptions + use new ValidationParameters by @​iNinja in https://githu.....\n\n_Description has been truncated_","html_url":"https://github.com/behdad088/EshopMicroservices/pull/134","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/behdad088%2FEshopMicroservices/issues/134","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/134/packages"},{"uuid":"4394790193","node_id":"PR_kwDOJEF0-M7Y8RNO","number":912,"state":"open","title":"Bump Microsoft.IdentityModel.JsonWebTokens from 8.17.0 to 8.18.0","user":"dependabot[bot]","labels":["dependencies",".NET"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-06T22:15:51.000Z","updated_at":"2026-05-06T22:19:05.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"Microsoft.IdentityModel.JsonWebTokens","old_version":"8.17.0","new_version":"8.18.0","repository_url":"https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet"}],"path":null,"ecosystem":"nuget"},"body":"Updated [Microsoft.IdentityModel.JsonWebTokens](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet) from 8.17.0 to 8.18.0.\n\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\n_Sourced from [Microsoft.IdentityModel.JsonWebTokens's releases](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/releases)._\n\n## 8.18.0\n\n## New Features\n- Introduced a new interface `IConfigurationEventHandlerContextAware\u003cT\u003e` that provides context to the configuration event handler implementation, allowing it to optionally bypass a cache lookup. See [PR #​3444](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3444).\n- Added Microsoft.IdentityModel.Dpop — a new package implementing DPoP (Demonstrating Proof-of-Possession) per RFC 9449. Provides both client-side and server-side proof validation with no System.Net.Http dependency. See [PR #​3443](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3443).\n\n\nCommits viewable in [compare view](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.17.0...8.18.0).\n\u003c/details\u003e\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=Microsoft.IdentityModel.JsonWebTokens\u0026package-manager=nuget\u0026previous-version=8.17.0\u0026new-version=8.18.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e\n\n\u003c!-- This is an auto-generated comment: release notes by coderabbit.ai --\u003e\n\n## Summary by CodeRabbit\n\n* **Chores**\n  * Updated core security and authentication libraries to their latest stable versions for improved reliability and security.\n\n\u003c!-- end of auto-generated comment: release notes by coderabbit.ai --\u003e","html_url":"https://github.com/Psychoboy/PenguinTwitchBot/pull/912","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/Psychoboy%2FPenguinTwitchBot/issues/912","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/912/packages"},{"uuid":"4394735941","node_id":"PR_kwDOJEF0-M7Y8F0U","number":908,"state":"open","title":"Bump Microsoft.IdentityModel.JsonWebTokens from 8.17.0 to 8.18.0","user":"dependabot[bot]","labels":["dependencies",".NET"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-06T22:04:32.000Z","updated_at":"2026-05-06T22:07:37.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"Microsoft.IdentityModel.JsonWebTokens","old_version":"8.17.0","new_version":"8.18.0","repository_url":"https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet"}],"path":null,"ecosystem":"nuget"},"body":"Updated [Microsoft.IdentityModel.JsonWebTokens](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet) from 8.17.0 to 8.18.0.\n\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\n_Sourced from [Microsoft.IdentityModel.JsonWebTokens's releases](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/releases)._\n\n## 8.18.0\n\n## New Features\n- Introduced a new interface `IConfigurationEventHandlerContextAware\u003cT\u003e` that provides context to the configuration event handler implementation, allowing it to optionally bypass a cache lookup. See [PR #​3444](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3444).\n- Added Microsoft.IdentityModel.Dpop — a new package implementing DPoP (Demonstrating Proof-of-Possession) per RFC 9449. Provides both client-side and server-side proof validation with no System.Net.Http dependency. See [PR #​3443](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3443).\n\n\nCommits viewable in [compare view](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.17.0...8.18.0).\n\u003c/details\u003e\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=Microsoft.IdentityModel.JsonWebTokens\u0026package-manager=nuget\u0026previous-version=8.17.0\u0026new-version=8.18.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e\n\n\u003c!-- This is an auto-generated comment: release notes by coderabbit.ai --\u003e\n\n## Summary by CodeRabbit\n\n* **Chores**\n  * Updated project dependencies to latest stable versions.\n\n\u003c!-- end of auto-generated comment: release notes by coderabbit.ai --\u003e","html_url":"https://github.com/Psychoboy/PenguinTwitchBot/pull/908","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/Psychoboy%2FPenguinTwitchBot/issues/908","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/908/packages"},{"uuid":"4373915631","node_id":"PR_kwDOMHViBc7X3u3s","number":80,"state":"closed","title":"Bump Microsoft.IdentityModel.JsonWebTokens from 8.17.0 to 8.18.0","user":"dependabot[bot]","labels":["dependencies",".NET"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-05-04T03:55:52.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-04T03:55:35.000Z","updated_at":"2026-05-04T03:55:54.000Z","time_to_close":17,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"Microsoft.IdentityModel.JsonWebTokens","old_version":"8.17.0","new_version":"8.18.0","repository_url":"https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet"}],"path":null,"ecosystem":"nuget"},"body":"Updated [Microsoft.IdentityModel.JsonWebTokens](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet) from 8.17.0 to 8.18.0.\n\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\n_Sourced from [Microsoft.IdentityModel.JsonWebTokens's releases](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/releases)._\n\nNo release notes found for this version range.\n\nCommits viewable in [compare view](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/commits).\n\u003c/details\u003e\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=Microsoft.IdentityModel.JsonWebTokens\u0026package-manager=nuget\u0026previous-version=8.17.0\u0026new-version=8.18.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/lookbusy1344/SqlDatabaseDump/pull/80","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/lookbusy1344%2FSqlDatabaseDump/issues/80","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/80/packages"},{"uuid":"4367138237","node_id":"PR_kwDOGKWCq87Xji2k","number":89,"state":"open","title":"Bump Microsoft.IdentityModel.JsonWebTokens from 8.9.0 to 8.18.0","user":"dependabot[bot]","labels":["dependencies",".NET"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-01T23:43:14.000Z","updated_at":"2026-05-01T23:44:31.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"Microsoft.IdentityModel.JsonWebTokens","old_version":"8.9.0","new_version":"8.18.0","repository_url":"https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet"}],"path":null,"ecosystem":"nuget"},"body":"Updated [Microsoft.IdentityModel.JsonWebTokens](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet) from 8.9.0 to 8.18.0.\n\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\n_Sourced from [Microsoft.IdentityModel.JsonWebTokens's releases](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/releases)._\n\n## 8.17.0\n\n## Dependencies\n* Downgrade MicrosoftExtensionsLoggingAbstractionsVersion to 8.0.0 on .NET 10. See [PR #​3435](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3435).\n\n\n## 8.16.0\n\n## New Features\n* Add telemetry around signature validation. See [PR #​3415](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3415) for details.\n\n## Fundamentals\n* Fix FileVersion format to use two-digit year and day of year. See [PR #​3389](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3389) for details.\n\n## 8.15.0\n\n## New Features\n- **Add ECDsa support in `X509SecurityKey` and `JsonWebKeyConverter.ConvertFromX509SecurityKey`**  \n  Extended `X509SecurityKey` and `JsonWebKeyConverter.ConvertFromX509SecurityKey` to support ECDSA keys.  \n  See PR [#​2377](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2377) for details.\n\n## Bug Fixes\n- **Sanitize logs to avoid leaking sensitive data**  \n  Updated logging to sanitize sensitive values, reducing the risk of inadvertently exposing secrets or PII in logs.  \n  See PR [#​3316](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3316) for details.\n- **Optimize log sanitization with `SearchValues`**  \n  Improved the performance of the log sanitization logic introduced earlier by using `SearchValues`, making sanitization more efficient in high-throughput scenarios.  \n  See PR [#​3341](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3341) for details.\n- **Update test for `IDX10400`**  \n  Adjusted the `IDX10400` test to align with the current behavior and error messaging.  \n  See PR [#​3314](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3314) for details.\n\n## Fundamentals\n- **Add supported algorithm tests**  \n  Added new tests to validate the set of supported cryptographic algorithms, increasing confidence in algorithm coverage and compatibility.  \n  See PR [#​3296](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3296) for details.\n- **Migrate repository agent rules from `.clinerules` to `agents.md`**  \n  Moved repository agent/AI-assist rules into markdown documentation to make them more visible and easier to maintain.  \n  See PR [#​3313](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3313) for details.\n- **Migrate `Microsoft.IdentityModel.TestExtensions` from Newtonsoft.Json to System.Text.Json**  \n  Updated `Microsoft.IdentityModel.TestExtensions` to use `System.Text.Json` instead of `Newtonsoft.Json`, aligning tests with the runtime serialization stack.  \n  See PR [#​3356](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3356) for details.\n- **Disable code coverage comments**  \n  Turned off automated code coverage comments on PRs to reduce noise while retaining coverage data elsewhere.  \n  See PR [#​3349](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3349) for details.\n- **Fix CodeQL alerts**  \n  Addressed CodeQL-reported issues to improve security posture and static analysis cleanliness.  \n  See PR [#​3364](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3364) for details.\n\n### .NET 10 / SDK and tooling updates\n- **Building with .NET 10 preview / RC 1**  \n  Updated the repository to build and test against .NET 10.0 preview/RC1, ensuring early compatibility with the upcoming runtime.  \n  See PRs [#​3287](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3287), [#​3357](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3357), and [#​3358](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3358) for details.\n- **Fix .NET 10 test execution consistency**  \n  Ensured consistent use of the `TargetNetNext` parameter across build, test, and pack phases so .NET 10.0 tests execute reliably.  \n  See PR [#​3337](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3337) for details.\n- **Update project files and workflows for .NET 10.0 compatibility**  \n  Adjusted project files and CI workflows to correctly target and run on .NET 10.0, including test and pack scenarios.  \n  See PR [#​3363](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3363) for details.\n- **Update .NET version to meet CG compliance**  \n  Updated the .NET version references to be compliant with corporate governance (CG) requirements.  \n  See PR [#​3353](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3353) for details.\n- **Update Coverlet collector and test SDK**  \n  - Bumped `CoverletCollectorVersion` to 6.0.4.  \n    See PR [#​3333](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3333) for details.  \n  - Upgraded `Microsoft.NET.Test.Sdk` to a newer version for improved test reliability and tooling support.  \n ... (truncated)\n\n## 8.14.0\n\n8.14.0\n====\n## Bug Fixes\n- Switch back to use `ValidationResult` instead of `OperationResult` when validating a token in a new experimental validation flow. Additionally removed the dependency on Microsoft.IdentityModel.Abstractions. See [#​3299](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3299) for details.\n\n## 8.13.1\n\n8.13.1\n====\n## Dependencies\nMicrosoft.IdentityModel now depends on Microsoft.Identity.Abstractions 9.3.0\n\n## Bug Fixes\n- Fixed a decompression failure happening for large JWE payloads. See [#​3286](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3286) for details.\n\n### Work related to redesign of IdentityModel's token validation logic [#​2711](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2711)\n- Update the validation methods to return Microsoft.Identity.Abstractions.OperationResult. See [#​3284](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3284) for details.\n\n8.13.0\n\n## 8.13.0\n\n8.13.0\n====\n### Fundamentals\n- `CaseSensitiveClaimsIdentity.SecurityToken` setter is now protected internal (was internal). See PR [#​3278](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3278) for details.\n- Update .NET SDK version to 9.0.108 used when building or running the code. See PR [#​3274](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3274) for details.\n- Update RsaSecurityKey.cs to replace the Pkcs1 padding by Pss from HasPrivateKey check. See [#​3280](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3280) for details.\n\n## What's Changed\n* Make CaseSensitiveClaimsIdentity.SecurityToken setter protected by @​keegan-caruso in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3278\n* Update .NET SDK version in global.json from 9.0.107 to 9.0.108 by @​Copilot in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3274\n* Update RsaSecurityKey.cs to remove Pkcs 1 by @​keegan-caruso in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3280\n* changelog for 8.13 by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3282\n\n## New Contributors\n* @​Copilot made their first contribution in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3274\n\n**Full Changelog**: https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.12.1...8.13.0\n\n## 8.12.1\n\n8.12.1\n====\n### Fundamentals\n- Update .NET SDK version to 9.0.107 used when building or running the code. See [#​3263](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3263) for details.\n- To keep our experimental code separate from production code, all files associated with experimental features have been moved to the Experimental folders. See PR [#​3261](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3261) for details.\n- Experimental code leaked into TokenValidationResult from early prototypes. See PR [#​3259](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3259) for details.\n\n## What's Changed\n* Remove experimental code from TokenValidationResult by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3259\n* Moved files to experimental folder by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3261\n* Update global.json to latest by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3263\n\n\n**Full Changelog**: https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.12.0...8.12.1\n\n## 8.12.0\n\n8.12.0\n====\n\n## New Features\n- **Enhance ConfigurationManager with event handling**  \n  Added event handling capabilities to the `ConfigurationManager`, enabling consumers to subscribe to configuration change events. This enhancement improves extensibility and allows more responsive applications. For details see [#​3253](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3253)  \n\n## Bug Fixes\n- **Add expected Base64UrlEncoder.Decode overload for NET6 and 8**  \n  Introduced the expected overload of `Base64UrlEncoder.Decode` for .NET 6 and 8, ensuring compatibility and preventing missing method issues on these frameworks.  \n  For details see [#​3249](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3249)  \n\n## Fundamentals\n- **Add AI assist rules**  \n  Incorporated AI assist rules to enhance AI agents effectiveness.  \n  For details see [#​3255](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3255)  \n- **Update PublicApiAnalyzers and BannedApiAnalyzers to 4.14.0**  \n  Upgraded analyzer packages for improved diagnostics and code consistency (in particular delegates are added).  \n  For details see [#​3256](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3256)  \n- **Move suppression of RS006 to csproj**  \n  Centralized suppression of RS006 warnings in project files for easier management.  \n  For details see [#​3230](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3230)\n\n## What's Changed\n* Move suppression of RS006 to csproj. by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3230\n* Add expected Base64UrlEncoder.Decode overload for NET6 and 8 by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3250\n* add ai assist rules by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3255\n* Enhance ConfigurationManager with event handling by @​GeoK in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3254\n* Update PublicApiAnalyzers and BannedApiAnalyzers to 4.14.0 by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3256\n* Update CHANGELOG.md for 8.12.0 by @​jmprieur in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3258\n\n\n**Full Changelog**: https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.11.0...8.12.0\n\n## 8.11.0\n\n8.11.0\n=====\n## New Features:\n- Microsoft.IdentityModel now exposes the AadIssuerValidator factory method publicly to enable caching functionality for AadIssuerValidator instances. See issue [#​3245](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3245) for details.\n- Added a new public async API: `JsonWebTokenHandler.DecryptTokenWithConfigurationAsync`, which decrypts a JWE token using keys from either `TokenValidationParameters` or, if not present, from configuration (such as via a ConfigurationManager). This enhancement improves developer experience by enabling asynchronous, cancellation-aware JWE decryption scenarios, aligning with modern .NET async patterns and making integration with external key/configuration sources more robust and observable. See PR [#​3243](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3243) for details.\n\n## What's Changed\n* few updates by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3242\n* Changelog for 8.10.0 by @​sruke in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3241\n* Exposes publicly override of AadIssuerValidator factory taking a delegate by @​jmprieur in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3244\n* update current version to 8.10.0 by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3246\n* Add DecryptTokenWithConfiguration API by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3243\n* changelog for 8.11 by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3248\n\n\n**Full Changelog**: https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.10.0...8.11.0\n\n## 8.10.0\n\n8.10.0\n=====\n## Bug Fixes\n- Corrected casing of the Type attribute in SubjectConfirmationData. See [#​3206](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3206).\n- Removed Microsoft.Bcl.Memory dependency for pre-.NET 9.0 targets. See [#​3220](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/commit/33784b8ec0ff4300efad788535f90b3adc5bdfd1).\n- Aligned Microsoft.Extensions.Logging.Abstractions version to 8.0.0 for .NET 9 to match other targets. See [#​3226](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/commit/793bd34e945eb8ba7528cf87c4a29a29c4704a65).\n\n## Fundamentals\n- Introduced Long-Term Support (LTS) policy. See [#​3228](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/commit/946bec18cdeb26b8133a04e8c056dd5f17588f89) and [#​3232](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/commit/14842aedb3d57c32b9ce784061cd9beccbdd1eb1).\n\nCommits viewable in [compare view](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/commits).\n\u003c/details\u003e\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\n\n\n\u003c/details\u003e","html_url":"https://github.com/devlooped/WebSocketChannel/pull/89","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/devlooped%2FWebSocketChannel/issues/89","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/89/packages"},{"uuid":"4210532282","node_id":"PR_kwDORbE1nc7QJrLv","number":47,"state":"closed","title":"Bump Microsoft.IdentityModel.JsonWebTokens and System.IdentityModel.Tokens.Jwt","user":"dependabot[bot]","labels":["dependencies"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":"2026-04-07T21:02:17.000Z","author_association":null,"state_reason":null,"created_at":"2026-04-06T08:28:48.000Z","updated_at":"2026-04-07T21:02:27.000Z","time_to_close":131609,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"Microsoft.IdentityModel.JsonWebTokens","repository_url":"https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet"},{"name":"System.IdentityModel.Tokens.Jwt"}],"path":null,"ecosystem":"nuget"},"body":"Updated [Microsoft.IdentityModel.JsonWebTokens](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet) from 6.34.0 to 8.17.0.\n\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\n_Sourced from [Microsoft.IdentityModel.JsonWebTokens's releases](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/releases)._\n\n## 8.17.0\n\n## Dependencies\n* Downgrade MicrosoftExtensionsLoggingAbstractionsVersion to 8.0.0 on .NET 10. See [PR #​3435](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3435).\n\n\n## 8.16.0\n\n## New Features\n* Add telemetry around signature validation. See [PR #​3415](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3415) for details.\n\n## Fundamentals\n* Fix FileVersion format to use two-digit year and day of year. See [PR #​3389](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3389) for details.\n\n## 8.15.0\n\n## New Features\n- **Add ECDsa support in `X509SecurityKey` and `JsonWebKeyConverter.ConvertFromX509SecurityKey`**  \n  Extended `X509SecurityKey` and `JsonWebKeyConverter.ConvertFromX509SecurityKey` to support ECDSA keys.  \n  See PR [#​2377](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2377) for details.\n\n## Bug Fixes\n- **Sanitize logs to avoid leaking sensitive data**  \n  Updated logging to sanitize sensitive values, reducing the risk of inadvertently exposing secrets or PII in logs.  \n  See PR [#​3316](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3316) for details.\n- **Optimize log sanitization with `SearchValues`**  \n  Improved the performance of the log sanitization logic introduced earlier by using `SearchValues`, making sanitization more efficient in high-throughput scenarios.  \n  See PR [#​3341](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3341) for details.\n- **Update test for `IDX10400`**  \n  Adjusted the `IDX10400` test to align with the current behavior and error messaging.  \n  See PR [#​3314](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3314) for details.\n\n## Fundamentals\n- **Add supported algorithm tests**  \n  Added new tests to validate the set of supported cryptographic algorithms, increasing confidence in algorithm coverage and compatibility.  \n  See PR [#​3296](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3296) for details.\n- **Migrate repository agent rules from `.clinerules` to `agents.md`**  \n  Moved repository agent/AI-assist rules into markdown documentation to make them more visible and easier to maintain.  \n  See PR [#​3313](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3313) for details.\n- **Migrate `Microsoft.IdentityModel.TestExtensions` from Newtonsoft.Json to System.Text.Json**  \n  Updated `Microsoft.IdentityModel.TestExtensions` to use `System.Text.Json` instead of `Newtonsoft.Json`, aligning tests with the runtime serialization stack.  \n  See PR [#​3356](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3356) for details.\n- **Disable code coverage comments**  \n  Turned off automated code coverage comments on PRs to reduce noise while retaining coverage data elsewhere.  \n  See PR [#​3349](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3349) for details.\n- **Fix CodeQL alerts**  \n  Addressed CodeQL-reported issues to improve security posture and static analysis cleanliness.  \n  See PR [#​3364](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3364) for details.\n\n### .NET 10 / SDK and tooling updates\n- **Building with .NET 10 preview / RC 1**  \n  Updated the repository to build and test against .NET 10.0 preview/RC1, ensuring early compatibility with the upcoming runtime.  \n  See PRs [#​3287](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3287), [#​3357](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3357), and [#​3358](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3358) for details.\n- **Fix .NET 10 test execution consistency**  \n  Ensured consistent use of the `TargetNetNext` parameter across build, test, and pack phases so .NET 10.0 tests execute reliably.  \n  See PR [#​3337](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3337) for details.\n- **Update project files and workflows for .NET 10.0 compatibility**  \n  Adjusted project files and CI workflows to correctly target and run on .NET 10.0, including test and pack scenarios.  \n  See PR [#​3363](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3363) for details.\n- **Update .NET version to meet CG compliance**  \n  Updated the .NET version references to be compliant with corporate governance (CG) requirements.  \n  See PR [#​3353](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3353) for details.\n- **Update Coverlet collector and test SDK**  \n  - Bumped `CoverletCollectorVersion` to 6.0.4.  \n    See PR [#​3333](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3333) for details.  \n  - Upgraded `Microsoft.NET.Test.Sdk` to a newer version for improved test reliability and tooling support.  \n ... (truncated)\n\n## 8.14.0\n\n8.14.0\n====\n## Bug Fixes\n- Switch back to use `ValidationResult` instead of `OperationResult` when validating a token in a new experimental validation flow. Additionally removed the dependency on Microsoft.IdentityModel.Abstractions. See [#​3299](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3299) for details.\n\n## 8.13.1\n\n8.13.1\n====\n## Dependencies\nMicrosoft.IdentityModel now depends on Microsoft.Identity.Abstractions 9.3.0\n\n## Bug Fixes\n- Fixed a decompression failure happening for large JWE payloads. See [#​3286](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3286) for details.\n\n### Work related to redesign of IdentityModel's token validation logic [#​2711](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2711)\n- Update the validation methods to return Microsoft.Identity.Abstractions.OperationResult. See [#​3284](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3284) for details.\n\n8.13.0\n\n## 8.13.0\n\n8.13.0\n====\n### Fundamentals\n- `CaseSensitiveClaimsIdentity.SecurityToken` setter is now protected internal (was internal). See PR [#​3278](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3278) for details.\n- Update .NET SDK version to 9.0.108 used when building or running the code. See PR [#​3274](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3274) for details.\n- Update RsaSecurityKey.cs to replace the Pkcs1 padding by Pss from HasPrivateKey check. See [#​3280](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3280) for details.\n\n## What's Changed\n* Make CaseSensitiveClaimsIdentity.SecurityToken setter protected by @​keegan-caruso in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3278\n* Update .NET SDK version in global.json from 9.0.107 to 9.0.108 by @​Copilot in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3274\n* Update RsaSecurityKey.cs to remove Pkcs 1 by @​keegan-caruso in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3280\n* changelog for 8.13 by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3282\n\n## New Contributors\n* @​Copilot made their first contribution in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3274\n\n**Full Changelog**: https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.12.1...8.13.0\n\n## 8.12.1\n\n8.12.1\n====\n### Fundamentals\n- Update .NET SDK version to 9.0.107 used when building or running the code. See [#​3263](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3263) for details.\n- To keep our experimental code separate from production code, all files associated with experimental features have been moved to the Experimental folders. See PR [#​3261](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3261) for details.\n- Experimental code leaked into TokenValidationResult from early prototypes. See PR [#​3259](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3259) for details.\n\n## What's Changed\n* Remove experimental code from TokenValidationResult by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3259\n* Moved files to experimental folder by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3261\n* Update global.json to latest by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3263\n\n\n**Full Changelog**: https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.12.0...8.12.1\n\n## 8.12.0\n\n8.12.0\n====\n\n## New Features\n- **Enhance ConfigurationManager with event handling**  \n  Added event handling capabilities to the `ConfigurationManager`, enabling consumers to subscribe to configuration change events. This enhancement improves extensibility and allows more responsive applications. For details see [#​3253](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3253)  \n\n## Bug Fixes\n- **Add expected Base64UrlEncoder.Decode overload for NET6 and 8**  \n  Introduced the expected overload of `Base64UrlEncoder.Decode` for .NET 6 and 8, ensuring compatibility and preventing missing method issues on these frameworks.  \n  For details see [#​3249](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3249)  \n\n## Fundamentals\n- **Add AI assist rules**  \n  Incorporated AI assist rules to enhance AI agents effectiveness.  \n  For details see [#​3255](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3255)  \n- **Update PublicApiAnalyzers and BannedApiAnalyzers to 4.14.0**  \n  Upgraded analyzer packages for improved diagnostics and code consistency (in particular delegates are added).  \n  For details see [#​3256](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3256)  \n- **Move suppression of RS006 to csproj**  \n  Centralized suppression of RS006 warnings in project files for easier management.  \n  For details see [#​3230](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3230)\n\n## What's Changed\n* Move suppression of RS006 to csproj. by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3230\n* Add expected Base64UrlEncoder.Decode overload for NET6 and 8 by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3250\n* add ai assist rules by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3255\n* Enhance ConfigurationManager with event handling by @​GeoK in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3254\n* Update PublicApiAnalyzers and BannedApiAnalyzers to 4.14.0 by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3256\n* Update CHANGELOG.md for 8.12.0 by @​jmprieur in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3258\n\n\n**Full Changelog**: https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.11.0...8.12.0\n\n## 8.11.0\n\n8.11.0\n=====\n## New Features:\n- Microsoft.IdentityModel now exposes the AadIssuerValidator factory method publicly to enable caching functionality for AadIssuerValidator instances. See issue [#​3245](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3245) for details.\n- Added a new public async API: `JsonWebTokenHandler.DecryptTokenWithConfigurationAsync`, which decrypts a JWE token using keys from either `TokenValidationParameters` or, if not present, from configuration (such as via a ConfigurationManager). This enhancement improves developer experience by enabling asynchronous, cancellation-aware JWE decryption scenarios, aligning with modern .NET async patterns and making integration with external key/configuration sources more robust and observable. See PR [#​3243](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3243) for details.\n\n## What's Changed\n* few updates by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3242\n* Changelog for 8.10.0 by @​sruke in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3241\n* Exposes publicly override of AadIssuerValidator factory taking a delegate by @​jmprieur in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3244\n* update current version to 8.10.0 by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3246\n* Add DecryptTokenWithConfiguration API by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3243\n* changelog for 8.11 by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3248\n\n\n**Full Changelog**: https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.10.0...8.11.0\n\n## 8.10.0\n\n8.10.0\n=====\n## Bug Fixes\n- Corrected casing of the Type attribute in SubjectConfirmationData. See [#​3206](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3206).\n- Removed Microsoft.Bcl.Memory dependency for pre-.NET 9.0 targets. See [#​3220](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/commit/33784b8ec0ff4300efad788535f90b3adc5bdfd1).\n- Aligned Microsoft.Extensions.Logging.Abstractions version to 8.0.0 for .NET 9 to match other targets. See [#​3226](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/commit/793bd34e945eb8ba7528cf87c4a29a29c4704a65).\n\n## Fundamentals\n- Introduced Long-Term Support (LTS) policy. See [#​3228](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/commit/946bec18cdeb26b8133a04e8c056dd5f17588f89) and [#​3232](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/commit/14842aedb3d57c32b9ce784061cd9beccbdd1eb1).\n\n## 8.9.0\n\n8.9.0\n=====\n## Bug Fixes\n- syncAfter has been updated to preserve UTC information, addressing a bug where GetConfigurationAsync does not refresh configuration in ConfigurationManager. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3213.\n- Fixed a null reference issue in KeyInfo. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3203.\n\n## New Features\n- Introduced a new delegate for reading custom token payload values on JsonWebToken. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2981.\n- Added an overload for ReadJsonWebToken to take a ReadOnlyMemory. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3205.\n\n## Fundamentals\n- Utilized IList to avoid enumerator allocation during audience validation. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3204.\n\n## 8.8.0\n\n8.8.0\n=====\n## New Features\n- Adds the ability for the metadata refresh to be done as a blocking call, as per 8.0.1 behavior. This is done through the `Switch.Microsoft.IdentityModel.UpdateConfigAsBlocking` switch. If set, configuration calls will be blocking when metadata is updated, otherwise, if token arrive with a new signing keys, validation errors will be returned to the caller. See PR [#​3193](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3193) for details.\n- Identity.Model updates some log and error messages (IDX10214, IDX10215). If the information is needed for debugging purposes, it can be reverted via the `Switch.Microsoft.IdentityModel.DoNotScrubExceptions` AppContextSwitch. See PR [#​3195](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3195) and https://aka.ms/identitymodel/app-context-switches for details.\n- Change all plain object locks to `System.Thread.Lock` objects for .NET 9 or greater. See PRs [#​3185](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3185) and [#​3189](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3189) for details.\n\n\n## 8.7.0\n\n## Bug Fixes\n- Add back internal methods `IsRecoverableException` and `IsRecoverableExceptionType` whose signatures were changed in the previous version. See [#​3181](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3181).\n\n## New Features\n- Make `Cnf` class public and move it to Microsoft.IdentityModel.Tokens package. See [#​3165](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3165).\n\n## What's Changed\n* Post Release 8.6.1 cleanup  by @​mdchennu in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3160\n* Updates CodeQL.yaml to exclude test files by @​sruke in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3163\n* Adds explanation for CodeQL warnings by @​sruke in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3167\n* Fix typo by @​rstm-sf in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3175\n* Need to change the locks by @​JoshLozensky in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3171\n* Move CNF from SHR to M.IM.Tokens by @​keegan-caruso in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3168\n* Add back IsRecoverableException methods. by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3183\n* Revert \"Need to change the locks\" by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3186\n* 8.7.0 changelog by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3184\n\n## New Contributors\n* @​rstm-sf made their first contribution in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3175\n\n**Full Changelog**: https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.6.1...8.7.0\n\n## 8.6.1\n\n8.6.1\n=====\n## Bug fix\n- Microsoft.IdentityModel now triggers a configuration refresh if token decryption fails. See issue [#​3148](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3148) for details.\n- Fix a bug in `JsonWebTokenHandler` where `JwtTokenDecryptionParameters`'s `Alg` and `Enc` were not set during token decryption, causing `IDX10611` and `IDX10619` errors to show null values in the messages. See issue [#​3003](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3003) for details.\n\n## Fundamentals\n- For development, IdentityModel now has a global.json file to specify the .NET SDK version. See issue [#​2995](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2995) for details.\n\n## What's Changed\n* Update version.props to next version by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3145\n* Update the public API shipped files by @​jmprieur in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3146\n* Add global.json file by @​mdchennu in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3153\n* Trigger metadata refresh for token decryption errors by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3149\n* Populate error messages correctly from JwtTokenUtilities.DecryptJwtToken by @​ksaaf in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3152\n* first changelog update by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3156\n\n## New Contributors\n* @​mdchennu made their first contribution in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3153\n* @​ksaaf made their first contribution in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3152\n\n**Full Changelog**: https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.6.0...8.6.1\n\n## 8.6.0\n\n8.6.0\n=====\n## New Features\n- TokenValidationParameters has a new boolean property `TryAllDecryptionKeys` that let you choose whether to try all decrypt keys when no key matches the token decrypt key IDs. By default it's set to **true** (legacy behavior) but you can set it to false to avoid tyring all keys which is more performant. See [#​3128](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3128)\n- Promote KeyInfo.MatchesKey from internal to protected internal virtual to enable SAML extensibility (for CoreWcf). See [#​3140](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3140)\n\n## Fundamentals\n* Update dependency on Microsoft.Extensions.Logging.Abstractions from 9.0.0 to 8.0.2 to avoid package downgrade in apps on .NET 9 using a netstandard2.0 library referencing logging.abstractions. See [3143](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3143)\n* Add more tests for encrypted tokens. See [#​3139](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3139)\n\n## What's Changed\n* Update CHANGELOG.md by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3133\n* Update version.props to next version by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3137\n* Add TryAllDecryptionKeys flag to whether decrypt if no key IDs match by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3128\n* Change KeyInfo.MatchesKey from internal to protected internal virtual. by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3140\n* Fix #​3112 by @​jmprieur in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3143\n* Add more auto-decryption related tests by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3139\n* Update changelog.md for 8.6.0 by @​jmprieur in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3144\n\n\n**Full Changelog**: https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.5.0...8.6.0\n\n## 8.5.0\n\n8.5.0\n=====\n## Reverting previous breaking change\n- The Configuration Manager has been reverted to version 8.3.1. The changes made in 8.4.0 assume the configuration manager is used as a singleton, which is similar to marking the type as disposable. We have since learned that [adding IDisposable is a breaking change](https://learn.microsoft.com/en-us/dotnet/fundamentals/runtime-libraries/system-idisposable), so we are following [semver guidance](https://semver.org/#what-do-i-do-if-i-accidentally-release-a-backward-incompatible-change-as-a-minor-version) and reverting and releasing a minor version (8.5.0).\n- Cherry-picked Changes: Included changes from PR [#​3022](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3022) and [#​3104](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3104).\n\n## What's Changed\n* Update version.props by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3126\n* fix formatting error by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3134\n* Revert configuration manager to 8.3.1 by @​keegan-caruso in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3132\n\n\n**Full Changelog**: https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.4.0...8.5.0\n\n## 8.4.0\n\n8.4.0\n=====\n## New Features\n- App context switch allows blocking or non-blocking calls for configuration. See PR [#​3106](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3106) for details and issue [#​3082](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3082) for details. If you are not using the ConfigurationManager as a singleton and not using the blocking option, you may need to call ShutdownBackgroundTask() to stop the background task to avoid leaking Tasks.\n- IdentityModel now enables symmetric and asymmetric keys to be created publicly with JWK. See [#​3094](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3094) for details.\n- IdentityModel now allows specifying the HTTP protocol version and version policy. See [#​2808](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2808) for details.\n\n## Repair items\n- Add request count and duration telemetry for configuration requests. See [#​3022](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3022) for details.\n- `KeyID` should be present in exception messages and is no longer PII. See [#​3104](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3104) for details.\n\n## Fundamentals\n- Fix spelling issues in xml comments. See [#​3117](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3117) for details.\n- Fix comment coverage in PR builds. See [#​3079](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3079) for details.\n\n### Work related to redesign of IdentityModel's token validation logic [#​2711](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2711)\n- See [#​3056](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3056). [#​3100](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3100), [#​3017](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3107), and [#​3111](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3111).\n- Add internal virtual on TokenHandler. See [#​3084](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3084) for details.\n\n* @​prochnowc made their first contribution in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2809\n\n## 8.3.1\n\n8.3.1\n=====\n## Bug Fixes\n* Respect TVP.RequireAudience when set to false. See [#​3055](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3055)\n* For net4.6.2 select RSACng for PSS support. See [#​3097](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3097)\n* Fix package downgrade in consuming libraries. See[#​3062](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3062)\n* Fix integer overflow in `AuthenticationEncryptionProvider.cs`. See [#​3063](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3063)\n\n## Fundamentals\n* Removed unused property on JsonWebToken ClaimsIdentity. See [#​3071](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3071) for details.\n* Upgrade to C# 13. See [#​2998](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2998)\n* Use new Base64Url API. See [#​22817](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2817)\n* Add warning quality check. See [#​3067](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3067)\n* Update dotnet actions. see [#​3074](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3074)\n* Fix warnings. See [#​3081](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3081)\n* Test updates in JsonWebToken. See [#​3080](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3080).\n\n### Work related to redesign of IdentityModel's token validation logic [#​2711](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2711)\n- [#​3027](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3027), [#​3028](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3028), [#​3051](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3051), [#​3054](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3054)\n\n## What's Changed\n* Update CHANGELOG.md by @​jmprieur in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3053\n* Extensibility tests: Audience - JWT, SAML and SAML2 by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3027\n* Extensibility tests: Lifetime - JWT, SAML and SAML2 by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3028\n* Implement lazy ClaimsIdentity creation from ValidatedToken on SAML and SAML2 on the new validation model by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3051\n* Add logging to the new validation model by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3054\n* update version by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3057\n* lower version to avoid downgrades. by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3058\n* Respect TVP.RequireAudience when set to false by @​kllysng in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3055\n* Fix package downgrade in consuming libraries by @​jmprieur in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3062\n* Add slnf for running perf and stress tests by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3066\n* Add Warning Quality Check Build Task 🔨 by @​kllysng in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3067\n* Update template-Build-run-tests-sign.yml by @​ciaozhang in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3069\n* Removed unused property on JsonWebToken by @​keegan-caruso in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3072\n* Update setup dotnet actions by @​keegan-caruso in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3074\n* fixed #​2983 and re-add code coverage comments to PRs by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3076\n* Remove duplicate keyid into var keysAttempted by @​bdapoigny in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2899\n* Upgrade to C# 13 by @​westin-m in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2998\n* Use new Base64Url API by @​msbw2 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2817\n* Update common.props by @​ciaozhang in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3078\n* fix warnings by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3081\n* Fixed integer overflow in AuthenticatedEncryptionProvider.cs by @​gparametr in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3063\n* Test updates by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3080\n* For net4.6.2 select RSACng for PSS support. by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3085\n* changelog for 8.3.1 by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3098\n\n## New Contributors\n* @​bdapoigny made their first contribution in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2899\n* @​gparametr made their first contribution in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3063\n\n ... (truncated)\n\n## 8.3.0\n\n## New features\n\n### Work related to redesign of IdentityModel's token validation logic [#​2711](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2711)\n* SAML and SAML2 new model validation: Token Replay. See [#​2994](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2994)\n* Extensibility tests: Token Type - JWT ([#​3030](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3030)), Issuer - SAML and SAML2 ([#​3026](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3026)), Algorithm and Signature - JWT, SAML and SAML2 ([#​3034](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3034)), Token Replay - JWT, SAML and SAML2 ([#​3032](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3032)),  Issuer signing key - JWT, SAML and SAML2 ([#​3029](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/302))\n* Avoid code duplication in extensibility testing. See [#​3041](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3041)\n* Extensibility Testing: Refactor. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3011\n* Remove duplicate code in extensibility tests. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3044\n\n## Bug fixes\n* Fix bug with AadIssuerValidator. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3042\n* Fixed SignedHttpRequest flaky test. See [#​3037](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3037)\n \n## Fundamentals\n* Install all .NET versions in pipeline to fix run tests task. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3018\n* Changelog for 8.2.1. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3009\n* Remove unnecessary AoT test project. See in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3045\n* Fix powershell script for nuget update. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3046\n* Update to next version. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3010\n* Disable Coverage PR comments. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3048\n* Updates GitHub Action to support long paths, See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3049\n* Stack parameters to improve reading of code. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3031\n\n## New Contributors\n* @​ssmelov made their first contribution in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3042\n\n**Full Changelog**: https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.2.1...8.3.0\n\n## 8.2.1\n\n8.2.1\n=====\n### New features\n- Update to use .NET 9 GA. See [2990](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2990).\n\n### Bug fixes\n- Remove dependency on Microsoft.Bcl.TimeProvider for .NET 8+ targets. See [2935](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2935).\n- Update cgmanifest to align with the JSON schema. See [2969](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2969).\n\n### Fundamentals\n- Streamline token creation in `SecurityTokenDescriptor`. See [2993](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2993).\n- Prevent inlining to guarantee stack frames in test. See [2999](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2999).\n\n### Work related to redesign of IdentityModel's token validation logic [#​2711](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2711)\n- Simplify stack frame caching. See [2976](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2976).\n- Implement reading SAML and SAML2 tokens. See [2980](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2980).\n- Implement validating SAML signature. See [2950](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2950).\n- Add tests for `IssuerExtensibility`. See [2987](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2987).\n- Add validation for SAML and SAML2 issuer signing key. See [2965](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2965).\n- Add validation for SAML and SAML2 algorithm. See [2984](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2984).\n\n## What's Changed\n* Microsoft.Rest.ClientRuntime has been deprecated, which results in so… by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2970\n* Update to next version after 8.2.0 release by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2975\n* Consolidating test statics by @​trwalke in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2956\n* New token validation model: Simplify stack frame caching by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2976\n* Remove dependency on Microsoft.Bcl.TimeProvider for .NET 8+ targets by @​filipnavara in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2935\n* Update cgmanifest to align with the JSON schema by @​jeffhandley in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2969\n* SAML and SAML2 new model validation: Read Token by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2980\n* SAML2 new model validation: Signature by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2961\n* JsonWebTokenHandler IssuerExtensibility by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2987\n* SAML and SAML2 new model validation: Issuer Signing Key by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2965\n* Ignore AotCompatibilityTests on ADO by @​jmprieur in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2992\n* SAML and SAML2 new model validation: Algorithm by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2984\n* Use SecurityTokenDescriptor when creating tokens by @​msbw2 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2991\n* Prevent inlining to guarantee stack frames in test by @​westin-m in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3002\n* Update to .NET 9 GA. Update some test dependencies. by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2990\n* Add Abstractions.Tests to strong name bypass file. by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3004\n\n## New Contributors\n* @​jeffhandley made their first contribution in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2969\n\n**Full Changelog**: https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.2.0...8.2.1\n\n## 8.2.0\n\n8.2.0\n=====\n### Fundamentals\n- Update System.Text.Json to 8.0.5 CVE-2024-43485. See [2892](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2892).\n- Using FixedTimeEquals in NETCore targets. See [2857](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2857).\n- Updated .NET 9 to RC 2 [2898](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2898).\n- Adds ability to create token without kid [2968](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2968)\n- Enables code coverage in PRs [2946](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2946)\n- Various test improvements:\n- [#​2953](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2953)\n- [#​2955](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2955)\n- [#​2951](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2951)\n- [#​2952](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2952)\n- [#​2947](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2947)\n\n### Work related to redesign of IdentityModel's token validation logic [#​2711](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2711)\n- Validates Audience for SAML2TokenHandler with New Model [2863](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2863)\n- Improvements to AudienceValidation [2902](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2902)\n- Added properties to ValidationResult [2923](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2923)\n- Implements Audience and Lifetime validations in SamlSecurityTokenHandler [2925](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2925)\n- Implements Issuer validation in SamlSecurityTokenHandler [2948](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2948)\n\n## What's Changed\n* update to next version by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2890\n* Use FixedTimeEquals in NETCore targets  by @​westin-m in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2857\n* Update System.Text.Json to 8.0.5 CVE-2024-43485 by @​msbw2 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2892\n* Update .NET 9 to RC 2 by @​msbw2 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2898\n* Validate Audience for SAML2TokenHandler with New Model by @​FuPingFranco in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2863\n* Regression tests: Issuer by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2868\n* Mark Wilson APIs as Shipped by @​westin-m in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2903\n* Add Tests for Lifetime Validation Using New Validation Model For SAML2 by @​FuPingFranco in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2906\n* Suggested changes to AudienceValidation by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2902\n* Extensibility tests: Audience by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2861\n* Added properties to ValidationResult without throwing by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2923\n* Extensibility tests: Lifetime by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2867\n* Regression tests: Issuer signing key by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2927\n* Do not serialize CaseSensitiveClaimsIdentity.SecurityToken. by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2896\n* Fix typo by @​westin-m in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2894\n* Implement and Test Audience and Lifetime validations in SamlSecurityTokenHandler with New Validation Model by @​FuPingFranco in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2925\n* Fix Flaky Tests: NameAndRoleClaimDelegates and RoleClaims by @​kellyyangsong in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2873\n* Regression tests: Signature by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2930\n* Validate Issuer Using New Validation Model in Saml2SecurityTokenHandler by @​FuPingFranco in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2929\n* Fix builds on macOS / Linux using the build.sh script by @​filipnavara in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2937\n* Regression tests: Algorithm by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2934\n* Regression tests: Token Type by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2932\n* Regression tests: Token Replay by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2931\n* Fix DevEx and IDDP builds such that when building internally, use an internal Nuget feed instead of nuget.org by @​kellyyangsong in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2936\n* Restore PopKeyResolvingTests.GetPopKeysFromJkuAsync by @​kellyyangsong in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2947\n* Restore skipped test: ReferenceCountingTest_MultiThreaded by @​kellyyangsong in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2952\n* Restore EnsureAotCompatibility test by @​kellyyangsong in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2951\n ... (truncated)\n\n## 8.1.2\n\n## What's Changed\n\n### Bug fixes\n\n* CaseSensitiveClaimsIdentity.Clone() now returns a `CaseSensitiveClaimsIdentity` as expected, by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2879\n* Multiple unused and unusable (for the moment) public APIs were removed. These were introduced by mistake leaking from the work done on logging and exception handling, by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2888\n\n### Fundamentals\n* Enabled PublicApiAnalyzers to better understand and trace changes to the public API, by @​keegan-caruso in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2782\n\n\n**Full Changelog**: https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.1.1...8.1.2\n\n## 8.1.1\n\n8.1.1\n=====\n### Bug fixes\n- Fix bug where ConfigurationManager was updating keys too frequently. See [2866](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2866) for details.\n\n## What's Changed\n* Rename validation delegates by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2847\n* Remove TransformBeforeSignatureValidationDelegate from ValidationParameters by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2848\n* Add disable discovery enumeration = true to all theory tests by @​kellyyangsong in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2849\n* Make CaseSensitiveClaimIdentity serializable by @​kellyyangsong in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2850\n* Remove Obsolete BinaryFormatter  by @​kellyyangsong in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2851\n* Refactor ValidateConditions in Saml2SecurityTokenHandler by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2855\n* Set custom BenchmarkDotNetconfig as default by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2852\n* Regression tests: Audience by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2838\n* Fix ValidateJsonWebTokenClaimMapping Flaky Test 🐞 by @​kellyyangsong in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2859\n* update current version by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2862\n* Regression tests: Lifetime by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2839\n* Rename ResolveTokenDecryptionKeyDelegate to DecryptionKeyResolverDelegate by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2869\n* Set internal _syncAfter using only AutomaticRefreshInterval. by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2865\n* 8.1.1 Changelog by @​kellyyangsong in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2864\n* Adjust for RefreshInterval not influencing AutomaticRefreshInterval. by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2870\n\n\n**Full Changelog**: https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.1.0...8.1.1\n\n## 8.1.0\n\n8.1.0\n=====\n### Performance improvements\n- Improves performance during issuer validation by replacing string comparison with span comparison. See PR [#​2826](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2826).\n\n### New features\n- Add optional check to prevent using keys that are shared across multiple clouds. See issue [#​2832](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2832) for details.\n\n### Bug fixes\n- JsonWebTokenHandler would only return unwrapped keys if there was no errors. This change is to align with the behavior in JwtSecurityTokenHandler, that is it returns the keys that were able to be unwrapped, and only throw if no keys were able to be unwrapped. See issue [#​2695](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2695) for details.\n\n### Fundamentals\n- Fix flaky tests. See [#​2793](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2793) for details.\n- Update XUnit versoin and fix test warnings due to new XUnit analyzers. See PR [#​2796](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2796) for details.\n- Onhboard to code coverage in ADO. See PR [#​2798](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2798).\n- Use `IsTargetFrameworkCompatible(*)` so AOT is forward-compatible with .NET 9 and beyond. See PR [#​2790](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2790) for details.\n- Fix a merge conflict impacting dev. See PR [#​2819](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2819).\n- Defining the following attribute in multiple assemblies (.Tokens, .Logging) causes an internal error.\n[DynamicallyAccessedMembers(DynamicallyAccessedMemberTypes.PublicConstructors)]. See PR [#​2820](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2820).\n- Remove perl dependency. See PR [#​2830](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2830).\n\n### Work related to redesign of IdentityModel's token validation logic [#​2711](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2711)\n- [#​2794](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2794)\n- [#​2800](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2800)\n- [#​2810](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2810)\n- [#​2811](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2811)\n- [#​2816](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2816)\n- [#​2822](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2822)\n- [#​2815](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2815)\n- [#​2818](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2818)\n- [#​2813](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2813)\n- [#​2827](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2827)\n\n## What's Changed\n* changelog 8.0.2 by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2792\n* Update version.props to 8.0.2 by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2791\n* Fix Async Issue in Extensibility Tests by @​FuPingFranco in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2795\n* Update xUnit version and fix test warnings by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2796\n* ValidateTokenAsync - New Path: Refactor result types by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2794\n* Onboard to code coverage in ADO by @​keegan-caruso in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2798\n* Exception refinement: Adding additional information by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2800\n* Add initial regression tests for the new validation path by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2810\n* Use IsTargetFrameworkCompatible() by @​martincostello in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2790\n* Regression tests: Added inner exception detail and invalid signature failure due to invalid algorithm used by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2811\n* Return unwrapped keys if able by @​keegan-caruso in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2812\n* New token validation path: Renamed result types by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2816\n* Fix merge conflict by @​msbw2 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2819\n* Removed attribute that causes issues with internal builds. by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2820\n* Add missing exception type to ValidationError -\u003e GetException() by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2822\n* Regression testing: Add JWE use cases by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2815\n ... (truncated)\n\n## 8.0.2\n\n8.0.2\n=====\n\n### Security fundamentals\n- Add `BannedApiAnalyzers` to prevent use of `ClaimsIdentity` constructors. See PR [#​2778](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2778) for details.\n\n### Bug fixes\n- IdentityModel now allows the JWT payload to be an empty string. See issue [#​2656](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2656) for details.\n- Cache `UseRfcDefinitionOfEpkAndKid` switch. See PR [#​2747](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2747) for details.\n- Method was named `DoNotFailOnMissingTid` in 7x and `DontFailOnMissingTid` in 8x, adding the method for back compat. See issue [#​2750](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2750) for details.\n- Metadata is now updated on a background thread. See [#​2780](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2780) for details.\n- `JsonWebKeySet` stores the original string it was created with. See PR [#​2755](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2755) for details.\n- Restore AOT compatibility. See [#​2711](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2711).\n- Fix OpenIdConnect parsing bug. See [#​2772](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2772) for details.\n- Remove the lock on creating a `SignatureProvider`. See [#​2788](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2788) for details.\n\n### Fundamentals\n- Test clean up [#​2742](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2742).\n- Use only FxCop in .NET framework targets [#​2693](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2693).\n- Add rule to add file headers automatically [#​2748](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2748).\n- Code analysis updates [#​2746](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2746).\n- Include README packages in NuGet [#​2752](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2752).\n- Update projects inside WilsonUnix solution [#​2768](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2768).\n- Code style enforced in build [#​2603](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2603).\n- CodeQL update [#​2767](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2767).\n- Update build pipeline to new one release build format [#​2777](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2777).\n- Update GitHub actions to `9.0.100-preview.7.24407.12` and add `\u003cNoWarn\u003e$(NoWarn);SYSLIB0057\u003c/NoWarn\u003e` due to breaking changes in preview7. [#​2786](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2786).\n\n### Work relating to [#​2711](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2711)\n- [#​2725](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2725), [#​2729](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2729), [#​2753](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2753), [#​2758](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2758), [#​2759](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2759), [#​2757](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2758), [#​2759](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2757), [#​2764](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2758), [#​2759](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2764), [#​2771](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2758), [#​2759](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2759), and [#​2779](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2779).\n\n\n## What's Changed\n* Remove old 6x tests used that are not needed anymore by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2742\n* Only use fxcop in netfw by @​keegan-caruso in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2693\n* Allow Jwt payload to be the empty string. by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2745\n* Add rule to add file headers automatically. by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2748\n* Remove Delegate Checks in Multiple Validators and Prevents Null Setting of Delegates by @​FuPingFranco in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2725\n* Fix CodeQL by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2746\n* Cache UseRfcDefinitionOfEpkAndKid switch. by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2747\n* Decrypt token: Remove exceptions + use new ValidationParameters by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2729\n* Include README packages in NuGet by @​localden in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2752\n* Remove internals for new work. by @​brentschmaltz in https://github.com/AzureAD/azure-active...\n\n_Description has been truncated_","html_url":"https://github.com/dever-labs/dotnet10-service-template/pull/47","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/dever-labs%2Fdotnet10-service-template/issues/47","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/47/packages"},{"uuid":"4167020284","node_id":"PR_kwDOMHViBc7OeVMq","number":73,"state":"closed","title":"Bump Microsoft.IdentityModel.JsonWebTokens from 8.16.0 to 8.17.0","user":"dependabot[bot]","labels":["dependencies",".NET"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-03-30T03:55:28.000Z","author_association":null,"state_reason":null,"created_at":"2026-03-30T03:55:13.000Z","updated_at":"2026-03-30T03:55:29.000Z","time_to_close":15,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"Microsoft.IdentityModel.JsonWebTokens","old_version":"8.16.0","new_version":"8.17.0","repository_url":"https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet"}],"path":null,"ecosystem":"nuget"},"body":"Updated [Microsoft.IdentityModel.JsonWebTokens](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet) from 8.16.0 to 8.17.0.\n\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\n_Sourced from [Microsoft.IdentityModel.JsonWebTokens's releases](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/releases)._\n\n## 8.17.0\n\n## Dependencies\n* Downgrade MicrosoftExtensionsLoggingAbstractionsVersion to 8.0.0 on .NET 10. See [PR #​3435](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3435).\n\n\nCommits viewable in [compare view](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.16.0...8.17.0).\n\u003c/details\u003e\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=Microsoft.IdentityModel.JsonWebTokens\u0026package-manager=nuget\u0026previous-version=8.16.0\u0026new-version=8.17.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/lookbusy1344/SqlDatabaseDump/pull/73","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/lookbusy1344%2FSqlDatabaseDump/issues/73","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/73/packages"},{"uuid":"4133916669","node_id":"PR_kwDOMhYNHM7NR7vT","number":236,"state":"open","title":"Bump Microsoft.IdentityModel.JsonWebTokens from 8.16.0 to 8.17.0","user":"dependabot[bot]","labels":["dependencies",".NET"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-03-25T09:25:37.000Z","updated_at":"2026-03-25T09:28:26.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"Microsoft.IdentityModel.JsonWebTokens","old_version":"8.16.0","new_version":"8.17.0","repository_url":"https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet"}],"path":null,"ecosystem":"nuget"},"body":"Updated [Microsoft.IdentityModel.JsonWebTokens](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet) from 8.16.0 to 8.17.0.\n\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\n_Sourced from [Microsoft.IdentityModel.JsonWebTokens's releases](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/releases)._\n\n## 8.17.0\n\n## Dependencies\n* Downgrade MicrosoftExtensionsLoggingAbstractionsVersion to 8.0.0 on .NET 10. See [PR #​3435](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3435).\n\n\nCommits viewable in [compare view](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.16.0...8.17.0).\n\u003c/details\u003e\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=Microsoft.IdentityModel.JsonWebTokens\u0026package-manager=nuget\u0026previous-version=8.16.0\u0026new-version=8.17.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/tndata/CloudDebugger/pull/236","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/tndata%2FCloudDebugger/issues/236","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/236/packages"},{"uuid":"4132740775","node_id":"PR_kwDOGnKBAc7NOjoR","number":115,"state":"closed","title":"Bump Microsoft.IdentityModel.JsonWebTokens and System.IdentityModel.Tokens.Jwt","user":"dependabot[bot]","labels":["dependencies",".NET"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":"2026-04-21T01:21:54.000Z","author_association":null,"state_reason":null,"created_at":"2026-03-25T05:46:46.000Z","updated_at":"2026-04-21T01:22:02.000Z","time_to_close":2316908,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"Microsoft.IdentityModel.JsonWebTokens","repository_url":"https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet"},{"name":"System.IdentityModel.Tokens.Jwt","repository_url":"https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet"}],"path":null,"ecosystem":"nuget"},"body":"Updated [Microsoft.IdentityModel.JsonWebTokens](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet) from 8.14.0 to 8.17.0.\n\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\n_Sourced from [Microsoft.IdentityModel.JsonWebTokens's releases](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/releases)._\n\n## 8.17.0\n\n## Dependencies\n* Downgrade MicrosoftExtensionsLoggingAbstractionsVersion to 8.0.0 on .NET 10. See [PR #​3435](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3435).\n\n\n## 8.16.0\n\n## New Features\n* Add telemetry around signature validation. See [PR #​3415](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3415) for details.\n\n## Fundamentals\n* Fix FileVersion format to use two-digit year and day of year. See [PR #​3389](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3389) for details.\n\n## 8.15.0\n\n## New Features\n- **Add ECDsa support in `X509SecurityKey` and `JsonWebKeyConverter.ConvertFromX509SecurityKey`**  \n  Extended `X509SecurityKey` and `JsonWebKeyConverter.ConvertFromX509SecurityKey` to support ECDSA keys.  \n  See PR [#​2377](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2377) for details.\n\n## Bug Fixes\n- **Sanitize logs to avoid leaking sensitive data**  \n  Updated logging to sanitize sensitive values, reducing the risk of inadvertently exposing secrets or PII in logs.  \n  See PR [#​3316](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3316) for details.\n- **Optimize log sanitization with `SearchValues`**  \n  Improved the performance of the log sanitization logic introduced earlier by using `SearchValues`, making sanitization more efficient in high-throughput scenarios.  \n  See PR [#​3341](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3341) for details.\n- **Update test for `IDX10400`**  \n  Adjusted the `IDX10400` test to align with the current behavior and error messaging.  \n  See PR [#​3314](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3314) for details.\n\n## Fundamentals\n- **Add supported algorithm tests**  \n  Added new tests to validate the set of supported cryptographic algorithms, increasing confidence in algorithm coverage and compatibility.  \n  See PR [#​3296](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3296) for details.\n- **Migrate repository agent rules from `.clinerules` to `agents.md`**  \n  Moved repository agent/AI-assist rules into markdown documentation to make them more visible and easier to maintain.  \n  See PR [#​3313](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3313) for details.\n- **Migrate `Microsoft.IdentityModel.TestExtensions` from Newtonsoft.Json to System.Text.Json**  \n  Updated `Microsoft.IdentityModel.TestExtensions` to use `System.Text.Json` instead of `Newtonsoft.Json`, aligning tests with the runtime serialization stack.  \n  See PR [#​3356](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3356) for details.\n- **Disable code coverage comments**  \n  Turned off automated code coverage comments on PRs to reduce noise while retaining coverage data elsewhere.  \n  See PR [#​3349](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3349) for details.\n- **Fix CodeQL alerts**  \n  Addressed CodeQL-reported issues to improve security posture and static analysis cleanliness.  \n  See PR [#​3364](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3364) for details.\n\n### .NET 10 / SDK and tooling updates\n- **Building with .NET 10 preview / RC 1**  \n  Updated the repository to build and test against .NET 10.0 preview/RC1, ensuring early compatibility with the upcoming runtime.  \n  See PRs [#​3287](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3287), [#​3357](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3357), and [#​3358](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3358) for details.\n- **Fix .NET 10 test execution consistency**  \n  Ensured consistent use of the `TargetNetNext` parameter across build, test, and pack phases so .NET 10.0 tests execute reliably.  \n  See PR [#​3337](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3337) for details.\n- **Update project files and workflows for .NET 10.0 compatibility**  \n  Adjusted project files and CI workflows to correctly target and run on .NET 10.0, including test and pack scenarios.  \n  See PR [#​3363](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3363) for details.\n- **Update .NET version to meet CG compliance**  \n  Updated the .NET version references to be compliant with corporate governance (CG) requirements.  \n  See PR [#​3353](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3353) for details.\n- **Update Coverlet collector and test SDK**  \n  - Bumped `CoverletCollectorVersion` to 6.0.4.  \n    See PR [#​3333](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3333) for details.  \n  - Upgraded `Microsoft.NET.Test.Sdk` to a newer version for improved test reliability and tooling support.  \n ... (truncated)\n\nCommits viewable in [compare view](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.14.0...8.17.0).\n\u003c/details\u003e\n\nUpdated [System.IdentityModel.Tokens.Jwt](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet) from 8.14.0 to 8.17.0.\n\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\n_Sourced from [System.IdentityModel.Tokens.Jwt's releases](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/releases)._\n\n## 8.17.0\n\n## Dependencies\n* Downgrade MicrosoftExtensionsLoggingAbstractionsVersion to 8.0.0 on .NET 10. See [PR #​3435](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3435).\n\n\n## 8.16.0\n\n## New Features\n* Add telemetry around signature validation. See [PR #​3415](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3415) for details.\n\n## Fundamentals\n* Fix FileVersion format to use two-digit year and day of year. See [PR #​3389](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3389) for details.\n\n## 8.15.0\n\n## New Features\n- **Add ECDsa support in `X509SecurityKey` and `JsonWebKeyConverter.ConvertFromX509SecurityKey`**  \n  Extended `X509SecurityKey` and `JsonWebKeyConverter.ConvertFromX509SecurityKey` to support ECDSA keys.  \n  See PR [#​2377](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2377) for details.\n\n## Bug Fixes\n- **Sanitize logs to avoid leaking sensitive data**  \n  Updated logging to sanitize sensitive values, reducing the risk of inadvertently exposing secrets or PII in logs.  \n  See PR [#​3316](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3316) for details.\n- **Optimize log sanitization with `SearchValues`**  \n  Improved the performance of the log sanitization logic introduced earlier by using `SearchValues`, making sanitization more efficient in high-throughput scenarios.  \n  See PR [#​3341](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3341) for details.\n- **Update test for `IDX10400`**  \n  Adjusted the `IDX10400` test to align with the current behavior and error messaging.  \n  See PR [#​3314](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3314) for details.\n\n## Fundamentals\n- **Add supported algorithm tests**  \n  Added new tests to validate the set of supported cryptographic algorithms, increasing confidence in algorithm coverage and compatibility.  \n  See PR [#​3296](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3296) for details.\n- **Migrate repository agent rules from `.clinerules` to `agents.md`**  \n  Moved repository agent/AI-assist rules into markdown documentation to make them more visible and easier to maintain.  \n  See PR [#​3313](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3313) for details.\n- **Migrate `Microsoft.IdentityModel.TestExtensions` from Newtonsoft.Json to System.Text.Json**  \n  Updated `Microsoft.IdentityModel.TestExtensions` to use `System.Text.Json` instead of `Newtonsoft.Json`, aligning tests with the runtime serialization stack.  \n  See PR [#​3356](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3356) for details.\n- **Disable code coverage comments**  \n  Turned off automated code coverage comments on PRs to reduce noise while retaining coverage data elsewhere.  \n  See PR [#​3349](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3349) for details.\n- **Fix CodeQL alerts**  \n  Addressed CodeQL-reported issues to improve security posture and static analysis cleanliness.  \n  See PR [#​3364](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3364) for details.\n\n### .NET 10 / SDK and tooling updates\n- **Building with .NET 10 preview / RC 1**  \n  Updated the repository to build and test against .NET 10.0 preview/RC1, ensuring early compatibility with the upcoming runtime.  \n  See PRs [#​3287](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3287), [#​3357](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3357), and [#​3358](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3358) for details.\n- **Fix .NET 10 test execution consistency**  \n  Ensured consistent use of the `TargetNetNext` parameter across build, test, and pack phases so .NET 10.0 tests execute reliably.  \n  See PR [#​3337](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3337) for details.\n- **Update project files and workflows for .NET 10.0 compatibility**  \n  Adjusted project files and CI workflows to correctly target and run on .NET 10.0, including test and pack scenarios.  \n  See PR [#​3363](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3363) for details.\n- **Update .NET version to meet CG compliance**  \n  Updated the .NET version references to be compliant with corporate governance (CG) requirements.  \n  See PR [#​3353](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3353) for details.\n- **Update Coverlet collector and test SDK**  \n  - Bumped `CoverletCollectorVersion` to 6.0.4.  \n    See PR [#​3333](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3333) for details.  \n  - Upgraded `Microsoft.NET.Test.Sdk` to a newer version for improved test reliability and tooling support.  \n ... (truncated)\n\nCommits viewable in [compare view](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.14.0...8.17.0).\n\u003c/details\u003e\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/NosCoreIO/NosCore.Networking/pull/115","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/NosCoreIO%2FNosCore.Networking/issues/115","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/115/packages"},{"uuid":"4003951009","node_id":"PR_kwDORa3tkc7G-Wmh","number":14,"state":"closed","title":"nuget: Bump Microsoft.IdentityModel.JsonWebTokens from 8.0.1 to 8.16.0","user":"dependabot[bot]","labels":[],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":"2026-03-24T22:38:52.000Z","author_association":null,"state_reason":null,"created_at":"2026-02-28T05:29:00.000Z","updated_at":"2026-03-24T22:38:55.000Z","time_to_close":2135392,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"nuget: Bump","packages":[{"name":"Microsoft.IdentityModel.JsonWebTokens","old_version":"8.0.1","new_version":"8.16.0","repository_url":"https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet"}],"path":null,"ecosystem":"nuget"},"body":"Updated [Microsoft.IdentityModel.JsonWebTokens](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet) from 8.0.1 to 8.16.0.\n\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\n_Sourced from [Microsoft.IdentityModel.JsonWebTokens's releases](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/releases)._\n\n## 8.16.0\n\n## New Features\n* Add telemetry around signature validation. See [PR #​3415](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3415) for details.\n\n## Fundamentals\n* Fix FileVersion format to use two-digit year and day of year. See [PR #​3389](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3389) for details.\n\n## 8.15.0\n\n## New Features\n- **Add ECDsa support in `X509SecurityKey` and `JsonWebKeyConverter.ConvertFromX509SecurityKey`**  \n  Extended `X509SecurityKey` and `JsonWebKeyConverter.ConvertFromX509SecurityKey` to support ECDSA keys.  \n  See PR [#​2377](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2377) for details.\n\n## Bug Fixes\n- **Sanitize logs to avoid leaking sensitive data**  \n  Updated logging to sanitize sensitive values, reducing the risk of inadvertently exposing secrets or PII in logs.  \n  See PR [#​3316](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3316) for details.\n- **Optimize log sanitization with `SearchValues`**  \n  Improved the performance of the log sanitization logic introduced earlier by using `SearchValues`, making sanitization more efficient in high-throughput scenarios.  \n  See PR [#​3341](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3341) for details.\n- **Update test for `IDX10400`**  \n  Adjusted the `IDX10400` test to align with the current behavior and error messaging.  \n  See PR [#​3314](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3314) for details.\n\n## Fundamentals\n- **Add supported algorithm tests**  \n  Added new tests to validate the set of supported cryptographic algorithms, increasing confidence in algorithm coverage and compatibility.  \n  See PR [#​3296](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3296) for details.\n- **Migrate repository agent rules from `.clinerules` to `agents.md`**  \n  Moved repository agent/AI-assist rules into markdown documentation to make them more visible and easier to maintain.  \n  See PR [#​3313](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3313) for details.\n- **Migrate `Microsoft.IdentityModel.TestExtensions` from Newtonsoft.Json to System.Text.Json**  \n  Updated `Microsoft.IdentityModel.TestExtensions` to use `System.Text.Json` instead of `Newtonsoft.Json`, aligning tests with the runtime serialization stack.  \n  See PR [#​3356](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3356) for details.\n- **Disable code coverage comments**  \n  Turned off automated code coverage comments on PRs to reduce noise while retaining coverage data elsewhere.  \n  See PR [#​3349](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3349) for details.\n- **Fix CodeQL alerts**  \n  Addressed CodeQL-reported issues to improve security posture and static analysis cleanliness.  \n  See PR [#​3364](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3364) for details.\n\n### .NET 10 / SDK and tooling updates\n- **Building with .NET 10 preview / RC 1**  \n  Updated the repository to build and test against .NET 10.0 preview/RC1, ensuring early compatibility with the upcoming runtime.  \n  See PRs [#​3287](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3287), [#​3357](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3357), and [#​3358](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3358) for details.\n- **Fix .NET 10 test execution consistency**  \n  Ensured consistent use of the `TargetNetNext` parameter across build, test, and pack phases so .NET 10.0 tests execute reliably.  \n  See PR [#​3337](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3337) for details.\n- **Update project files and workflows for .NET 10.0 compatibility**  \n  Adjusted project files and CI workflows to correctly target and run on .NET 10.0, including test and pack scenarios.  \n  See PR [#​3363](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3363) for details.\n- **Update .NET version to meet CG compliance**  \n  Updated the .NET version references to be compliant with corporate governance (CG) requirements.  \n  See PR [#​3353](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3353) for details.\n- **Update Coverlet collector and test SDK**  \n  - Bumped `CoverletCollectorVersion` to 6.0.4.  \n    See PR [#​3333](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3333) for details.  \n  - Upgraded `Microsoft.NET.Test.Sdk` to a newer version for improved test reliability and tooling support.  \n ... (truncated)\n\n## 8.14.0\n\n8.14.0\n====\n## Bug Fixes\n- Switch back to use `ValidationResult` instead of `OperationResult` when validating a token in a new experimental validation flow. Additionally removed the dependency on Microsoft.IdentityModel.Abstractions. See [#​3299](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3299) for details.\n\n## 8.13.1\n\n8.13.1\n====\n## Dependencies\nMicrosoft.IdentityModel now depends on Microsoft.Identity.Abstractions 9.3.0\n\n## Bug Fixes\n- Fixed a decompression failure happening for large JWE payloads. See [#​3286](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3286) for details.\n\n### Work related to redesign of IdentityModel's token validation logic [#​2711](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2711)\n- Update the validation methods to return Microsoft.Identity.Abstractions.OperationResult. See [#​3284](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3284) for details.\n\n8.13.0\n\n## 8.13.0\n\n8.13.0\n====\n### Fundamentals\n- `CaseSensitiveClaimsIdentity.SecurityToken` setter is now protected internal (was internal). See PR [#​3278](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3278) for details.\n- Update .NET SDK version to 9.0.108 used when building or running the code. See PR [#​3274](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3274) for details.\n- Update RsaSecurityKey.cs to replace the Pkcs1 padding by Pss from HasPrivateKey check. See [#​3280](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3280) for details.\n\n## What's Changed\n* Make CaseSensitiveClaimsIdentity.SecurityToken setter protected by @​keegan-caruso in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3278\n* Update .NET SDK version in global.json from 9.0.107 to 9.0.108 by @​Copilot in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3274\n* Update RsaSecurityKey.cs to remove Pkcs 1 by @​keegan-caruso in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3280\n* changelog for 8.13 by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3282\n\n## New Contributors\n* @​Copilot made their first contribution in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3274\n\n**Full Changelog**: https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.12.1...8.13.0\n\n## 8.12.1\n\n8.12.1\n====\n### Fundamentals\n- Update .NET SDK version to 9.0.107 used when building or running the code. See [#​3263](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3263) for details.\n- To keep our experimental code separate from production code, all files associated with experimental features have been moved to the Experimental folders. See PR [#​3261](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3261) for details.\n- Experimental code leaked into TokenValidationResult from early prototypes. See PR [#​3259](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3259) for details.\n\n## What's Changed\n* Remove experimental code from TokenValidationResult by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3259\n* Moved files to experimental folder by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3261\n* Update global.json to latest by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3263\n\n\n**Full Changelog**: https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.12.0...8.12.1\n\n## 8.12.0\n\n8.12.0\n====\n\n## New Features\n- **Enhance ConfigurationManager with event handling**  \n  Added event handling capabilities to the `ConfigurationManager`, enabling consumers to subscribe to configuration change events. This enhancement improves extensibility and allows more responsive applications. For details see [#​3253](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3253)  \n\n## Bug Fixes\n- **Add expected Base64UrlEncoder.Decode overload for NET6 and 8**  \n  Introduced the expected overload of `Base64UrlEncoder.Decode` for .NET 6 and 8, ensuring compatibility and preventing missing method issues on these frameworks.  \n  For details see [#​3249](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3249)  \n\n## Fundamentals\n- **Add AI assist rules**  \n  Incorporated AI assist rules to enhance AI agents effectiveness.  \n  For details see [#​3255](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3255)  \n- **Update PublicApiAnalyzers and BannedApiAnalyzers to 4.14.0**  \n  Upgraded analyzer packages for improved diagnostics and code consistency (in particular delegates are added).  \n  For details see [#​3256](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3256)  \n- **Move suppression of RS006 to csproj**  \n  Centralized suppression of RS006 warnings in project files for easier management.  \n  For details see [#​3230](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3230)\n\n## What's Changed\n* Move suppression of RS006 to csproj. by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3230\n* Add expected Base64UrlEncoder.Decode overload for NET6 and 8 by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3250\n* add ai assist rules by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3255\n* Enhance ConfigurationManager with event handling by @​GeoK in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3254\n* Update PublicApiAnalyzers and BannedApiAnalyzers to 4.14.0 by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3256\n* Update CHANGELOG.md for 8.12.0 by @​jmprieur in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3258\n\n\n**Full Changelog**: https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.11.0...8.12.0\n\n## 8.11.0\n\n8.11.0\n=====\n## New Features:\n- Microsoft.IdentityModel now exposes the AadIssuerValidator factory method publicly to enable caching functionality for AadIssuerValidator instances. See issue [#​3245](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3245) for details.\n- Added a new public async API: `JsonWebTokenHandler.DecryptTokenWithConfigurationAsync`, which decrypts a JWE token using keys from either `TokenValidationParameters` or, if not present, from configuration (such as via a ConfigurationManager). This enhancement improves developer experience by enabling asynchronous, cancellation-aware JWE decryption scenarios, aligning with modern .NET async patterns and making integration with external key/configuration sources more robust and observable. See PR [#​3243](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3243) for details.\n\n## What's Changed\n* few updates by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3242\n* Changelog for 8.10.0 by @​sruke in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3241\n* Exposes publicly override of AadIssuerValidator factory taking a delegate by @​jmprieur in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3244\n* update current version to 8.10.0 by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3246\n* Add DecryptTokenWithConfiguration API by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3243\n* changelog for 8.11 by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3248\n\n\n**Full Changelog**: https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.10.0...8.11.0\n\n## 8.10.0\n\n8.10.0\n=====\n## Bug Fixes\n- Corrected casing of the Type attribute in SubjectConfirmationData. See [#​3206](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3206).\n- Removed Microsoft.Bcl.Memory dependency for pre-.NET 9.0 targets. See [#​3220](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/commit/33784b8ec0ff4300efad788535f90b3adc5bdfd1).\n- Aligned Microsoft.Extensions.Logging.Abstractions version to 8.0.0 for .NET 9 to match other targets. See [#​3226](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/commit/793bd34e945eb8ba7528cf87c4a29a29c4704a65).\n\n## Fundamentals\n- Introduced Long-Term Support (LTS) policy. See [#​3228](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/commit/946bec18cdeb26b8133a04e8c056dd5f17588f89) and [#​3232](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/commit/14842aedb3d57c32b9ce784061cd9beccbdd1eb1).\n\n## 8.9.0\n\n8.9.0\n=====\n## Bug Fixes\n- syncAfter has been updated to preserve UTC information, addressing a bug where GetConfigurationAsync does not refresh configuration in ConfigurationManager. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3213.\n- Fixed a null reference issue in KeyInfo. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3203.\n\n## New Features\n- Introduced a new delegate for reading custom token payload values on JsonWebToken. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2981.\n- Added an overload for ReadJsonWebToken to take a ReadOnlyMemory. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3205.\n\n## Fundamentals\n- Utilized IList to avoid enumerator allocation during audience validation. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3204.\n\n## 8.8.0\n\n8.8.0\n=====\n## New Features\n- Adds the ability for the metadata refresh to be done as a blocking call, as per 8.0.1 behavior. This is done through the `Switch.Microsoft.IdentityModel.UpdateConfigAsBlocking` switch. If set, configuration calls will be blocking when metadata is updated, otherwise, if token arrive with a new signing keys, validation errors will be returned to the caller. See PR [#​3193](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3193) for details.\n- Identity.Model updates some log and error messages (IDX10214, IDX10215). If the information is needed for debugging purposes, it can be reverted via the `Switch.Microsoft.IdentityModel.DoNotScrubExceptions` AppContextSwitch. See PR [#​3195](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3195) and https://aka.ms/identitymodel/app-context-switches for details.\n- Change all plain object locks to `System.Thread.Lock` objects for .NET 9 or greater. See PRs [#​3185](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3185) and [#​3189](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3189) for details.\n\n\n## 8.7.0\n\n## Bug Fixes\n- Add back internal methods `IsRecoverableException` and `IsRecoverableExceptionType` whose signatures were changed in the previous version. See [#​3181](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3181).\n\n## New Features\n- Make `Cnf` class public and move it to Microsoft.IdentityModel.Tokens package. See [#​3165](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3165).\n\n## What's Changed\n* Post Release 8.6.1 cleanup  by @​mdchennu in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3160\n* Updates CodeQL.yaml to exclude test files by @​sruke in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3163\n* Adds explanation for CodeQL warnings by @​sruke in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3167\n* Fix typo by @​rstm-sf in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3175\n* Need to change the locks by @​JoshLozensky in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3171\n* Move CNF from SHR to M.IM.Tokens by @​keegan-caruso in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3168\n* Add back IsRecoverableException methods. by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3183\n* Revert \"Need to change the locks\" by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3186\n* 8.7.0 changelog by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3184\n\n## New Contributors\n* @​rstm-sf made their first contribution in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3175\n\n**Full Changelog**: https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.6.1...8.7.0\n\n## 8.6.1\n\n8.6.1\n=====\n## Bug fix\n- Microsoft.IdentityModel now triggers a configuration refresh if token decryption fails. See issue [#​3148](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3148) for details.\n- Fix a bug in `JsonWebTokenHandler` where `JwtTokenDecryptionParameters`'s `Alg` and `Enc` were not set during token decryption, causing `IDX10611` and `IDX10619` errors to show null values in the messages. See issue [#​3003](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3003) for details.\n\n## Fundamentals\n- For development, IdentityModel now has a global.json file to specify the .NET SDK version. See issue [#​2995](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2995) for details.\n\n## What's Changed\n* Update version.props to next version by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3145\n* Update the public API shipped files by @​jmprieur in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3146\n* Add global.json file by @​mdchennu in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3153\n* Trigger metadata refresh for token decryption errors by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3149\n* Populate error messages correctly from JwtTokenUtilities.DecryptJwtToken by @​ksaaf in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3152\n* first changelog update by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3156\n\n## New Contributors\n* @​mdchennu made their first contribution in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3153\n* @​ksaaf made their first contribution in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3152\n\n**Full Changelog**: https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.6.0...8.6.1\n\n## 8.6.0\n\n8.6.0\n=====\n## New Features\n- TokenValidationParameters has a new boolean property `TryAllDecryptionKeys` that let you choose whether to try all decrypt keys when no key matches the token decrypt key IDs. By default it's set to **true** (legacy behavior) but you can set it to false to avoid tyring all keys which is more performant. See [#​3128](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3128)\n- Promote KeyInfo.MatchesKey from internal to protected internal virtual to enable SAML extensibility (for CoreWcf). See [#​3140](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3140)\n\n## Fundamentals\n* Update dependency on Microsoft.Extensions.Logging.Abstractions from 9.0.0 to 8.0.2 to avoid package downgrade in apps on .NET 9 using a netstandard2.0 library referencing logging.abstractions. See [3143](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3143)\n* Add more tests for encrypted tokens. See [#​3139](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3139)\n\n## What's Changed\n* Update CHANGELOG.md by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3133\n* Update version.props to next version by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3137\n* Add TryAllDecryptionKeys flag to whether decrypt if no key IDs match by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3128\n* Change KeyInfo.MatchesKey from internal to protected internal virtual. by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3140\n* Fix #​3112 by @​jmprieur in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3143\n* Add more auto-decryption related tests by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3139\n* Update changelog.md for 8.6.0 by @​jmprieur in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3144\n\n\n**Full Changelog**: https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.5.0...8.6.0\n\n## 8.5.0\n\n8.5.0\n=====\n## Reverting previous breaking change\n- The Configuration Manager has been reverted to version 8.3.1. The changes made in 8.4.0 assume the configuration manager is used as a singleton, which is similar to marking the type as disposable. We have since learned that [adding IDisposable is a breaking change](https://learn.microsoft.com/en-us/dotnet/fundamentals/runtime-libraries/system-idisposable), so we are following [semver guidance](https://semver.org/#what-do-i-do-if-i-accidentally-release-a-backward-incompatible-change-as-a-minor-version) and reverting and releasing a minor version (8.5.0).\n- Cherry-picked Changes: Included changes from PR [#​3022](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3022) and [#​3104](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3104).\n\n## What's Changed\n* Update version.props by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3126\n* fix formatting error by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3134\n* Revert configuration manager to 8.3.1 by @​keegan-caruso in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3132\n\n\n**Full Changelog**: https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.4.0...8.5.0\n\n## 8.4.0\n\n8.4.0\n=====\n## New Features\n- App context switch allows blocking or non-blocking calls for configuration. See PR [#​3106](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3106) for details and issue [#​3082](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3082) for details. If you are not using the ConfigurationManager as a singleton and not using the blocking option, you may need to call ShutdownBackgroundTask() to stop the background task to avoid leaking Tasks.\n- IdentityModel now enables symmetric and asymmetric keys to be created publicly with JWK. See [#​3094](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3094) for details.\n- IdentityModel now allows specifying the HTTP protocol version and version policy. See [#​2808](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2808) for details.\n\n## Repair items\n- Add request count and duration telemetry for configuration requests. See [#​3022](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3022) for details.\n- `KeyID` should be present in exception messages and is no longer PII. See [#​3104](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3104) for details.\n\n## Fundamentals\n- Fix spelling issues in xml comments. See [#​3117](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3117) for details.\n- Fix comment coverage in PR builds. See [#​3079](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3079) for details.\n\n### Work related to redesign of IdentityModel's token validation logic [#​2711](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2711)\n- See [#​3056](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3056). [#​3100](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3100), [#​3017](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3107), and [#​3111](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3111).\n- Add internal virtual on TokenHandler. See [#​3084](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3084) for details.\n\n* @​prochnowc made their first contribution in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2809\n\n## 8.3.1\n\n8.3.1\n=====\n## Bug Fixes\n* Respect TVP.RequireAudience when set to false. See [#​3055](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3055)\n* For net4.6.2 select RSACng for PSS support. See [#​3097](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3097)\n* Fix package downgrade in consuming libraries. See[#​3062](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3062)\n* Fix integer overflow in `AuthenticationEncryptionProvider.cs`. See [#​3063](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3063)\n\n## Fundamentals\n* Removed unused property on JsonWebToken ClaimsIdentity. See [#​3071](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3071) for details.\n* Upgrade to C# 13. See [#​2998](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2998)\n* Use new Base64Url API. See [#​22817](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2817)\n* Add warning quality check. See [#​3067](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3067)\n* Update dotnet actions. see [#​3074](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3074)\n* Fix warnings. See [#​3081](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3081)\n* Test updates in JsonWebToken. See [#​3080](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3080).\n\n### Work related to redesign of IdentityModel's token validation logic [#​2711](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2711)\n- [#​3027](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3027), [#​3028](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3028), [#​3051](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3051), [#​3054](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3054)\n\n## What's Changed\n* Update CHANGELOG.md by @​jmprieur in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3053\n* Extensibility tests: Audience - JWT, SAML and SAML2 by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3027\n* Extensibility tests: Lifetime - JWT, SAML and SAML2 by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3028\n* Implement lazy ClaimsIdentity creation from ValidatedToken on SAML and SAML2 on the new validation model by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3051\n* Add logging to the new validation model by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3054\n* update version by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3057\n* lower version to avoid downgrades. by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3058\n* Respect TVP.RequireAudience when set to false by @​kllysng in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3055\n* Fix package downgrade in consuming libraries by @​jmprieur in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3062\n* Add slnf for running perf and stress tests by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3066\n* Add Warning Quality Check Build Task 🔨 by @​kllysng in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3067\n* Update template-Build-run-tests-sign.yml by @​ciaozhang in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3069\n* Removed unused property on JsonWebToken by @​keegan-caruso in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3072\n* Update setup dotnet actions by @​keegan-caruso in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3074\n* fixed #​2983 and re-add code coverage comments to PRs by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3076\n* Remove duplicate keyid into var keysAttempted by @​bdapoigny in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2899\n* Upgrade to C# 13 by @​westin-m in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2998\n* Use new Base64Url API by @​msbw2 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2817\n* Update common.props by @​ciaozhang in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3078\n* fix warnings by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3081\n* Fixed integer overflow in AuthenticatedEncryptionProvider.cs by @​gparametr in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3063\n* Test updates by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3080\n* For net4.6.2 select RSACng for PSS support. by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3085\n* changelog for 8.3.1 by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3098\n\n## New Contributors\n* @​bdapoigny made their first contribution in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2899\n* @​gparametr made their first contribution in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3063\n\n ... (truncated)\n\n## 8.3.0\n\n## New features\n\n### Work related to redesign of IdentityModel's token validation logic [#​2711](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2711)\n* SAML and SAML2 new model validation: Token Replay. See [#​2994](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2994)\n* Extensibility tests: Token Type - JWT ([#​3030](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3030)), Issuer - SAML and SAML2 ([#​3026](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3026)), Algorithm and Signature - JWT, SAML and SAML2 ([#​3034](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3034)), Token Replay - JWT, SAML and SAML2 ([#​3032](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3032)),  Issuer signing key - JWT, SAML and SAML2 ([#​3029](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/302))\n* Avoid code duplication in extensibility testing. See [#​3041](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3041)\n* Extensibility Testing: Refactor. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3011\n* Remove duplicate code in extensibility tests. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3044\n\n## Bug fixes\n* Fix bug with AadIssuerValidator. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3042\n* Fixed SignedHttpRequest flaky test. See [#​3037](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3037)\n \n## Fundamentals\n* Install all .NET versions in pipeline to fix run tests task. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3018\n* Changelog for 8.2.1. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3009\n* Remove unnecessary AoT test project. See in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3045\n* Fix powershell script for nuget update. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3046\n* Update to next version. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3010\n* Disable Coverage PR comments. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3048\n* Updates GitHub Action to support long paths, See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3049\n* Stack parameters to improve reading of code. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3031\n\n## New Contributors\n* @​ssmelov made their first contribution in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3042\n\n**Full Changelog**: https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.2.1...8.3.0\n\n## 8.2.1\n\n8.2.1\n=====\n### New features\n- Update to use .NET 9 GA. See [2990](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2990).\n\n### Bug fixes\n- Remove dependency on Microsoft.Bcl.TimeProvider for .NET 8+ targets. See [2935](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2935).\n- Update cgmanifest to align with the JSON schema. See [2969](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2969).\n\n### Fundamentals\n- Streamline token creation in `SecurityTokenDescriptor`. See [2993](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2993).\n- Prevent inlining to guarantee stack frames in test. See [2999](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2999).\n\n### Work related to redesign of IdentityModel's token validation logic [#​2711](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2711)\n- Simplify stack frame caching. See [2976](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2976).\n- Implement reading SAML and SAML2 tokens. See [2980](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2980).\n- Implement validating SAML signature. See [2950](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2950).\n- Add tests for `IssuerExtensibility`. See [2987](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2987).\n- Add validation for SAML and SAML2 issuer signing key. See [2965](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2965).\n- Add validation for SAML and SAML2 algorithm. See [2984](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2984).\n\n## What's Changed\n* Microsoft.Rest.ClientRuntime has been deprecated, which results in so… by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2970\n* Update to next version after 8.2.0 release by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2975\n* Consolidating test statics by @​trwalke in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2956\n* New token validation model: Simplify stack frame caching by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2976\n* Remove dependency on Microsoft.Bcl.TimeProvider for .NET 8+ targets by @​filipnavara in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2935\n* Update cgmanifest to align with the JSON schema by @​jeffhandley in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2969\n* SAML and SAML2 new model validation: Read Token by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2980\n* SAML2 new model validation: Signature by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2961\n* JsonWebTokenHandler IssuerExtensibility by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2987\n* SAML and SAML2 new model validation: Issuer Signing Key by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2965\n* Ignore AotCompatibilityTests on ADO by @​jmprieur in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2992\n* SAML and SAML2 new model validation: Algorithm by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2984\n* Use SecurityTokenDescriptor when creating tokens by @​msbw2 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2991\n* Prevent inlining to guarantee stack frames in test by @​westin-m in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3002\n* Update to .NET 9 GA. Update some test dependencies. by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2990\n* Add Abstractions.Tests to strong name bypass file. by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3004\n\n## New Contributors\n* @​jeffhandley made their first contribution in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2969\n\n**Full Changelog**: https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.2.0...8.2.1\n\n## 8.2.0\n\n8.2.0\n=====\n### Fundamentals\n- Update System.Text.Json to 8.0.5 CVE-2024-43485. See [2892](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2892).\n- Using FixedTimeEquals in NETCore targets. See [2857](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2857).\n- Updated .NET 9 to RC 2 [2898](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2898).\n- Adds ability to create token without kid [2968](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2968)\n- Enables code coverage in PRs [2946](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2946)\n- Various test improvements:\n- [#​2953](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2953)\n- [#​2955](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2955)\n- [#​2951](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2951)\n- [#​2952](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2952)\n- [#​2947](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2947)\n\n### Work related to redesign of IdentityModel's token validation logic [#​2711](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2711)\n- Validates Audience for SAML2TokenHandler with New Model [2863](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2863)\n- Improvements to AudienceValidation [2902](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2902)\n- Added properties to ValidationResult [2923](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2923)\n- Implements Audience and Lifetime validations in SamlSecurityTokenHandler [2925](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2925)\n- Implements Issuer validation in SamlSecurityTokenHandler [2948](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2948)\n\n## What's Changed\n* update to next version by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2890\n* Use FixedTimeEquals in NETCore targets  by @​westin-m in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2857\n* Update System.Text.Json to 8.0.5 CVE-2024-43485 by @​msbw2 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2892\n* Update .NET 9 to RC 2 by @​msbw2 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2898\n* Validate Audience for SAML2TokenHandler with New Model by @​FuPingFranco in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2863\n* Regression tests: Issuer by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2868\n* Mark Wilson APIs as Shipped by @​westin-m in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2903\n* Add Tests for Lifetime Validation Using New Validation Model For SAML2 by @​FuPingFranco in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2906\n* Suggested changes to AudienceValidation by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2902\n* Extensibility tests: Audience by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2861\n* Added properties to ValidationResult without throwing by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2923\n* Extensibility tests: Lifetime by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2867\n* Regression tests: Issuer signing key by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2927\n* Do not serialize CaseSensitiveClaimsIdentity.SecurityToken. by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2896\n* Fix typo by @​westin-m in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2894\n* Implement and Test Audience and Lifetime validations in SamlSecurityTokenHandler with New Validation Model by @​FuPingFranco in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2925\n* Fix Flaky Tests: NameAndRoleClaimDelegates and RoleClaims by @​kellyyangsong in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2873\n* Regression tests: Signature by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2930\n* Validate Issuer Using New Validation Model in Saml2SecurityTokenHandler by @​FuPingFranco in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2929\n* Fix builds on macOS / Linux using the build.sh script by @​filipnavara in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2937\n* Regression tests: Algorithm by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2934\n* Regression tests: Token Type by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2932\n* Regression tests: Token Replay by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2931\n* Fix DevEx and IDDP builds such that when building internally, use an internal Nuget feed instead of nuget.org by @​kellyyangsong in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2936\n* Restore PopKeyResolvingTests.GetPopKeysFromJkuAsync by @​kellyyangsong in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2947\n* Restore skipped test: ReferenceCountingTest_MultiThreaded by @​kellyyangsong in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2952\n* Restore EnsureAotCompatibility test by @​kellyyangsong in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2951\n ... (truncated)\n\n## 8.1.2\n\n## What's Changed\n\n### Bug fixes\n\n* CaseSensitiveClaimsIdentity.Clone() now returns a `CaseSensitiveClaimsIdentity` as expected, by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2879\n* Multiple unused and unusable (for the moment) public APIs were removed. These were introduced by mistake leaking from the work done on logging and exception handling, by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2888\n\n### Fundamentals\n* Enabled PublicApiAnalyzers to better understand and trace changes to the public API, by @​keegan-caruso in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2782\n\n\n**Full Changelog**: https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.1.1...8.1.2\n\n## 8.1.1\n\n8.1.1\n=====\n### Bug fixes\n- Fix bug where ConfigurationManager was updating keys too frequently. See [2866](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2866) for details.\n\n## What's Changed\n* Rename validation delegates by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2847\n* Remove TransformBeforeSignatureValidationDelegate from ValidationParameters by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2848\n* Add disable discovery enumeration = true to all theory tests by @​kellyyangsong in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2849\n* Make CaseSensitiveClaimIdentity serializable by @​kellyyangsong in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2850\n* Remove Obsolete BinaryFormatter  by @​kellyyangsong in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2851\n* Refactor ValidateConditions in Saml2SecurityTokenHandler by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2855\n* Set custom BenchmarkDotNetconfig as default by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2852\n* Regression tests: Audience by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2838\n* Fix ValidateJsonWebTokenClaimMapping Flaky Test 🐞 by @​kellyyangsong in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2859\n* update current version by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2862\n* Regression tests: Lifetime by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2839\n* Rename ResolveTokenDecryptionKeyDelegate to DecryptionKeyResolverDelegate by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2869\n* Set internal _syncAfter using only AutomaticRefreshInterval. by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2865\n* 8.1.1 Changelog by @​kellyyangsong in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2864\n* Adjust for RefreshInterval not influencing AutomaticRefreshInterval. by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2870\n\n\n**Full Changelog**: https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.1.0...8.1.1\n\n## 8.1.0\n\n8.1.0\n=====\n### Performance improvements\n- Improves performance during issuer validation by replacing string comparison with span comparison. See PR [#​2826](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2826).\n\n### New features\n- Add optional check to prevent using keys that are shared across multiple clouds. See issue [#​2832](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2832) for details.\n\n### Bug fixes\n- JsonWebTokenHandler would only return unwrapped keys if there was no errors. This change is to align with the behavior in JwtSecurityTokenHandler, that is it returns the keys that were able to be unwrapped, and only throw if no keys were able to be unwrapped. See issue [#​2695](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2695) for details.\n\n### Fundamentals\n- Fix flaky tests. See [#​2793](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2793) for details.\n- Update XUnit versoin and fix test warnings due to new XUnit analyzers. See PR [#​2796](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2796) for details.\n- Onhboard to code coverage in ADO. See PR [#​2798](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2798).\n- Use `IsTargetFrameworkCompatible(*)` so AOT is forward-compatible with .NET 9 and beyond. See PR [#​2790](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2790) for details.\n- Fix a merge conflict impacting dev. See PR [#​2819](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2819).\n- Defining the following attribute in multiple assemblies (.Tokens, .Logging) causes an internal error.\n[DynamicallyAccessedMembers(DynamicallyAccessedMemberTypes.PublicConstructors)]. See PR [#​2820](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2820).\n- Remove perl dependency. See PR [#​2830](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2830).\n\n### Work related to redesign of IdentityModel's token validation logic [#​2711](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2711)\n- [#​2794](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2794)\n- [#​2800](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2800)\n- [#​2810](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2810)\n- [#​2811](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2811)\n- [#​2816](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2816)\n- [#​2822](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2822)\n- [#​2815](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2815)\n- [#​2818](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2818)\n- [#​2813](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2813)\n- [#​2827](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2827)\n\n## What's Changed\n* changelog 8.0.2 by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2792\n* Update version.props to 8.0.2 by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2791\n* Fix Async Issue in Extensibility Tests by @​FuPingFranco in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2795\n* Update xUnit version and fix test warnings by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2796\n* ValidateTokenAsync - New Path: Refactor result types by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2794\n* Onboard to code coverage in ADO by @​keegan-caruso in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2798\n* Exception refinement: Adding additional information by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2800\n* Add initial regression tests for the new validation path by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2810\n* Use IsTargetFrameworkCompatible() by @​martincostello in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2790\n* Regression tests: Added inner exception detail and invalid signature failure due to invalid algorithm used by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2811\n* Return unwrapped keys if able by @​keegan-caruso in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2812\n* New token validation path: Renamed result types by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2816\n* Fix merge conflict by @​msbw2 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2819\n* Removed attribute that causes issues with internal builds. by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2820\n* Add missing exception type to ValidationError -\u003e GetException() by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2822\n* Regression testing: Add JWE use cases by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2815\n ... (truncated)\n\n## 8.0.2\n\n8.0.2\n=====\n\n### Security fundamentals\n- Add `BannedApiAnalyzers` to prevent use of `ClaimsIdentity` constructors. See PR [#​2778](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2778) for details.\n\n### Bug fixes\n- IdentityModel now allows the JWT payload to be an empty string. See issue [#​2656](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2656) for details.\n- Cache `UseRfcDefinitionOfEpkAndKid` switch. See PR [#​2747](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2747) for details.\n- Method was named `DoNotFailOnMissingTid` in 7x and `DontFailOnMissingTid` in 8x, adding the method for back compat. See issue [#​2750](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2750) for details.\n- Metadata is now updated on a background thread. See [#​2780](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2780) for details.\n- `JsonWebKeySet` stores the original string it was created with. See PR [#​2755](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2755) for details.\n- Restore AOT compatibility. See [#​2711](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2711).\n- Fix OpenIdConnect parsing bug. See [#​2772](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2772) for details.\n- Remove the lock on creating a `SignatureProvider`. See [#​2788](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2788) for details.\n\n### Fundamentals\n- Test clean up [#​2742](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2742).\n- Use only FxCop in .NET framework targets [#​2693](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2693).\n- Add rule to add file headers automatically [#​2748](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2748).\n- Code analysis updates [#​2746](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2746).\n- Include README packages in NuGet [#​2752](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2752).\n- Update projects inside WilsonUnix solution [#​2768](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2768).\n- Code style enforced in build [#​2603](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2603).\n- CodeQL update [#​2767](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2767).\n- Update build pipeline to new one release build format [#​2777](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2777).\n- Update GitHub actions to `9.0.100-preview.7.24407.12` and add `\u003cNoWarn\u003e$(NoWarn);SYSLIB0057\u003c/NoWarn\u003e` due to breaking changes in preview7. [#​2786](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2786).\n\n### Work relating to [#​2711](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2711)\n- [#​2725](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2725), [#​2729](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2729), [#​2753](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2753), [#​2758](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2758), [#​2759](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2759), [#​2757](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2758), [#​2759](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2757), [#​2764](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2758), [#​2759](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2764), [#​2771](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2758), [#​2759](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2759), and [#​2779](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2779).\n\n\n## What's Changed\n* Remove old 6x tests used that are not needed anymore by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2742\n* Only use fxcop in netfw by @​keegan-caruso in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2693\n* Allow Jwt payload to be the empty string. by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2745\n* Add rule to add file headers automatically. by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2748\n* Remove Delegate Checks in Multiple Validators and Prevents Null Setting of Delegates by @​FuPingFranco in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2725\n* Fix CodeQL by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2746\n* Cache UseRfcDefinitionOfEpkAndKid switch. by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2747\n* Decrypt token: Remove exceptions + use new ValidationParameters by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2729\n* Include README packages in NuGet by @​localden in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2752\n* Remove internals for new work. by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2753\n* Add property named differently in 7x. by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2756\n* Remove .....\n\n_Description has been truncated_","html_url":"https://github.com/yongshuai1013/emu/pull/14","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/yongshuai1013%2Femu/issues/14","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/14/packages"},{"uuid":"3865283178","node_id":"PR_kwDOK6sRJM6_2RD7","number":404,"state":"open","title":"Bump Microsoft.IdentityModel.JsonWebTokens from 8.14.0 to 8.15.0","user":"dependabot[bot]","labels":["dependencies",".NET"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-01-28T12:45:41.000Z","updated_at":"2026-01-28T12:46:38.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"Microsoft.IdentityModel.JsonWebTokens","old_version":"8.14.0","new_version":"8.15.0","repository_url":"https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet"}],"path":null,"ecosystem":"nuget"},"body":"Updated [Microsoft.IdentityModel.JsonWebTokens](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet) from 8.14.0 to 8.15.0.\n\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\n_Sourced from [Microsoft.IdentityModel.JsonWebTokens's releases](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/releases)._\n\n## 8.15.0\n\n## New Features\n- **Add ECDsa support in `X509SecurityKey` and `JsonWebKeyConverter.ConvertFromX509SecurityKey`**  \n  Extended `X509SecurityKey` and `JsonWebKeyConverter.ConvertFromX509SecurityKey` to support ECDSA keys.  \n  See PR [#​2377](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2377) for details.\n\n## Bug Fixes\n- **Sanitize logs to avoid leaking sensitive data**  \n  Updated logging to sanitize sensitive values, reducing the risk of inadvertently exposing secrets or PII in logs.  \n  See PR [#​3316](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3316) for details.\n- **Optimize log sanitization with `SearchValues`**  \n  Improved the performance of the log sanitization logic introduced earlier by using `SearchValues`, making sanitization more efficient in high-throughput scenarios.  \n  See PR [#​3341](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3341) for details.\n- **Update test for `IDX10400`**  \n  Adjusted the `IDX10400` test to align with the current behavior and error messaging.  \n  See PR [#​3314](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3314) for details.\n\n## Fundamentals\n- **Add supported algorithm tests**  \n  Added new tests to validate the set of supported cryptographic algorithms, increasing confidence in algorithm coverage and compatibility.  \n  See PR [#​3296](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3296) for details.\n- **Migrate repository agent rules from `.clinerules` to `agents.md`**  \n  Moved repository agent/AI-assist rules into markdown documentation to make them more visible and easier to maintain.  \n  See PR [#​3313](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3313) for details.\n- **Migrate `Microsoft.IdentityModel.TestExtensions` from Newtonsoft.Json to System.Text.Json**  \n  Updated `Microsoft.IdentityModel.TestExtensions` to use `System.Text.Json` instead of `Newtonsoft.Json`, aligning tests with the runtime serialization stack.  \n  See PR [#​3356](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3356) for details.\n- **Disable code coverage comments**  \n  Turned off automated code coverage comments on PRs to reduce noise while retaining coverage data elsewhere.  \n  See PR [#​3349](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3349) for details.\n- **Fix CodeQL alerts**  \n  Addressed CodeQL-reported issues to improve security posture and static analysis cleanliness.  \n  See PR [#​3364](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3364) for details.\n\n### .NET 10 / SDK and tooling updates\n- **Building with .NET 10 preview / RC 1**  \n  Updated the repository to build and test against .NET 10.0 preview/RC1, ensuring early compatibility with the upcoming runtime.  \n  See PRs [#​3287](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3287), [#​3357](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3357), and [#​3358](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3358) for details.\n- **Fix .NET 10 test execution consistency**  \n  Ensured consistent use of the `TargetNetNext` parameter across build, test, and pack phases so .NET 10.0 tests execute reliably.  \n  See PR [#​3337](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3337) for details.\n- **Update project files and workflows for .NET 10.0 compatibility**  \n  Adjusted project files and CI workflows to correctly target and run on .NET 10.0, including test and pack scenarios.  \n  See PR [#​3363](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3363) for details.\n- **Update .NET version to meet CG compliance**  \n  Updated the .NET version references to be compliant with corporate governance (CG) requirements.  \n  See PR [#​3353](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3353) for details.\n- **Update Coverlet collector and test SDK**  \n  - Bumped `CoverletCollectorVersion` to 6.0.4.  \n    See PR [#​3333](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3333) for details.  \n  - Upgraded `Microsoft.NET.Test.Sdk` to a newer version for improved test reliability and tooling support.  \n ... (truncated)\n\nCommits viewable in [compare view](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.14.0...8.15.0).\n\u003c/details\u003e\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=Microsoft.IdentityModel.JsonWebTokens\u0026package-manager=nuget\u0026previous-version=8.14.0\u0026new-version=8.15.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge and block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/vurhanau/csharp-spiffe/pull/404","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/vurhanau%2Fcsharp-spiffe/issues/404","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/404/packages"},{"uuid":"3766702491","node_id":"PR_kwDOGgv1K866ygAu","number":62,"state":"open","title":"Bump Microsoft.IdentityModel.JsonWebTokens from 8.14.0 to 8.15.0","user":"dependabot[bot]","labels":["dependencies",".NET"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2025-12-29T07:51:04.000Z","updated_at":"2025-12-29T07:51:19.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"Microsoft.IdentityModel.JsonWebTokens","old_version":"8.14.0","new_version":"8.15.0","repository_url":"https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet"}],"path":null,"ecosystem":"nuget"},"body":"Updated [Microsoft.IdentityModel.JsonWebTokens](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet) from 8.14.0 to 8.15.0.\n\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\n_Sourced from [Microsoft.IdentityModel.JsonWebTokens's releases](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/releases)._\n\n## 8.15.0\n\n## New Features\n- **Add ECDsa support in `X509SecurityKey` and `JsonWebKeyConverter.ConvertFromX509SecurityKey`**  \n  Extended `X509SecurityKey` and `JsonWebKeyConverter.ConvertFromX509SecurityKey` to support ECDSA keys.  \n  See PR [#​2377](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2377) for details.\n\n## Bug Fixes\n- **Sanitize logs to avoid leaking sensitive data**  \n  Updated logging to sanitize sensitive values, reducing the risk of inadvertently exposing secrets or PII in logs.  \n  See PR [#​3316](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3316) for details.\n- **Optimize log sanitization with `SearchValues`**  \n  Improved the performance of the log sanitization logic introduced earlier by using `SearchValues`, making sanitization more efficient in high-throughput scenarios.  \n  See PR [#​3341](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3341) for details.\n- **Update test for `IDX10400`**  \n  Adjusted the `IDX10400` test to align with the current behavior and error messaging.  \n  See PR [#​3314](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3314) for details.\n\n## Fundamentals\n- **Add supported algorithm tests**  \n  Added new tests to validate the set of supported cryptographic algorithms, increasing confidence in algorithm coverage and compatibility.  \n  See PR [#​3296](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3296) for details.\n- **Migrate repository agent rules from `.clinerules` to `agents.md`**  \n  Moved repository agent/AI-assist rules into markdown documentation to make them more visible and easier to maintain.  \n  See PR [#​3313](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3313) for details.\n- **Migrate `Microsoft.IdentityModel.TestExtensions` from Newtonsoft.Json to System.Text.Json**  \n  Updated `Microsoft.IdentityModel.TestExtensions` to use `System.Text.Json` instead of `Newtonsoft.Json`, aligning tests with the runtime serialization stack.  \n  See PR [#​3356](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3356) for details.\n- **Disable code coverage comments**  \n  Turned off automated code coverage comments on PRs to reduce noise while retaining coverage data elsewhere.  \n  See PR [#​3349](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3349) for details.\n- **Fix CodeQL alerts**  \n  Addressed CodeQL-reported issues to improve security posture and static analysis cleanliness.  \n  See PR [#​3364](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3364) for details.\n\n### .NET 10 / SDK and tooling updates\n- **Building with .NET 10 preview / RC 1**  \n  Updated the repository to build and test against .NET 10.0 preview/RC1, ensuring early compatibility with the upcoming runtime.  \n  See PRs [#​3287](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3287), [#​3357](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3357), and [#​3358](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3358) for details.\n- **Fix .NET 10 test execution consistency**  \n  Ensured consistent use of the `TargetNetNext` parameter across build, test, and pack phases so .NET 10.0 tests execute reliably.  \n  See PR [#​3337](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3337) for details.\n- **Update project files and workflows for .NET 10.0 compatibility**  \n  Adjusted project files and CI workflows to correctly target and run on .NET 10.0, including test and pack scenarios.  \n  See PR [#​3363](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3363) for details.\n- **Update .NET version to meet CG compliance**  \n  Updated the .NET version references to be compliant with corporate governance (CG) requirements.  \n  See PR [#​3353](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3353) for details.\n- **Update Coverlet collector and test SDK**  \n  - Bumped `CoverletCollectorVersion` to 6.0.4.  \n    See PR [#​3333](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3333) for details.  \n  - Upgraded `Microsoft.NET.Test.Sdk` to a newer version for improved test reliability and tooling support.  \n ... (truncated)\n\nCommits viewable in [compare view](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.14.0...8.15.0).\n\u003c/details\u003e\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge and block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/data-altinn-no/plugin-banking/pull/62","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/data-altinn-no%2Fplugin-banking/issues/62","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/62/packages"},{"uuid":"3688163963","node_id":"PR_kwDOECDtAs62uYdK","number":98,"state":"closed","title":"Bump Microsoft.IdentityModel.JsonWebTokens from 8.2.1 to 8.15.0","user":"dependabot[bot]","labels":["dependencies",".NET"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-02-16T02:25:24.000Z","author_association":null,"state_reason":null,"created_at":"2025-12-03T02:02:16.000Z","updated_at":"2026-02-16T02:25:25.000Z","time_to_close":6481388,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"Microsoft.IdentityModel.JsonWebTokens","old_version":"8.2.1","new_version":"8.15.0","repository_url":"https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet"}],"path":null,"ecosystem":"nuget"},"body":"Updated [Microsoft.IdentityModel.JsonWebTokens](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet) from 8.2.1 to 8.15.0.\n\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\n_Sourced from [Microsoft.IdentityModel.JsonWebTokens's releases](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/releases)._\n\n## 8.15.0\n\n## New Features\n- **Add ECDsa support in `X509SecurityKey` and `JsonWebKeyConverter.ConvertFromX509SecurityKey`**  \n  Extended `X509SecurityKey` and `JsonWebKeyConverter.ConvertFromX509SecurityKey` to support ECDSA keys.  \n  See PR [#​2377](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2377) for details.\n\n## Bug Fixes\n- **Sanitize logs to avoid leaking sensitive data**  \n  Updated logging to sanitize sensitive values, reducing the risk of inadvertently exposing secrets or PII in logs.  \n  See PR [#​3316](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3316) for details.\n- **Optimize log sanitization with `SearchValues`**  \n  Improved the performance of the log sanitization logic introduced earlier by using `SearchValues`, making sanitization more efficient in high-throughput scenarios.  \n  See PR [#​3341](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3341) for details.\n- **Update test for `IDX10400`**  \n  Adjusted the `IDX10400` test to align with the current behavior and error messaging.  \n  See PR [#​3314](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3314) for details.\n\n## Fundamentals\n- **Add supported algorithm tests**  \n  Added new tests to validate the set of supported cryptographic algorithms, increasing confidence in algorithm coverage and compatibility.  \n  See PR [#​3296](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3296) for details.\n- **Migrate repository agent rules from `.clinerules` to `agents.md`**  \n  Moved repository agent/AI-assist rules into markdown documentation to make them more visible and easier to maintain.  \n  See PR [#​3313](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3313) for details.\n- **Migrate `Microsoft.IdentityModel.TestExtensions` from Newtonsoft.Json to System.Text.Json**  \n  Updated `Microsoft.IdentityModel.TestExtensions` to use `System.Text.Json` instead of `Newtonsoft.Json`, aligning tests with the runtime serialization stack.  \n  See PR [#​3356](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3356) for details.\n- **Disable code coverage comments**  \n  Turned off automated code coverage comments on PRs to reduce noise while retaining coverage data elsewhere.  \n  See PR [#​3349](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3349) for details.\n- **Fix CodeQL alerts**  \n  Addressed CodeQL-reported issues to improve security posture and static analysis cleanliness.  \n  See PR [#​3364](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3364) for details.\n\n### .NET 10 / SDK and tooling updates\n- **Building with .NET 10 preview / RC 1**  \n  Updated the repository to build and test against .NET 10.0 preview/RC1, ensuring early compatibility with the upcoming runtime.  \n  See PRs [#​3287](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3287), [#​3357](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3357), and [#​3358](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3358) for details.\n- **Fix .NET 10 test execution consistency**  \n  Ensured consistent use of the `TargetNetNext` parameter across build, test, and pack phases so .NET 10.0 tests execute reliably.  \n  See PR [#​3337](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3337) for details.\n- **Update project files and workflows for .NET 10.0 compatibility**  \n  Adjusted project files and CI workflows to correctly target and run on .NET 10.0, including test and pack scenarios.  \n  See PR [#​3363](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3363) for details.\n- **Update .NET version to meet CG compliance**  \n  Updated the .NET version references to be compliant with corporate governance (CG) requirements.  \n  See PR [#​3353](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3353) for details.\n- **Update Coverlet collector and test SDK**  \n  - Bumped `CoverletCollectorVersion` to 6.0.4.  \n    See PR [#​3333](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3333) for details.  \n  - Upgraded `Microsoft.NET.Test.Sdk` to a newer version for improved test reliability and tooling support.  \n ... (truncated)\n\n## 8.14.0\n\n8.14.0\n====\n## Bug Fixes\n- Switch back to use `ValidationResult` instead of `OperationResult` when validating a token in a new experimental validation flow. Additionally removed the dependency on Microsoft.IdentityModel.Abstractions. See [#​3299](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3299) for details.\n\n## 8.13.1\n\n8.13.1\n====\n## Dependencies\nMicrosoft.IdentityModel now depends on Microsoft.Identity.Abstractions 9.3.0\n\n## Bug Fixes\n- Fixed a decompression failure happening for large JWE payloads. See [#​3286](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3286) for details.\n\n### Work related to redesign of IdentityModel's token validation logic [#​2711](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2711)\n- Update the validation methods to return Microsoft.Identity.Abstractions.OperationResult. See [#​3284](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3284) for details.\n\n8.13.0\n\n## 8.13.0\n\n8.13.0\n====\n### Fundamentals\n- `CaseSensitiveClaimsIdentity.SecurityToken` setter is now protected internal (was internal). See PR [#​3278](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3278) for details.\n- Update .NET SDK version to 9.0.108 used when building or running the code. See PR [#​3274](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3274) for details.\n- Update RsaSecurityKey.cs to replace the Pkcs1 padding by Pss from HasPrivateKey check. See [#​3280](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3280) for details.\n\n## What's Changed\n* Make CaseSensitiveClaimsIdentity.SecurityToken setter protected by @​keegan-caruso in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3278\n* Update .NET SDK version in global.json from 9.0.107 to 9.0.108 by @​Copilot in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3274\n* Update RsaSecurityKey.cs to remove Pkcs 1 by @​keegan-caruso in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3280\n* changelog for 8.13 by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3282\n\n## New Contributors\n* @​Copilot made their first contribution in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3274\n\n**Full Changelog**: https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.12.1...8.13.0\n\n## 8.12.1\n\n8.12.1\n====\n### Fundamentals\n- Update .NET SDK version to 9.0.107 used when building or running the code. See [#​3263](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3263) for details.\n- To keep our experimental code separate from production code, all files associated with experimental features have been moved to the Experimental folders. See PR [#​3261](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3261) for details.\n- Experimental code leaked into TokenValidationResult from early prototypes. See PR [#​3259](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3259) for details.\n\n## What's Changed\n* Remove experimental code from TokenValidationResult by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3259\n* Moved files to experimental folder by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3261\n* Update global.json to latest by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3263\n\n\n**Full Changelog**: https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.12.0...8.12.1\n\n## 8.12.0\n\n8.12.0\n====\n\n## New Features\n- **Enhance ConfigurationManager with event handling**  \n  Added event handling capabilities to the `ConfigurationManager`, enabling consumers to subscribe to configuration change events. This enhancement improves extensibility and allows more responsive applications. For details see [#​3253](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3253)  \n\n## Bug Fixes\n- **Add expected Base64UrlEncoder.Decode overload for NET6 and 8**  \n  Introduced the expected overload of `Base64UrlEncoder.Decode` for .NET 6 and 8, ensuring compatibility and preventing missing method issues on these frameworks.  \n  For details see [#​3249](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3249)  \n\n## Fundamentals\n- **Add AI assist rules**  \n  Incorporated AI assist rules to enhance AI agents effectiveness.  \n  For details see [#​3255](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3255)  \n- **Update PublicApiAnalyzers and BannedApiAnalyzers to 4.14.0**  \n  Upgraded analyzer packages for improved diagnostics and code consistency (in particular delegates are added).  \n  For details see [#​3256](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3256)  \n- **Move suppression of RS006 to csproj**  \n  Centralized suppression of RS006 warnings in project files for easier management.  \n  For details see [#​3230](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3230)\n\n## What's Changed\n* Move suppression of RS006 to csproj. by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3230\n* Add expected Base64UrlEncoder.Decode overload for NET6 and 8 by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3250\n* add ai assist rules by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3255\n* Enhance ConfigurationManager with event handling by @​GeoK in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3254\n* Update PublicApiAnalyzers and BannedApiAnalyzers to 4.14.0 by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3256\n* Update CHANGELOG.md for 8.12.0 by @​jmprieur in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3258\n\n\n**Full Changelog**: https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.11.0...8.12.0\n\n## 8.11.0\n\n8.11.0\n=====\n## New Features:\n- Microsoft.IdentityModel now exposes the AadIssuerValidator factory method publicly to enable caching functionality for AadIssuerValidator instances. See issue [#​3245](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3245) for details.\n- Added a new public async API: `JsonWebTokenHandler.DecryptTokenWithConfigurationAsync`, which decrypts a JWE token using keys from either `TokenValidationParameters` or, if not present, from configuration (such as via a ConfigurationManager). This enhancement improves developer experience by enabling asynchronous, cancellation-aware JWE decryption scenarios, aligning with modern .NET async patterns and making integration with external key/configuration sources more robust and observable. See PR [#​3243](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3243) for details.\n\n## What's Changed\n* few updates by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3242\n* Changelog for 8.10.0 by @​sruke in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3241\n* Exposes publicly override of AadIssuerValidator factory taking a delegate by @​jmprieur in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3244\n* update current version to 8.10.0 by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3246\n* Add DecryptTokenWithConfiguration API by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3243\n* changelog for 8.11 by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3248\n\n\n**Full Changelog**: https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.10.0...8.11.0\n\n## 8.10.0\n\n8.10.0\n=====\n## Bug Fixes\n- Corrected casing of the Type attribute in SubjectConfirmationData. See [#​3206](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3206).\n- Removed Microsoft.Bcl.Memory dependency for pre-.NET 9.0 targets. See [#​3220](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/commit/33784b8ec0ff4300efad788535f90b3adc5bdfd1).\n- Aligned Microsoft.Extensions.Logging.Abstractions version to 8.0.0 for .NET 9 to match other targets. See [#​3226](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/commit/793bd34e945eb8ba7528cf87c4a29a29c4704a65).\n\n## Fundamentals\n- Introduced Long-Term Support (LTS) policy. See [#​3228](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/commit/946bec18cdeb26b8133a04e8c056dd5f17588f89) and [#​3232](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/commit/14842aedb3d57c32b9ce784061cd9beccbdd1eb1).\n\n## 8.9.0\n\n8.9.0\n=====\n## Bug Fixes\n- syncAfter has been updated to preserve UTC information, addressing a bug where GetConfigurationAsync does not refresh configuration in ConfigurationManager. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3213.\n- Fixed a null reference issue in KeyInfo. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3203.\n\n## New Features\n- Introduced a new delegate for reading custom token payload values on JsonWebToken. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2981.\n- Added an overload for ReadJsonWebToken to take a ReadOnlyMemory. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3205.\n\n## Fundamentals\n- Utilized IList to avoid enumerator allocation during audience validation. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3204.\n\n## 8.8.0\n\n8.8.0\n=====\n## New Features\n- Adds the ability for the metadata refresh to be done as a blocking call, as per 8.0.1 behavior. This is done through the `Switch.Microsoft.IdentityModel.UpdateConfigAsBlocking` switch. If set, configuration calls will be blocking when metadata is updated, otherwise, if token arrive with a new signing keys, validation errors will be returned to the caller. See PR [#​3193](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3193) for details.\n- Identity.Model updates some log and error messages (IDX10214, IDX10215). If the information is needed for debugging purposes, it can be reverted via the `Switch.Microsoft.IdentityModel.DoNotScrubExceptions` AppContextSwitch. See PR [#​3195](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3195) and https://aka.ms/identitymodel/app-context-switches for details.\n- Change all plain object locks to `System.Thread.Lock` objects for .NET 9 or greater. See PRs [#​3185](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3185) and [#​3189](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3189) for details.\n\n\n## 8.7.0\n\n## Bug Fixes\n- Add back internal methods `IsRecoverableException` and `IsRecoverableExceptionType` whose signatures were changed in the previous version. See [#​3181](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3181).\n\n## New Features\n- Make `Cnf` class public and move it to Microsoft.IdentityModel.Tokens package. See [#​3165](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3165).\n\n## What's Changed\n* Post Release 8.6.1 cleanup  by @​mdchennu in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3160\n* Updates CodeQL.yaml to exclude test files by @​sruke in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3163\n* Adds explanation for CodeQL warnings by @​sruke in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3167\n* Fix typo by @​rstm-sf in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3175\n* Need to change the locks by @​JoshLozensky in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3171\n* Move CNF from SHR to M.IM.Tokens by @​keegan-caruso in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3168\n* Add back IsRecoverableException methods. by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3183\n* Revert \"Need to change the locks\" by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3186\n* 8.7.0 changelog by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3184\n\n## New Contributors\n* @​rstm-sf made their first contribution in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3175\n\n**Full Changelog**: https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.6.1...8.7.0\n\n## 8.6.1\n\n8.6.1\n=====\n## Bug fix\n- Microsoft.IdentityModel now triggers a configuration refresh if token decryption fails. See issue [#​3148](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3148) for details.\n- Fix a bug in `JsonWebTokenHandler` where `JwtTokenDecryptionParameters`'s `Alg` and `Enc` were not set during token decryption, causing `IDX10611` and `IDX10619` errors to show null values in the messages. See issue [#​3003](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3003) for details.\n\n## Fundamentals\n- For development, IdentityModel now has a global.json file to specify the .NET SDK version. See issue [#​2995](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2995) for details.\n\n## What's Changed\n* Update version.props to next version by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3145\n* Update the public API shipped files by @​jmprieur in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3146\n* Add global.json file by @​mdchennu in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3153\n* Trigger metadata refresh for token decryption errors by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3149\n* Populate error messages correctly from JwtTokenUtilities.DecryptJwtToken by @​ksaaf in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3152\n* first changelog update by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3156\n\n## New Contributors\n* @​mdchennu made their first contribution in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3153\n* @​ksaaf made their first contribution in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3152\n\n**Full Changelog**: https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.6.0...8.6.1\n\n## 8.6.0\n\n8.6.0\n=====\n## New Features\n- TokenValidationParameters has a new boolean property `TryAllDecryptionKeys` that let you choose whether to try all decrypt keys when no key matches the token decrypt key IDs. By default it's set to **true** (legacy behavior) but you can set it to false to avoid tyring all keys which is more performant. See [#​3128](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3128)\n- Promote KeyInfo.MatchesKey from internal to protected internal virtual to enable SAML extensibility (for CoreWcf). See [#​3140](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3140)\n\n## Fundamentals\n* Update dependency on Microsoft.Extensions.Logging.Abstractions from 9.0.0 to 8.0.2 to avoid package downgrade in apps on .NET 9 using a netstandard2.0 library referencing logging.abstractions. See [3143](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3143)\n* Add more tests for encrypted tokens. See [#​3139](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3139)\n\n## What's Changed\n* Update CHANGELOG.md by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3133\n* Update version.props to next version by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3137\n* Add TryAllDecryptionKeys flag to whether decrypt if no key IDs match by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3128\n* Change KeyInfo.MatchesKey from internal to protected internal virtual. by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3140\n* Fix #​3112 by @​jmprieur in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3143\n* Add more auto-decryption related tests by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3139\n* Update changelog.md for 8.6.0 by @​jmprieur in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3144\n\n\n**Full Changelog**: https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.5.0...8.6.0\n\n## 8.5.0\n\n8.5.0\n=====\n## Reverting previous breaking change\n- The Configuration Manager has been reverted to version 8.3.1. The changes made in 8.4.0 assume the configuration manager is used as a singleton, which is similar to marking the type as disposable. We have since learned that [adding IDisposable is a breaking change](https://learn.microsoft.com/en-us/dotnet/fundamentals/runtime-libraries/system-idisposable), so we are following [semver guidance](https://semver.org/#what-do-i-do-if-i-accidentally-release-a-backward-incompatible-change-as-a-minor-version) and reverting and releasing a minor version (8.5.0).\n- Cherry-picked Changes: Included changes from PR [#​3022](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3022) and [#​3104](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3104).\n\n## What's Changed\n* Update version.props by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3126\n* fix formatting error by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3134\n* Revert configuration manager to 8.3.1 by @​keegan-caruso in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3132\n\n\n**Full Changelog**: https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.4.0...8.5.0\n\n## 8.4.0\n\n8.4.0\n=====\n## New Features\n- App context switch allows blocking or non-blocking calls for configuration. See PR [#​3106](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3106) for details and issue [#​3082](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3082) for details. If you are not using the ConfigurationManager as a singleton and not using the blocking option, you may need to call ShutdownBackgroundTask() to stop the background task to avoid leaking Tasks.\n- IdentityModel now enables symmetric and asymmetric keys to be created publicly with JWK. See [#​3094](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3094) for details.\n- IdentityModel now allows specifying the HTTP protocol version and version policy. See [#​2808](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2808) for details.\n\n## Repair items\n- Add request count and duration telemetry for configuration requests. See [#​3022](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3022) for details.\n- `KeyID` should be present in exception messages and is no longer PII. See [#​3104](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3104) for details.\n\n## Fundamentals\n- Fix spelling issues in xml comments. See [#​3117](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3117) for details.\n- Fix comment coverage in PR builds. See [#​3079](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3079) for details.\n\n### Work related to redesign of IdentityModel's token validation logic [#​2711](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2711)\n- See [#​3056](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3056). [#​3100](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3100), [#​3017](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3107), and [#​3111](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3111).\n- Add internal virtual on TokenHandler. See [#​3084](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3084) for details.\n\n* @​prochnowc made their first contribution in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2809\n\n## 8.3.1\n\n8.3.1\n=====\n## Bug Fixes\n* Respect TVP.RequireAudience when set to false. See [#​3055](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3055)\n* For net4.6.2 select RSACng for PSS support. See [#​3097](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3097)\n* Fix package downgrade in consuming libraries. See[#​3062](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3062)\n* Fix integer overflow in `AuthenticationEncryptionProvider.cs`. See [#​3063](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3063)\n\n## Fundamentals\n* Removed unused property on JsonWebToken ClaimsIdentity. See [#​3071](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3071) for details.\n* Upgrade to C# 13. See [#​2998](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2998)\n* Use new Base64Url API. See [#​22817](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2817)\n* Add warning quality check. See [#​3067](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3067)\n* Update dotnet actions. see [#​3074](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3074)\n* Fix warnings. See [#​3081](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3081)\n* Test updates in JsonWebToken. See [#​3080](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3080).\n\n### Work related to redesign of IdentityModel's token validation logic [#​2711](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2711)\n- [#​3027](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3027), [#​3028](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3028), [#​3051](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3051), [#​3054](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3054)\n\n## What's Changed\n* Update CHANGELOG.md by @​jmprieur in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3053\n* Extensibility tests: Audience - JWT, SAML and SAML2 by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3027\n* Extensibility tests: Lifetime - JWT, SAML and SAML2 by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3028\n* Implement lazy ClaimsIdentity creation from ValidatedToken on SAML and SAML2 on the new validation model by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3051\n* Add logging to the new validation model by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3054\n* update version by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3057\n* lower version to avoid downgrades. by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3058\n* Respect TVP.RequireAudience when set to false by @​kllysng in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3055\n* Fix package downgrade in consuming libraries by @​jmprieur in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3062\n* Add slnf for running perf and stress tests by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3066\n* Add Warning Quality Check Build Task 🔨 by @​kllysng in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3067\n* Update template-Build-run-tests-sign.yml by @​ciaozhang in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3069\n* Removed unused property on JsonWebToken by @​keegan-caruso in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3072\n* Update setup dotnet actions by @​keegan-caruso in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3074\n* fixed #​2983 and re-add code coverage comments to PRs by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3076\n* Remove duplicate keyid into var keysAttempted by @​bdapoigny in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2899\n* Upgrade to C# 13 by @​westin-m in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2998\n* Use new Base64Url API by @​msbw2 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2817\n* Update common.props by @​ciaozhang in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3078\n* fix warnings by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3081\n* Fixed integer overflow in AuthenticatedEncryptionProvider.cs by @​gparametr in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3063\n* Test updates by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3080\n* For net4.6.2 select RSACng for PSS support. by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3085\n* changelog for 8.3.1 by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3098\n\n## New Contributors\n* @​bdapoigny made their first contribution in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2899\n* @​gparametr made their first contribution in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3063\n\n ... (truncated)\n\n## 8.3.0\n\n## New features\n\n### Work related to redesign of IdentityModel's token validation logic [#​2711](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2711)\n* SAML and SAML2 new model validation: Token Replay. See [#​2994](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2994)\n* Extensibility tests: Token Type - JWT ([#​3030](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3030)), Issuer - SAML and SAML2 ([#​3026](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3026)), Algorithm and Signature - JWT, SAML and SAML2 ([#​3034](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3034)), Token Replay - JWT, SAML and SAML2 ([#​3032](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3032)),  Issuer signing key - JWT, SAML and SAML2 ([#​3029](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/302))\n* Avoid code duplication in extensibility testing. See [#​3041](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3041)\n* Extensibility Testing: Refactor. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3011\n* Remove duplicate code in extensibility tests. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3044\n\n## Bug fixes\n* Fix bug with AadIssuerValidator. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3042\n* Fixed SignedHttpRequest flaky test. See [#​3037](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3037)\n \n## Fundamentals\n* Install all .NET versions in pipeline to fix run tests task. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3018\n* Changelog for 8.2.1. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3009\n* Remove unnecessary AoT test project. See in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3045\n* Fix powershell script for nuget update. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3046\n* Update to next version. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3010\n* Disable Coverage PR comments. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3048\n* Updates GitHub Action to support long paths, See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3049\n* Stack parameters to improve reading of code. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3031\n\n## New Contributors\n* @​ssmelov made their first contribution in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3042\n\n**Full Changelog**: https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.2.1...8.3.0\n\nCommits viewable in [compare view](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.2.1...8.15.0).\n\u003c/details\u003e\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=Microsoft.IdentityModel.JsonWebTokens\u0026package-manager=nuget\u0026previous-version=8.2.1\u0026new-version=8.15.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge and block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/NosCoreIO/NosCore.ParserInputGenerator/pull/98","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/NosCoreIO%2FNosCore.ParserInputGenerator/issues/98","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/98/packages"},{"uuid":"3679366705","node_id":"PR_kwDOJK_jZs62Qm5m","number":211,"state":"closed","title":"Bump Microsoft.IdentityModel.JsonWebTokens from 8.14.0 to 8.15.0","user":"dependabot[bot]","labels":["dependencies",".NET"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2025-12-01T05:57:44.000Z","author_association":null,"state_reason":null,"created_at":"2025-12-01T05:54:22.000Z","updated_at":"2025-12-01T05:57:46.000Z","time_to_close":202,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"Microsoft.IdentityModel.JsonWebTokens","old_version":"8.14.0","new_version":"8.15.0","repository_url":"https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet"}],"path":null,"ecosystem":"nuget"},"body":"Updated [Microsoft.IdentityModel.JsonWebTokens](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet) from 8.14.0 to 8.15.0.\n\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\n_Sourced from [Microsoft.IdentityModel.JsonWebTokens's releases](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/releases)._\n\n## 8.15.0\n\n## New Features\n- **Add ECDsa support in `X509SecurityKey` and `JsonWebKeyConverter.ConvertFromX509SecurityKey`**  \n  Extended `X509SecurityKey` and `JsonWebKeyConverter.ConvertFromX509SecurityKey` to support ECDSA keys.  \n  See PR [#​2377](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2377) for details.\n\n## Bug Fixes\n- **Sanitize logs to avoid leaking sensitive data**  \n  Updated logging to sanitize sensitive values, reducing the risk of inadvertently exposing secrets or PII in logs.  \n  See PR [#​3316](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3316) for details.\n- **Optimize log sanitization with `SearchValues`**  \n  Improved the performance of the log sanitization logic introduced earlier by using `SearchValues`, making sanitization more efficient in high-throughput scenarios.  \n  See PR [#​3341](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3341) for details.\n- **Update test for `IDX10400`**  \n  Adjusted the `IDX10400` test to align with the current behavior and error messaging.  \n  See PR [#​3314](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3314) for details.\n\n## Fundamentals\n- **Add supported algorithm tests**  \n  Added new tests to validate the set of supported cryptographic algorithms, increasing confidence in algorithm coverage and compatibility.  \n  See PR [#​3296](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3296) for details.\n- **Migrate repository agent rules from `.clinerules` to `agents.md`**  \n  Moved repository agent/AI-assist rules into markdown documentation to make them more visible and easier to maintain.  \n  See PR [#​3313](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3313) for details.\n- **Migrate `Microsoft.IdentityModel.TestExtensions` from Newtonsoft.Json to System.Text.Json**  \n  Updated `Microsoft.IdentityModel.TestExtensions` to use `System.Text.Json` instead of `Newtonsoft.Json`, aligning tests with the runtime serialization stack.  \n  See PR [#​3356](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3356) for details.\n- **Disable code coverage comments**  \n  Turned off automated code coverage comments on PRs to reduce noise while retaining coverage data elsewhere.  \n  See PR [#​3349](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3349) for details.\n- **Fix CodeQL alerts**  \n  Addressed CodeQL-reported issues to improve security posture and static analysis cleanliness.  \n  See PR [#​3364](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3364) for details.\n\n### .NET 10 / SDK and tooling updates\n- **Building with .NET 10 preview / RC 1**  \n  Updated the repository to build and test against .NET 10.0 preview/RC1, ensuring early compatibility with the upcoming runtime.  \n  See PRs [#​3287](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3287), [#​3357](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3357), and [#​3358](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3358) for details.\n- **Fix .NET 10 test execution consistency**  \n  Ensured consistent use of the `TargetNetNext` parameter across build, test, and pack phases so .NET 10.0 tests execute reliably.  \n  See PR [#​3337](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3337) for details.\n- **Update project files and workflows for .NET 10.0 compatibility**  \n  Adjusted project files and CI workflows to correctly target and run on .NET 10.0, including test and pack scenarios.  \n  See PR [#​3363](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3363) for details.\n- **Update .NET version to meet CG compliance**  \n  Updated the .NET version references to be compliant with corporate governance (CG) requirements.  \n  See PR [#​3353](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3353) for details.\n- **Update Coverlet collector and test SDK**  \n  - Bumped `CoverletCollectorVersion` to 6.0.4.  \n    See PR [#​3333](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3333) for details.  \n  - Upgraded `Microsoft.NET.Test.Sdk` to a newer version for improved test reliability and tooling support.  \n ... (truncated)\n\nCommits viewable in [compare view](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.14.0...8.15.0).\n\u003c/details\u003e\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=Microsoft.IdentityModel.JsonWebTokens\u0026package-manager=nuget\u0026previous-version=8.14.0\u0026new-version=8.15.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge and block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/iigo-panel/iigo-panel/pull/211","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/iigo-panel%2Fiigo-panel/issues/211","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/211/packages"},{"uuid":"3671187299","node_id":"PR_kwDOFSoY7M6113oS","number":465,"state":"closed","title":"Bump Microsoft.IdentityModel.JsonWebTokens from 8.0.1 to 8.14.0","user":"dependabot[bot]","labels":["dependencies",".NET"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2025-11-28T02:13:33.000Z","author_association":null,"state_reason":null,"created_at":"2025-11-27T12:09:53.000Z","updated_at":"2025-11-28T02:13:35.000Z","time_to_close":50620,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"Microsoft.IdentityModel.JsonWebTokens","old_version":"8.0.1","new_version":"8.14.0","repository_url":"https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet"}],"path":null,"ecosystem":"nuget"},"body":"Updated [Microsoft.IdentityModel.JsonWebTokens](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet) from 8.0.1 to 8.14.0.\n\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\n_Sourced from [Microsoft.IdentityModel.JsonWebTokens's releases](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/releases)._\n\n## 8.14.0\n\n8.14.0\n====\n## Bug Fixes\n- Switch back to use `ValidationResult` instead of `OperationResult` when validating a token in a new experimental validation flow. Additionally removed the dependency on Microsoft.IdentityModel.Abstractions. See [#​3299](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3299) for details.\n\n## 8.13.1\n\n8.13.1\n====\n## Dependencies\nMicrosoft.IdentityModel now depends on Microsoft.Identity.Abstractions 9.3.0\n\n## Bug Fixes\n- Fixed a decompression failure happening for large JWE payloads. See [#​3286](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3286) for details.\n\n### Work related to redesign of IdentityModel's token validation logic [#​2711](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2711)\n- Update the validation methods to return Microsoft.Identity.Abstractions.OperationResult. See [#​3284](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3284) for details.\n\n8.13.0\n\n## 8.13.0\n\n8.13.0\n====\n### Fundamentals\n- `CaseSensitiveClaimsIdentity.SecurityToken` setter is now protected internal (was internal). See PR [#​3278](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3278) for details.\n- Update .NET SDK version to 9.0.108 used when building or running the code. See PR [#​3274](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3274) for details.\n- Update RsaSecurityKey.cs to replace the Pkcs1 padding by Pss from HasPrivateKey check. See [#​3280](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3280) for details.\n\n## What's Changed\n* Make CaseSensitiveClaimsIdentity.SecurityToken setter protected by @​keegan-caruso in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3278\n* Update .NET SDK version in global.json from 9.0.107 to 9.0.108 by @​Copilot in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3274\n* Update RsaSecurityKey.cs to remove Pkcs 1 by @​keegan-caruso in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3280\n* changelog for 8.13 by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3282\n\n## New Contributors\n* @​Copilot made their first contribution in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3274\n\n**Full Changelog**: https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.12.1...8.13.0\n\n## 8.12.1\n\n8.12.1\n====\n### Fundamentals\n- Update .NET SDK version to 9.0.107 used when building or running the code. See [#​3263](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3263) for details.\n- To keep our experimental code separate from production code, all files associated with experimental features have been moved to the Experimental folders. See PR [#​3261](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3261) for details.\n- Experimental code leaked into TokenValidationResult from early prototypes. See PR [#​3259](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3259) for details.\n\n## What's Changed\n* Remove experimental code from TokenValidationResult by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3259\n* Moved files to experimental folder by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3261\n* Update global.json to latest by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3263\n\n\n**Full Changelog**: https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.12.0...8.12.1\n\n## 8.12.0\n\n8.12.0\n====\n\n## New Features\n- **Enhance ConfigurationManager with event handling**  \n  Added event handling capabilities to the `ConfigurationManager`, enabling consumers to subscribe to configuration change events. This enhancement improves extensibility and allows more responsive applications. For details see [#​3253](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3253)  \n\n## Bug Fixes\n- **Add expected Base64UrlEncoder.Decode overload for NET6 and 8**  \n  Introduced the expected overload of `Base64UrlEncoder.Decode` for .NET 6 and 8, ensuring compatibility and preventing missing method issues on these frameworks.  \n  For details see [#​3249](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3249)  \n\n## Fundamentals\n- **Add AI assist rules**  \n  Incorporated AI assist rules to enhance AI agents effectiveness.  \n  For details see [#​3255](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3255)  \n- **Update PublicApiAnalyzers and BannedApiAnalyzers to 4.14.0**  \n  Upgraded analyzer packages for improved diagnostics and code consistency (in particular delegates are added).  \n  For details see [#​3256](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3256)  \n- **Move suppression of RS006 to csproj**  \n  Centralized suppression of RS006 warnings in project files for easier management.  \n  For details see [#​3230](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3230)\n\n## What's Changed\n* Move suppression of RS006 to csproj. by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3230\n* Add expected Base64UrlEncoder.Decode overload for NET6 and 8 by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3250\n* add ai assist rules by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3255\n* Enhance ConfigurationManager with event handling by @​GeoK in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3254\n* Update PublicApiAnalyzers and BannedApiAnalyzers to 4.14.0 by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3256\n* Update CHANGELOG.md for 8.12.0 by @​jmprieur in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3258\n\n\n**Full Changelog**: https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.11.0...8.12.0\n\n## 8.11.0\n\n8.11.0\n=====\n## New Features:\n- Microsoft.IdentityModel now exposes the AadIssuerValidator factory method publicly to enable caching functionality for AadIssuerValidator instances. See issue [#​3245](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3245) for details.\n- Added a new public async API: `JsonWebTokenHandler.DecryptTokenWithConfigurationAsync`, which decrypts a JWE token using keys from either `TokenValidationParameters` or, if not present, from configuration (such as via a ConfigurationManager). This enhancement improves developer experience by enabling asynchronous, cancellation-aware JWE decryption scenarios, aligning with modern .NET async patterns and making integration with external key/configuration sources more robust and observable. See PR [#​3243](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3243) for details.\n\n## What's Changed\n* few updates by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3242\n* Changelog for 8.10.0 by @​sruke in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3241\n* Exposes publicly override of AadIssuerValidator factory taking a delegate by @​jmprieur in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3244\n* update current version to 8.10.0 by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3246\n* Add DecryptTokenWithConfiguration API by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3243\n* changelog for 8.11 by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3248\n\n\n**Full Changelog**: https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.10.0...8.11.0\n\n## 8.10.0\n\n8.10.0\n=====\n## Bug Fixes\n- Corrected casing of the Type attribute in SubjectConfirmationData. See [#​3206](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3206).\n- Removed Microsoft.Bcl.Memory dependency for pre-.NET 9.0 targets. See [#​3220](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/commit/33784b8ec0ff4300efad788535f90b3adc5bdfd1).\n- Aligned Microsoft.Extensions.Logging.Abstractions version to 8.0.0 for .NET 9 to match other targets. See [#​3226](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/commit/793bd34e945eb8ba7528cf87c4a29a29c4704a65).\n\n## Fundamentals\n- Introduced Long-Term Support (LTS) policy. See [#​3228](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/commit/946bec18cdeb26b8133a04e8c056dd5f17588f89) and [#​3232](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/commit/14842aedb3d57c32b9ce784061cd9beccbdd1eb1).\n\n## 8.9.0\n\n8.9.0\n=====\n## Bug Fixes\n- syncAfter has been updated to preserve UTC information, addressing a bug where GetConfigurationAsync does not refresh configuration in ConfigurationManager. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3213.\n- Fixed a null reference issue in KeyInfo. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3203.\n\n## New Features\n- Introduced a new delegate for reading custom token payload values on JsonWebToken. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2981.\n- Added an overload for ReadJsonWebToken to take a ReadOnlyMemory. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3205.\n\n## Fundamentals\n- Utilized IList to avoid enumerator allocation during audience validation. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3204.\n\n## 8.8.0\n\n8.8.0\n=====\n## New Features\n- Adds the ability for the metadata refresh to be done as a blocking call, as per 8.0.1 behavior. This is done through the `Switch.Microsoft.IdentityModel.UpdateConfigAsBlocking` switch. If set, configuration calls will be blocking when metadata is updated, otherwise, if token arrive with a new signing keys, validation errors will be returned to the caller. See PR [#​3193](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3193) for details.\n- Identity.Model updates some log and error messages (IDX10214, IDX10215). If the information is needed for debugging purposes, it can be reverted via the `Switch.Microsoft.IdentityModel.DoNotScrubExceptions` AppContextSwitch. See PR [#​3195](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3195) and https://aka.ms/identitymodel/app-context-switches for details.\n- Change all plain object locks to `System.Thread.Lock` objects for .NET 9 or greater. See PRs [#​3185](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3185) and [#​3189](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3189) for details.\n\n\n## 8.7.0\n\n## Bug Fixes\n- Add back internal methods `IsRecoverableException` and `IsRecoverableExceptionType` whose signatures were changed in the previous version. See [#​3181](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3181).\n\n## New Features\n- Make `Cnf` class public and move it to Microsoft.IdentityModel.Tokens package. See [#​3165](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3165).\n\n## What's Changed\n* Post Release 8.6.1 cleanup  by @​mdchennu in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3160\n* Updates CodeQL.yaml to exclude test files by @​sruke in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3163\n* Adds explanation for CodeQL warnings by @​sruke in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3167\n* Fix typo by @​rstm-sf in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3175\n* Need to change the locks by @​JoshLozensky in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3171\n* Move CNF from SHR to M.IM.Tokens by @​keegan-caruso in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3168\n* Add back IsRecoverableException methods. by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3183\n* Revert \"Need to change the locks\" by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3186\n* 8.7.0 changelog by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3184\n\n## New Contributors\n* @​rstm-sf made their first contribution in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3175\n\n**Full Changelog**: https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.6.1...8.7.0\n\n## 8.6.1\n\n8.6.1\n=====\n## Bug fix\n- Microsoft.IdentityModel now triggers a configuration refresh if token decryption fails. See issue [#​3148](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3148) for details.\n- Fix a bug in `JsonWebTokenHandler` where `JwtTokenDecryptionParameters`'s `Alg` and `Enc` were not set during token decryption, causing `IDX10611` and `IDX10619` errors to show null values in the messages. See issue [#​3003](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3003) for details.\n\n## Fundamentals\n- For development, IdentityModel now has a global.json file to specify the .NET SDK version. See issue [#​2995](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2995) for details.\n\n## What's Changed\n* Update version.props to next version by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3145\n* Update the public API shipped files by @​jmprieur in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3146\n* Add global.json file by @​mdchennu in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3153\n* Trigger metadata refresh for token decryption errors by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3149\n* Populate error messages correctly from JwtTokenUtilities.DecryptJwtToken by @​ksaaf in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3152\n* first changelog update by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3156\n\n## New Contributors\n* @​mdchennu made their first contribution in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3153\n* @​ksaaf made their first contribution in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3152\n\n**Full Changelog**: https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.6.0...8.6.1\n\n## 8.6.0\n\n8.6.0\n=====\n## New Features\n- TokenValidationParameters has a new boolean property `TryAllDecryptionKeys` that let you choose whether to try all decrypt keys when no key matches the token decrypt key IDs. By default it's set to **true** (legacy behavior) but you can set it to false to avoid tyring all keys which is more performant. See [#​3128](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3128)\n- Promote KeyInfo.MatchesKey from internal to protected internal virtual to enable SAML extensibility (for CoreWcf). See [#​3140](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3140)\n\n## Fundamentals\n* Update dependency on Microsoft.Extensions.Logging.Abstractions from 9.0.0 to 8.0.2 to avoid package downgrade in apps on .NET 9 using a netstandard2.0 library referencing logging.abstractions. See [3143](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3143)\n* Add more tests for encrypted tokens. See [#​3139](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3139)\n\n## What's Changed\n* Update CHANGELOG.md by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3133\n* Update version.props to next version by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3137\n* Add TryAllDecryptionKeys flag to whether decrypt if no key IDs match by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3128\n* Change KeyInfo.MatchesKey from internal to protected internal virtual. by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3140\n* Fix #​3112 by @​jmprieur in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3143\n* Add more auto-decryption related tests by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3139\n* Update changelog.md for 8.6.0 by @​jmprieur in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3144\n\n\n**Full Changelog**: https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.5.0...8.6.0\n\n## 8.5.0\n\n8.5.0\n=====\n## Reverting previous breaking change\n- The Configuration Manager has been reverted to version 8.3.1. The changes made in 8.4.0 assume the configuration manager is used as a singleton, which is similar to marking the type as disposable. We have since learned that [adding IDisposable is a breaking change](https://learn.microsoft.com/en-us/dotnet/fundamentals/runtime-libraries/system-idisposable), so we are following [semver guidance](https://semver.org/#what-do-i-do-if-i-accidentally-release-a-backward-incompatible-change-as-a-minor-version) and reverting and releasing a minor version (8.5.0).\n- Cherry-picked Changes: Included changes from PR [#​3022](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3022) and [#​3104](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3104).\n\n## What's Changed\n* Update version.props by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3126\n* fix formatting error by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3134\n* Revert configuration manager to 8.3.1 by @​keegan-caruso in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3132\n\n\n**Full Changelog**: https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.4.0...8.5.0\n\n## 8.4.0\n\n8.4.0\n=====\n## New Features\n- App context switch allows blocking or non-blocking calls for configuration. See PR [#​3106](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3106) for details and issue [#​3082](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3082) for details. If you are not using the ConfigurationManager as a singleton and not using the blocking option, you may need to call ShutdownBackgroundTask() to stop the background task to avoid leaking Tasks.\n- IdentityModel now enables symmetric and asymmetric keys to be created publicly with JWK. See [#​3094](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3094) for details.\n- IdentityModel now allows specifying the HTTP protocol version and version policy. See [#​2808](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2808) for details.\n\n## Repair items\n- Add request count and duration telemetry for configuration requests. See [#​3022](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3022) for details.\n- `KeyID` should be present in exception messages and is no longer PII. See [#​3104](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3104) for details.\n\n## Fundamentals\n- Fix spelling issues in xml comments. See [#​3117](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3117) for details.\n- Fix comment coverage in PR builds. See [#​3079](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3079) for details.\n\n### Work related to redesign of IdentityModel's token validation logic [#​2711](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2711)\n- See [#​3056](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3056). [#​3100](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3100), [#​3017](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3107), and [#​3111](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3111).\n- Add internal virtual on TokenHandler. See [#​3084](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3084) for details.\n\n* @​prochnowc made their first contribution in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2809\n\n## 8.3.1\n\n8.3.1\n=====\n## Bug Fixes\n* Respect TVP.RequireAudience when set to false. See [#​3055](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3055)\n* For net4.6.2 select RSACng for PSS support. See [#​3097](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3097)\n* Fix package downgrade in consuming libraries. See[#​3062](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3062)\n* Fix integer overflow in `AuthenticationEncryptionProvider.cs`. See [#​3063](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3063)\n\n## Fundamentals\n* Removed unused property on JsonWebToken ClaimsIdentity. See [#​3071](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3071) for details.\n* Upgrade to C# 13. See [#​2998](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2998)\n* Use new Base64Url API. See [#​22817](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2817)\n* Add warning quality check. See [#​3067](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3067)\n* Update dotnet actions. see [#​3074](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3074)\n* Fix warnings. See [#​3081](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3081)\n* Test updates in JsonWebToken. See [#​3080](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3080).\n\n### Work related to redesign of IdentityModel's token validation logic [#​2711](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2711)\n- [#​3027](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3027), [#​3028](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3028), [#​3051](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3051), [#​3054](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3054)\n\n## What's Changed\n* Update CHANGELOG.md by @​jmprieur in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3053\n* Extensibility tests: Audience - JWT, SAML and SAML2 by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3027\n* Extensibility tests: Lifetime - JWT, SAML and SAML2 by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3028\n* Implement lazy ClaimsIdentity creation from ValidatedToken on SAML and SAML2 on the new validation model by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3051\n* Add logging to the new validation model by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3054\n* update version by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3057\n* lower version to avoid downgrades. by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3058\n* Respect TVP.RequireAudience when set to false by @​kllysng in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3055\n* Fix package downgrade in consuming libraries by @​jmprieur in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3062\n* Add slnf for running perf and stress tests by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3066\n* Add Warning Quality Check Build Task 🔨 by @​kllysng in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3067\n* Update template-Build-run-tests-sign.yml by @​ciaozhang in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3069\n* Removed unused property on JsonWebToken by @​keegan-caruso in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3072\n* Update setup dotnet actions by @​keegan-caruso in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3074\n* fixed #​2983 and re-add code coverage comments to PRs by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3076\n* Remove duplicate keyid into var keysAttempted by @​bdapoigny in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2899\n* Upgrade to C# 13 by @​westin-m in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2998\n* Use new Base64Url API by @​msbw2 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2817\n* Update common.props by @​ciaozhang in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3078\n* fix warnings by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3081\n* Fixed integer overflow in AuthenticatedEncryptionProvider.cs by @​gparametr in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3063\n* Test updates by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3080\n* For net4.6.2 select RSACng for PSS support. by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3085\n* changelog for 8.3.1 by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3098\n\n## New Contributors\n* @​bdapoigny made their first contribution in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2899\n* @​gparametr made their first contribution in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3063\n\n ... (truncated)\n\n## 8.3.0\n\n## New features\n\n### Work related to redesign of IdentityModel's token validation logic [#​2711](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2711)\n* SAML and SAML2 new model validation: Token Replay. See [#​2994](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2994)\n* Extensibility tests: Token Type - JWT ([#​3030](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3030)), Issuer - SAML and SAML2 ([#​3026](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3026)), Algorithm and Signature - JWT, SAML and SAML2 ([#​3034](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3034)), Token Replay - JWT, SAML and SAML2 ([#​3032](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3032)),  Issuer signing key - JWT, SAML and SAML2 ([#​3029](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/302))\n* Avoid code duplication in extensibility testing. See [#​3041](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3041)\n* Extensibility Testing: Refactor. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3011\n* Remove duplicate code in extensibility tests. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3044\n\n## Bug fixes\n* Fix bug with AadIssuerValidator. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3042\n* Fixed SignedHttpRequest flaky test. See [#​3037](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3037)\n \n## Fundamentals\n* Install all .NET versions in pipeline to fix run tests task. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3018\n* Changelog for 8.2.1. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3009\n* Remove unnecessary AoT test project. See in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3045\n* Fix powershell script for nuget update. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3046\n* Update to next version. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3010\n* Disable Coverage PR comments. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3048\n* Updates GitHub Action to support long paths, See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3049\n* Stack parameters to improve reading of code. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3031\n\n## New Contributors\n* @​ssmelov made their first contribution in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3042\n\n**Full Changelog**: https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.2.1...8.3.0\n\n## 8.2.1\n\n8.2.1\n=====\n### New features\n- Update to use .NET 9 GA. See [2990](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2990).\n\n### Bug fixes\n- Remove dependency on Microsoft.Bcl.TimeProvider for .NET 8+ targets. See [2935](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2935).\n- Update cgmanifest to align with the JSON schema. See [2969](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2969).\n\n### Fundamentals\n- Streamline token creation in `SecurityTokenDescriptor`. See [2993](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2993).\n- Prevent inlining to guarantee stack frames in test. See [2999](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2999).\n\n### Work related to redesign of IdentityModel's token validation logic [#​2711](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2711)\n- Simplify stack frame caching. See [2976](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2976).\n- Implement reading SAML and SAML2 tokens. See [2980](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2980).\n- Implement validating SAML signature. See [2950](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2950).\n- Add tests for `IssuerExtensibility`. See [2987](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2987).\n- Add validation for SAML and SAML2 issuer signing key. See [2965](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2965).\n- Add validation for SAML and SAML2 algorithm. See [2984](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2984).\n\n## What's Changed\n* Microsoft.Rest.ClientRuntime has been deprecated, which results in so… by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2970\n* Update to next version after 8.2.0 release by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2975\n* Consolidating test statics by @​trwalke in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2956\n* New token validation model: Simplify stack frame caching by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2976\n* Remove dependency on Microsoft.Bcl.TimeProvider for .NET 8+ targets by @​filipnavara in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2935\n* Update cgmanifest to align with the JSON schema by @​jeffhandley in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2969\n* SAML and SAML2 new model validation: Read Token by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2980\n* SAML2 new model validation: Signature by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2961\n* JsonWebTokenHandler IssuerExtensibility by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2987\n* SAML and SAML2 new model validation: Issuer Signing Key by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2965\n* Ignore AotCompatibilityTests on ADO by @​jmprieur in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2992\n* SAML and SAML2 new model validation: Algorithm by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2984\n* Use SecurityTokenDescriptor when creating tokens by @​msbw2 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2991\n* Prevent inlining to guarantee stack frames in test by @​westin-m in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3002\n* Update to .NET 9 GA. Update some test dependencies. by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2990\n* Add Abstractions.Tests to strong name bypass file. by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3004\n\n## New Contributors\n* @​jeffhandley made their first contribution in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2969\n\n**Full Changelog**: https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.2.0...8.2.1\n\n## 8.2.0\n\n8.2.0\n=====\n### Fundamentals\n- Update System.Text.Json to 8.0.5 CVE-2024-43485. See [2892](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2892).\n- Using FixedTimeEquals in NETCore targets. See [2857](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2857).\n- Updated .NET 9 to RC 2 [2898](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2898).\n- Adds ability to create token without kid [2968](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2968)\n- Enables code coverage in PRs [2946](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2946)\n- Various test improvements:\n- [#​2953](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2953)\n- [#​2955](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2955)\n- [#​2951](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2951)\n- [#​2952](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2952)\n- [#​2947](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2947)\n\n### Work related to redesign of IdentityModel's token validation logic [#​2711](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2711)\n- Validates Audience for SAML2TokenHandler with New Model [2863](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2863)\n- Improvements to AudienceValidation [2902](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2902)\n- Added properties to ValidationResult [2923](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2923)\n- Implements Audience and Lifetime validations in SamlSecurityTokenHandler [2925](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2925)\n- Implements Issuer validation in SamlSecurityTokenHandler [2948](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2948)\n\n## What's Changed\n* update to next version by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2890\n* Use FixedTimeEquals in NETCore targets  by @​westin-m in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2857\n* Update System.Text.Json to 8.0.5 CVE-2024-43485 by @​msbw2 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2892\n* Update .NET 9 to RC 2 by @​msbw2 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2898\n* Validate Audience for SAML2TokenHandler with New Model by @​FuPingFranco in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2863\n* Regression tests: Issuer by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2868\n* Mark Wilson APIs as Shipped by @​westin-m in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2903\n* Add Tests for Lifetime Validation Using New Validation Model For SAML2 by @​FuPingFranco in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2906\n* Suggested changes to AudienceValidation by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2902\n* Extensibility tests: Audience by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2861\n* Added properties to ValidationResult without throwing by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2923\n* Extensibility tests: Lifetime by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2867\n* Regression tests: Issuer signing key by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2927\n* Do not serialize CaseSensitiveClaimsIdentity.SecurityToken. by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2896\n* Fix typo by @​westin-m in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2894\n* Implement and Test Audience and Lifetime validations in SamlSecurityTokenHandler with New Validation Model by @​FuPingFranco in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2925\n* Fix Flaky Tests: NameAndRoleClaimDelegates and RoleClaims by @​kellyyangsong in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2873\n* Regression tests: Signature by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2930\n* Validate Issuer Using New Validation Model in Saml2SecurityTokenHandler by @​FuPingFranco in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2929\n* Fix builds on macOS / Linux using the build.sh script by @​filipnavara in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2937\n* Regression tests: Algorithm by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2934\n* Regression tests: Token Type by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2932\n* Regression tests: Token Replay by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2931\n* Fix DevEx and IDDP builds such that when building internally, use an internal Nuget feed instead of nuget.org by @​kellyyangsong in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2936\n* Restore PopKeyResolvingTests.GetPopKeysFromJkuAsync by @​kellyyangsong in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2947\n* Restore skipped test: ReferenceCountingTest_MultiThreaded by @​kellyyangsong in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2952\n* Restore EnsureAotCompatibility test by @​kellyyangsong in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2951\n ... (truncated)\n\n## 8.1.2\n\n## What's Changed\n\n### Bug fixes\n\n* CaseSensitiveClaimsIdentity.Clone() now returns a `CaseSensitiveClaimsIdentity` as expected, by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2879\n* Multiple unused and unusable (for the moment) public APIs were removed. These were introduced by mistake leaking from the work done on logging and exception handling, by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2888\n\n### Fundamentals\n* Enabled PublicApiAnalyzers to better understand and trace changes to the public API, by @​keegan-caruso in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2782\n\n\n**Full Changelog**: https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.1.1...8.1.2\n\n## 8.1.1\n\n8.1.1\n=====\n### Bug fixes\n- Fix bug where ConfigurationManager was updating keys too frequently. See [2866](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2866) for details.\n\n## What's Changed\n* Rename validation delegates by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2847\n* Remove TransformBeforeSignatureValidationDelegate from ValidationParameters by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2848\n* Add disable discovery enumeration = true to all theory tests by @​kellyyangsong in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2849\n* Make CaseSensitiveClaimIdentity serializable by @​kellyyangsong in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2850\n* Remove Obsolete BinaryFormatter  by @​kellyyangsong in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2851\n* Refactor ValidateConditions in Saml2SecurityTokenHandler by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2855\n* Set custom BenchmarkDotNetconfig as default by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2852\n* Regression tests: Audience by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2838\n* Fix ValidateJsonWebTokenClaimMapping Flaky Test 🐞 by @​kellyyangsong in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2859\n* update current version by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2862\n* Regression tests: Lifetime by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2839\n* Rename ResolveTokenDecryptionKeyDelegate to DecryptionKeyResolverDelegate by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2869\n* Set internal _syncAfter using only AutomaticRefreshInterval. by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2865\n* 8.1.1 Changelog by @​kellyyangsong in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2864\n* Adjust for RefreshInterval not influencing AutomaticRefreshInterval. by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2870\n\n\n**Full Changelog**: https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.1.0...8.1.1\n\n## 8.1.0\n\n8.1.0\n=====\n### Performance improvements\n- Improves performance during issuer validation by replacing string comparison with span comparison. See PR [#​2826](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2826).\n\n### New features\n- Add optional check to prevent using keys that are shared across multiple clouds. See issue [#​2832](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2832) for details.\n\n### Bug fixes\n- JsonWebTokenHandler would only return unwrapped keys if there was no errors. This change is to align with the behavior in JwtSecurityTokenHandler, that is it returns the keys that were able to be unwrapped, and only throw if no keys were able to be unwrapped. See issue [#​2695](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2695) for details.\n\n### Fundamentals\n- Fix flaky tests. See [#​2793](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2793) for details.\n- Update XUnit versoin and fix test warnings due to new XUnit analyzers. See PR [#​2796](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2796) for details.\n- Onhboard to code coverage in ADO. See PR [#​2798](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2798).\n- Use `IsTargetFrameworkCompatible(*)` so AOT is forward-compatible with .NET 9 and beyond. See PR [#​2790](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2790) for details.\n- Fix a merge conflict impacting dev. See PR [#​2819](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2819).\n- Defining the following attribute in multiple assemblies (.Tokens, .Logging) causes an internal error.\n[DynamicallyAccessedMembers(DynamicallyAccessedMemberTypes.PublicConstructors)]. See PR [#​2820](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2820).\n- Remove perl dependency. See PR [#​2830](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2830).\n\n### Work related to redesign of IdentityModel's token validation logic [#​2711](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2711)\n- [#​2794](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2794)\n- [#​2800](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2800)\n- [#​2810](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2810)\n- [#​2811](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2811)\n- [#​2816](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2816)\n- [#​2822](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2822)\n- [#​2815](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2815)\n- [#​2818](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2818)\n- [#​2813](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2813)\n- [#​2827](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2827)\n\n## What's Changed\n* changelog 8.0.2 by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2792\n* Update version.props to 8.0.2 by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2791\n* Fix Async Issue in Extensibility Tests by @​FuPingFranco in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2795\n* Update xUnit version and fix test warnings by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2796\n* ValidateTokenAsync - New Path: Refactor result types by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2794\n* Onboard to code coverage in ADO by @​keegan-caruso in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2798\n* Exception refinement: Adding additional information by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2800\n* Add initial regression tests for the new validation path by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2810\n* Use IsTargetFrameworkCompatible() by @​martincostello in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2790\n* Regression tests: Added inner exception detail and invalid signature failure due to invalid algorithm used by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2811\n* Return unwrapped keys if able by @​keegan-caruso in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2812\n* New token validation path: Renamed result types by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2816\n* Fix merge conflict by @​msbw2 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2819\n* Removed attribute that causes issues with internal builds. by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2820\n* Add missing exception type to ValidationError -\u003e GetException() by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2822\n* Regression testing: Add JWE use cases by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2815\n ... (truncated)\n\n## 8.0.2\n\n8.0.2\n=====\n\n### Security fundamentals\n- Add `BannedApiAnalyzers` to prevent use of `ClaimsIdentity` constructors. See PR [#​2778](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2778) for details.\n\n### Bug fixes\n- IdentityModel now allows the JWT payload to be an empty string. See issue [#​2656](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2656) for details.\n- Cache `UseRfcDefinitionOfEpkAndKid` switch. See PR [#​2747](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2747) for details.\n- Method was named `DoNotFailOnMissingTid` in 7x and `DontFailOnMissingTid` in 8x, adding the method for back compat. See issue [#​2750](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2750) for details.\n- Metadata is now updated on a background thread. See [#​2780](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2780) for details.\n- `JsonWebKeySet` stores the original string it was created with. See PR [#​2755](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2755) for details.\n- Restore AOT compatibility. See [#​2711](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2711).\n- Fix OpenIdConnect parsing bug. See [#​2772](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2772) for details.\n- Remove the lock on creating a `SignatureProvider`. See [#​2788](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2788) for details.\n\n### Fundamentals\n- Test clean up [#​2742](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2742).\n- Use only FxCop in .NET framework targets [#​2693](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2693).\n- Add rule to add file headers automatically [#​2748](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2748).\n- Code analysis updates [#​2746](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2746).\n- Include README packages in NuGet [#​2752](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2752).\n- Update projects inside WilsonUnix solution [#​2768](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2768).\n- Code style enforced in build [#​2603](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2603).\n- CodeQL update [#​2767](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2767).\n- Update build pipeline to new one release build format [#​2777](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2777).\n- Update GitHub actions to `9.0.100-preview.7.24407.12` and add `\u003cNoWarn\u003e$(NoWarn);SYSLIB0057\u003c/NoWarn\u003e` due to breaking changes in preview7. [#​2786](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2786).\n\n### Work relating to [#​2711](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2711)\n- [#​2725](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2725), [#​2729](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2729), [#​2753](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2753), [#​2758](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2758), [#​2759](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2759), [#​2757](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2758), [#​2759](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2757), [#​2764](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2758), [#​2759](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2764), [#​2771](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2758), [#​2759](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2759), and [#​2779](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2779).\n\n\n## What's Changed\n* Remove old 6x tests used that are not needed anymore by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2742\n* Only use fxcop in netfw by @​keegan-caruso in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2693\n* Allow Jwt payload to be the empty string. by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2745\n* Add rule to add file headers automatically. by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2748\n* Remove Delegate Checks in Multiple Validators and Prevents Null Setting of Delegates by @​FuPingFranco in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2725\n* Fix CodeQL by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2746\n* Cache UseRfcDefinitionOfEpkAndKid switch. by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2747\n* Decrypt token: Remove exceptions + use new ValidationParameters by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2729\n* Include README packages in NuGet by @​localden in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2752\n* Remove internals for new work. by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2753\n* Add property named differently in 7x. by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2756\n* Remove SlimLock when updating metadata. by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2751\n* Revert \"Remove SlimLock when updating metadata. (#​2751)\" by @​keegan-caruso in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2762\n* Remove Delegate Checks Audience Validator and Prevents Null Setting of Delegate by @​FuPingFranco in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2758\n* Re-factor Issuer Validator to Follow New Validation Model by @​FuPingFranco in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2759\n* Update projects inside WilsonUnix solution by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2768\n* JsonWebKeySet stores the String it was created with by @​westin-m in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2755\n ... (truncated)\n\nCommits viewable in [compare view](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.0.1...8.14.0).\n\u003c/details\u003e\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=Microsoft.IdentityModel.JsonWebTokens\u0026package-manager=nuget\u0026previous-version=8.0.1\u0026new-version=8.14.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge and block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/statisticsnorway/PxWeb/pull/465","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/statisticsnorway%2FPxWeb/issues/465","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/465/packages"},{"uuid":"3645470771","node_id":"PR_kwDOGnKBAc60f7hN","number":97,"state":"closed","title":"Bump Microsoft.IdentityModel.JsonWebTokens from 8.14.0 to 8.15.0","user":"dependabot[bot]","labels":["dependencies",".NET"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2025-12-03T05:03:54.000Z","author_association":null,"state_reason":null,"created_at":"2025-11-20T05:04:31.000Z","updated_at":"2025-12-03T05:03:56.000Z","time_to_close":1123163,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"Microsoft.IdentityModel.JsonWebTokens","old_version":"8.14.0","new_version":"8.15.0","repository_url":"https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet"}],"path":null,"ecosystem":"nuget"},"body":"Updated [Microsoft.IdentityModel.JsonWebTokens](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet) from 8.14.0 to 8.15.0.\n\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\n_Sourced from [Microsoft.IdentityModel.JsonWebTokens's releases](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/releases)._\n\n## 8.15.0\n\n## New Features\n- **Add ECDsa support in `X509SecurityKey` and `JsonWebKeyConverter.ConvertFromX509SecurityKey`**  \n  Extended `X509SecurityKey` and `JsonWebKeyConverter.ConvertFromX509SecurityKey` to support ECDSA keys.  \n  See PR [#​2377](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2377) for details.\n\n## Bug Fixes\n- **Sanitize logs to avoid leaking sensitive data**  \n  Updated logging to sanitize sensitive values, reducing the risk of inadvertently exposing secrets or PII in logs.  \n  See PR [#​3316](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3316) for details.\n- **Optimize log sanitization with `SearchValues`**  \n  Improved the performance of the log sanitization logic introduced earlier by using `SearchValues`, making sanitization more efficient in high-throughput scenarios.  \n  See PR [#​3341](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3341) for details.\n- **Update test for `IDX10400`**  \n  Adjusted the `IDX10400` test to align with the current behavior and error messaging.  \n  See PR [#​3314](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3314) for details.\n\n## Fundamentals\n- **Add supported algorithm tests**  \n  Added new tests to validate the set of supported cryptographic algorithms, increasing confidence in algorithm coverage and compatibility.  \n  See PR [#​3296](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3296) for details.\n- **Migrate repository agent rules from `.clinerules` to `agents.md`**  \n  Moved repository agent/AI-assist rules into markdown documentation to make them more visible and easier to maintain.  \n  See PR [#​3313](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3313) for details.\n- **Migrate `Microsoft.IdentityModel.TestExtensions` from Newtonsoft.Json to System.Text.Json**  \n  Updated `Microsoft.IdentityModel.TestExtensions` to use `System.Text.Json` instead of `Newtonsoft.Json`, aligning tests with the runtime serialization stack.  \n  See PR [#​3356](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3356) for details.\n- **Disable code coverage comments**  \n  Turned off automated code coverage comments on PRs to reduce noise while retaining coverage data elsewhere.  \n  See PR [#​3349](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3349) for details.\n- **Fix CodeQL alerts**  \n  Addressed CodeQL-reported issues to improve security posture and static analysis cleanliness.  \n  See PR [#​3364](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3364) for details.\n\n### .NET 10 / SDK and tooling updates\n- **Building with .NET 10 preview / RC 1**  \n  Updated the repository to build and test against .NET 10.0 preview/RC1, ensuring early compatibility with the upcoming runtime.  \n  See PRs [#​3287](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3287), [#​3357](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3357), and [#​3358](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3358) for details.\n- **Fix .NET 10 test execution consistency**  \n  Ensured consistent use of the `TargetNetNext` parameter across build, test, and pack phases so .NET 10.0 tests execute reliably.  \n  See PR [#​3337](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3337) for details.\n- **Update project files and workflows for .NET 10.0 compatibility**  \n  Adjusted project files and CI workflows to correctly target and run on .NET 10.0, including test and pack scenarios.  \n  See PR [#​3363](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3363) for details.\n- **Update .NET version to meet CG compliance**  \n  Updated the .NET version references to be compliant with corporate governance (CG) requirements.  \n  See PR [#​3353](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3353) for details.\n- **Update Coverlet collector and test SDK**  \n  - Bumped `CoverletCollectorVersion` to 6.0.4.  \n    See PR [#​3333](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3333) for details.  \n  - Upgraded `Microsoft.NET.Test.Sdk` to a newer version for improved test reliability and tooling support.  \n ... (truncated)\n\nCommits viewable in [compare view](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.14.0...8.15.0).\n\u003c/details\u003e\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge and block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/NosCoreIO/NosCore.Networking/pull/97","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/NosCoreIO%2FNosCore.Networking/issues/97","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/97/packages"}],"issue_packages":[{"old_version":"8.17.0","new_version":"8.19.1","update_type":"minor","path":null,"pr_created_at":"2026-06-03T22:32:48.000Z","version_change":"8.17.0 → 8.19.1","issue":{"uuid":"4584152602","node_id":"PR_kwDOGnKBAc7icQiZ","number":148,"state":"closed","title":"Bump Microsoft.IdentityModel.JsonWebTokens from 8.17.0 to 8.19.1","user":"dependabot[bot]","labels":["dependencies",".NET"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-06-05T05:46:47.000Z","author_association":null,"state_reason":null,"created_at":"2026-06-03T22:32:48.000Z","updated_at":"2026-06-05T05:46:49.000Z","time_to_close":112439,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"Microsoft.IdentityModel.JsonWebTokens","old_version":"8.17.0","new_version":"8.19.1","repository_url":"https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet"}],"path":null,"ecosystem":"nuget"},"body":"Updated [Microsoft.IdentityModel.JsonWebTokens](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet) from 8.17.0 to 8.19.1.\n\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\n_Sourced from [Microsoft.IdentityModel.JsonWebTokens's releases](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/releases)._\n\n## 8.19.1\n\n## Bug Fixes\n- Update `JwtSecurityTokenHandler` for `IssuerSigningKeyResolverUsingConfiguration` toi take priority over `IssuerSigningKeyResolver`, matching the documented contract and the correct behavior already present in `JsonWebTokenHandler`. See [PR #​3519](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3519).\n\n## 8.19.0\n\n## New Features\n- Add ML-DSA (FIPS 204) post-quantum signature support. See [PR #​3479](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3479).\n- Cache custom crypto providers in CryptoProviderFactory. See [PR #​3489](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3489).\n\n## Bug Fixes\n- Disable automatic redirects on default HttpClient for JKU retrieval. See [PR #​3494](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3494).\n- Adjust rented buffer handling in claim set parsing. See [PR #​3493](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3493).\n- Tidy null handling in SAML conditions validation. See [PR #​3491](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3491).\n- Improve validation of `jku` claim. See [PR #​3481](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3481).\n- Limit telemetry algorithm dimension cardinality. See [PR #​3490](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3490).\n- Add defensive copy of collections in ValidationParameters. See [PR #​3492](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3492).\n- Update TokenValidationParameter copy constructor to make a deep copy. See [PR #​3488](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3488).\n- Update to fail-closed when replay protection isn't configured and other DPoP hardening. See [PR #​3505](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3505).\n- Apply RFC 3986 section 6.2.2 normalization to DPoP `htu` comparison. See [PR #​3509](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3509).\n\n## 8.18.0\n\n## New Features\n- Introduced a new interface `IConfigurationEventHandlerContextAware\u003cT\u003e` that provides context to the configuration event handler implementation, allowing it to optionally bypass a cache lookup. See [PR #​3444](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3444).\n- Added Microsoft.IdentityModel.Dpop — a new package implementing DPoP (Demonstrating Proof-of-Possession) per RFC 9449. Provides both client-side and server-side proof validation with no System.Net.Http dependency. See [PR #​3443](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3443).\n\n\nCommits viewable in [compare view](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.17.0...8.19.1).\n\u003c/details\u003e\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/NosCoreIO/NosCore.Networking/pull/148","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/NosCoreIO%2FNosCore.Networking/issues/148","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/148/packages"}},{"old_version":null,"new_version":null,"update_type":null,"path":null,"pr_created_at":"2026-05-21T07:35:07.000Z","version_change":null,"issue":{"uuid":"4492660295","node_id":"PR_kwDOLkzEy87d1j9w","number":146,"state":"open","title":"Bump MediatR and Microsoft.IdentityModel.JsonWebTokens","user":"dependabot[bot]","labels":[],"assignees":[],"locked":false,"comments_count":9,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-21T07:35:07.000Z","updated_at":"2026-05-21T07:41:25.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"MediatR","repository_url":"https://github.com/LuckyPennySoftware/MediatR"},{"name":"Microsoft.IdentityModel.JsonWebTokens","repository_url":"https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet"}],"path":null,"ecosystem":"nuget"},"body":"Updated [MediatR](https://github.com/LuckyPennySoftware/MediatR) from 12.4.1 to 14.1.0.\n\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\n_Sourced from [MediatR's releases](https://github.com/LuckyPennySoftware/MediatR/releases)._\n\n## 14.1.0\n\n## What's Changed\n* Migrating to slnx by @​jbogard in https://github.com/LuckyPennySoftware/MediatR/pull/1147\n* Remove Azure-dependent CI steps to fix forked PR builds by @​Copilot in https://github.com/LuckyPennySoftware/MediatR/pull/1154\n* Handling nested generic arguments by @​jbogard in https://github.com/LuckyPennySoftware/MediatR/pull/1155\n* Handling F# assemblies correctly by catching reflection exceptions an… by @​jbogard in https://github.com/LuckyPennySoftware/MediatR/pull/1156\n* Simplify CheckLicense to use GetRequiredService instead of fallback constructors by @​Copilot in https://github.com/LuckyPennySoftware/MediatR/pull/1158\n* Fix: Cryptic \"No constructor\" Error When ILoggerFactory Is Not Registered (Issue #​1153) by @​jbogard in https://github.com/LuckyPennySoftware/MediatR/pull/1157\n* De-duping notification handlers before dispatching by @​jbogard in https://github.com/LuckyPennySoftware/MediatR/pull/1159\n* Log warning when perpetual license cannot be applied due to missing build date by @​Copilot in https://github.com/LuckyPennySoftware/MediatR/pull/1163\n* Perpetual licensing by @​jbogard in https://github.com/LuckyPennySoftware/MediatR/pull/1162\n\n## New Contributors\n* @​Copilot made their first contribution in https://github.com/LuckyPennySoftware/MediatR/pull/1154\n\n**Full Changelog**: https://github.com/LuckyPennySoftware/MediatR/compare/v14.0.0...v14.1.0\n\n## 14.0.0\n\n## What's Changed\n* Bumping to .NET 10 by @​jbogard in https://github.com/LuckyPennySoftware/MediatR/pull/1143\n* Enabling package signing\n\n**Full Changelog**: https://github.com/LuckyPennySoftware/MediatR/compare/v13.1.0...v14.0.0\n\n## 14.0.0-beta-1\n\n## What's Changed\n* Bumping to .NET 10 by @​jbogard in https://github.com/LuckyPennySoftware/MediatR/pull/1143\n* [Signed packages](https://learn.microsoft.com/en-us/nuget/create-packages/sign-a-package)\n\n**Full Changelog**: https://github.com/LuckyPennySoftware/MediatR/compare/v13.1.0...v14.0.0-beta-1\n\nThis release is a beta release that introduces .NET 10 support and package signing. Signed packages means going forward packages can be validated against trusted authorities that the package has been published by Lucky Penny Software and not tampered with.\n\n## 13.1.0\n\n## What's Changed\n* Do not require non-public license classes to be registered; fixes #​1127 by @​jbogard in https://github.com/LuckyPennySoftware/MediatR/pull/1129\n* Adding direct .NET 4.x support by @​jbogard in https://github.com/LuckyPennySoftware/MediatR/pull/1131\n* Update release.yml by @​dhgatjeye in https://github.com/LuckyPennySoftware/MediatR/pull/1132\n* Allowing static license key values by @​jbogard in https://github.com/LuckyPennySoftware/MediatR/pull/1136\n* Dependency Injection tests for various providers by @​jithu7432 in https://github.com/LuckyPennySoftware/MediatR/pull/1134\n* Upgrade to System.Text.Json version without transitive vulnerability by @​kanilsz in https://github.com/LuckyPennySoftware/MediatR/pull/1139\n* Add DI tests for `LightInject`, `StashBox`, `Lamar` by @​jithu7432 in https://github.com/LuckyPennySoftware/MediatR/pull/1137\n\n## New Contributors\n* @​dhgatjeye made their first contribution in https://github.com/LuckyPennySoftware/MediatR/pull/1132\n* @​kanilsz made their first contribution in https://github.com/LuckyPennySoftware/MediatR/pull/1139\n\n**Full Changelog**: https://github.com/LuckyPennySoftware/MediatR/compare/v13.0.0...v13.1.0\n\n## 13.0.0\n\n**Full Changelog**: https://github.com/LuckyPennySoftware/MediatR/compare/v12.5.0...v13.0.0\n\n* Added support for .NET Standard 2.0\n* Requiring license key\n* Moving from Apache license to dual commercial/OSS license\n\nTo set your license key:\n\n```csharp\nservices.AddMediatR(cfg =\u003e {\n    cfg.LicenseKey = \"\u003cLicense key here\u003e\";\n});\n```\n\nYou can obtain your license key at [MediatR.io](https://mediatr.io)\n\n## 12.5.0\n\n## What's Changed\n* Open behavior multiple registration extensions by @​Emopusta in https://github.com/jbogard/MediatR/pull/1065\n* Remove duplicate `Nullable` property from `MediatR.Contracts` by @​jithu7432 in https://github.com/jbogard/MediatR/pull/1061\n* Timeout behavior support by @​zachpainter77 in https://github.com/jbogard/MediatR/pull/1058\n* GitHub Actions upload-artifacts@​v2 deprecated moving to v4 by @​jithu7432 in https://github.com/jbogard/MediatR/pull/1072\n* update MinVer from 4.3.0 to 6.0.0 by @​adamralph in https://github.com/jbogard/MediatR/pull/1102\n* Update setup-dotnet package version. by @​Emopusta in https://github.com/jbogard/MediatR/pull/1086\n* Add test for multiple open behavior registration feature. by @​Emopusta in https://github.com/jbogard/MediatR/pull/1077\n* Add validation and comments to OpenBehavior entity. by @​Emopusta in https://github.com/jbogard/MediatR/pull/1078\n* Passing CancellationToken to the call chain by @​podobaas in https://github.com/jbogard/MediatR/pull/1100\n\n## New Contributors\n* @​Emopusta made their first contribution in https://github.com/jbogard/MediatR/pull/1065\n* @​jithu7432 made their first contribution in https://github.com/jbogard/MediatR/pull/1061\n* @​podobaas made their first contribution in https://github.com/jbogard/MediatR/pull/1100\n\n**Full Changelog**: https://github.com/jbogard/MediatR/compare/v12.4.1...v12.5.0\n\nCommits viewable in [compare view](https://github.com/LuckyPennySoftware/MediatR/compare/v12.4.1...v14.1.0).\n\u003c/details\u003e\n\nUpdated [Microsoft.IdentityModel.JsonWebTokens](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet) from 7.4.0 to 8.14.0.\n\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\n_Sourced from [Microsoft.IdentityModel.JsonWebTokens's releases](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/releases)._\n\n## 8.14.0\n\n8.14.0\n====\n## Bug Fixes\n- Switch back to use `ValidationResult` instead of `OperationResult` when validating a token in a new experimental validation flow. Additionally removed the dependency on Microsoft.IdentityModel.Abstractions. See [#​3299](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3299) for details.\n\n## 8.13.1\n\n8.13.1\n====\n## Dependencies\nMicrosoft.IdentityModel now depends on Microsoft.Identity.Abstractions 9.3.0\n\n## Bug Fixes\n- Fixed a decompression failure happening for large JWE payloads. See [#​3286](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3286) for details.\n\n### Work related to redesign of IdentityModel's token validation logic [#​2711](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2711)\n- Update the validation methods to return Microsoft.Identity.Abstractions.OperationResult. See [#​3284](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3284) for details.\n\n8.13.0\n\n## 8.13.0\n\n8.13.0\n====\n### Fundamentals\n- `CaseSensitiveClaimsIdentity.SecurityToken` setter is now protected internal (was internal). See PR [#​3278](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3278) for details.\n- Update .NET SDK version to 9.0.108 used when building or running the code. See PR [#​3274](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3274) for details.\n- Update RsaSecurityKey.cs to replace the Pkcs1 padding by Pss from HasPrivateKey check. See [#​3280](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3280) for details.\n\n## What's Changed\n* Make CaseSensitiveClaimsIdentity.SecurityToken setter protected by @​keegan-caruso in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3278\n* Update .NET SDK version in global.json from 9.0.107 to 9.0.108 by @​Copilot in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3274\n* Update RsaSecurityKey.cs to remove Pkcs 1 by @​keegan-caruso in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3280\n* changelog for 8.13 by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3282\n\n## New Contributors\n* @​Copilot made their first contribution in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3274\n\n**Full Changelog**: https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.12.1...8.13.0\n\n## 8.12.1\n\n8.12.1\n====\n### Fundamentals\n- Update .NET SDK version to 9.0.107 used when building or running the code. See [#​3263](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3263) for details.\n- To keep our experimental code separate from production code, all files associated with experimental features have been moved to the Experimental folders. See PR [#​3261](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3261) for details.\n- Experimental code leaked into TokenValidationResult from early prototypes. See PR [#​3259](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3259) for details.\n\n## What's Changed\n* Remove experimental code from TokenValidationResult by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3259\n* Moved files to experimental folder by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3261\n* Update global.json to latest by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3263\n\n\n**Full Changelog**: https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.12.0...8.12.1\n\n## 8.12.0\n\n8.12.0\n====\n\n## New Features\n- **Enhance ConfigurationManager with event handling**  \n  Added event handling capabilities to the `ConfigurationManager`, enabling consumers to subscribe to configuration change events. This enhancement improves extensibility and allows more responsive applications. For details see [#​3253](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3253)  \n\n## Bug Fixes\n- **Add expected Base64UrlEncoder.Decode overload for NET6 and 8**  \n  Introduced the expected overload of `Base64UrlEncoder.Decode` for .NET 6 and 8, ensuring compatibility and preventing missing method issues on these frameworks.  \n  For details see [#​3249](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3249)  \n\n## Fundamentals\n- **Add AI assist rules**  \n  Incorporated AI assist rules to enhance AI agents effectiveness.  \n  For details see [#​3255](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3255)  \n- **Update PublicApiAnalyzers and BannedApiAnalyzers to 4.14.0**  \n  Upgraded analyzer packages for improved diagnostics and code consistency (in particular delegates are added).  \n  For details see [#​3256](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3256)  \n- **Move suppression of RS006 to csproj**  \n  Centralized suppression of RS006 warnings in project files for easier management.  \n  For details see [#​3230](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3230)\n\n## What's Changed\n* Move suppression of RS006 to csproj. by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3230\n* Add expected Base64UrlEncoder.Decode overload for NET6 and 8 by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3250\n* add ai assist rules by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3255\n* Enhance ConfigurationManager with event handling by @​GeoK in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3254\n* Update PublicApiAnalyzers and BannedApiAnalyzers to 4.14.0 by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3256\n* Update CHANGELOG.md for 8.12.0 by @​jmprieur in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3258\n\n\n**Full Changelog**: https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.11.0...8.12.0\n\n## 8.11.0\n\n8.11.0\n=====\n## New Features:\n- Microsoft.IdentityModel now exposes the AadIssuerValidator factory method publicly to enable caching functionality for AadIssuerValidator instances. See issue [#​3245](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3245) for details.\n- Added a new public async API: `JsonWebTokenHandler.DecryptTokenWithConfigurationAsync`, which decrypts a JWE token using keys from either `TokenValidationParameters` or, if not present, from configuration (such as via a ConfigurationManager). This enhancement improves developer experience by enabling asynchronous, cancellation-aware JWE decryption scenarios, aligning with modern .NET async patterns and making integration with external key/configuration sources more robust and observable. See PR [#​3243](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3243) for details.\n\n## What's Changed\n* few updates by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3242\n* Changelog for 8.10.0 by @​sruke in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3241\n* Exposes publicly override of AadIssuerValidator factory taking a delegate by @​jmprieur in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3244\n* update current version to 8.10.0 by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3246\n* Add DecryptTokenWithConfiguration API by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3243\n* changelog for 8.11 by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3248\n\n\n**Full Changelog**: https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.10.0...8.11.0\n\n## 8.10.0\n\n8.10.0\n=====\n## Bug Fixes\n- Corrected casing of the Type attribute in SubjectConfirmationData. See [#​3206](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3206).\n- Removed Microsoft.Bcl.Memory dependency for pre-.NET 9.0 targets. See [#​3220](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/commit/33784b8ec0ff4300efad788535f90b3adc5bdfd1).\n- Aligned Microsoft.Extensions.Logging.Abstractions version to 8.0.0 for .NET 9 to match other targets. See [#​3226](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/commit/793bd34e945eb8ba7528cf87c4a29a29c4704a65).\n\n## Fundamentals\n- Introduced Long-Term Support (LTS) policy. See [#​3228](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/commit/946bec18cdeb26b8133a04e8c056dd5f17588f89) and [#​3232](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/commit/14842aedb3d57c32b9ce784061cd9beccbdd1eb1).\n\n## 8.9.0\n\n8.9.0\n=====\n## Bug Fixes\n- syncAfter has been updated to preserve UTC information, addressing a bug where GetConfigurationAsync does not refresh configuration in ConfigurationManager. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3213.\n- Fixed a null reference issue in KeyInfo. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3203.\n\n## New Features\n- Introduced a new delegate for reading custom token payload values on JsonWebToken. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2981.\n- Added an overload for ReadJsonWebToken to take a ReadOnlyMemory. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3205.\n\n## Fundamentals\n- Utilized IList to avoid enumerator allocation during audience validation. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3204.\n\n## 8.8.0\n\n8.8.0\n=====\n## New Features\n- Adds the ability for the metadata refresh to be done as a blocking call, as per 8.0.1 behavior. This is done through the `Switch.Microsoft.IdentityModel.UpdateConfigAsBlocking` switch. If set, configuration calls will be blocking when metadata is updated, otherwise, if token arrive with a new signing keys, validation errors will be returned to the caller. See PR [#​3193](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3193) for details.\n- Identity.Model updates some log and error messages (IDX10214, IDX10215). If the information is needed for debugging purposes, it can be reverted via the `Switch.Microsoft.IdentityModel.DoNotScrubExceptions` AppContextSwitch. See PR [#​3195](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3195) and https://aka.ms/identitymodel/app-context-switches for details.\n- Change all plain object locks to `System.Thread.Lock` objects for .NET 9 or greater. See PRs [#​3185](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3185) and [#​3189](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3189) for details.\n\n\n## 8.7.0\n\n## Bug Fixes\n- Add back internal methods `IsRecoverableException` and `IsRecoverableExceptionType` whose signatures were changed in the previous version. See [#​3181](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3181).\n\n## New Features\n- Make `Cnf` class public and move it to Microsoft.IdentityModel.Tokens package. See [#​3165](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3165).\n\n## What's Changed\n* Post Release 8.6.1 cleanup  by @​mdchennu in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3160\n* Updates CodeQL.yaml to exclude test files by @​sruke in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3163\n* Adds explanation for CodeQL warnings by @​sruke in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3167\n* Fix typo by @​rstm-sf in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3175\n* Need to change the locks by @​JoshLozensky in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3171\n* Move CNF from SHR to M.IM.Tokens by @​keegan-caruso in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3168\n* Add back IsRecoverableException methods. by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3183\n* Revert \"Need to change the locks\" by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3186\n* 8.7.0 changelog by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3184\n\n## New Contributors\n* @​rstm-sf made their first contribution in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3175\n\n**Full Changelog**: https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.6.1...8.7.0\n\n## 8.6.1\n\n8.6.1\n=====\n## Bug fix\n- Microsoft.IdentityModel now triggers a configuration refresh if token decryption fails. See issue [#​3148](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3148) for details.\n- Fix a bug in `JsonWebTokenHandler` where `JwtTokenDecryptionParameters`'s `Alg` and `Enc` were not set during token decryption, causing `IDX10611` and `IDX10619` errors to show null values in the messages. See issue [#​3003](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3003) for details.\n\n## Fundamentals\n- For development, IdentityModel now has a global.json file to specify the .NET SDK version. See issue [#​2995](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2995) for details.\n\n## What's Changed\n* Update version.props to next version by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3145\n* Update the public API shipped files by @​jmprieur in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3146\n* Add global.json file by @​mdchennu in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3153\n* Trigger metadata refresh for token decryption errors by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3149\n* Populate error messages correctly from JwtTokenUtilities.DecryptJwtToken by @​ksaaf in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3152\n* first changelog update by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3156\n\n## New Contributors\n* @​mdchennu made their first contribution in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3153\n* @​ksaaf made their first contribution in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3152\n\n**Full Changelog**: https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.6.0...8.6.1\n\n## 8.6.0\n\n8.6.0\n=====\n## New Features\n- TokenValidationParameters has a new boolean property `TryAllDecryptionKeys` that let you choose whether to try all decrypt keys when no key matches the token decrypt key IDs. By default it's set to **true** (legacy behavior) but you can set it to false to avoid tyring all keys which is more performant. See [#​3128](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3128)\n- Promote KeyInfo.MatchesKey from internal to protected internal virtual to enable SAML extensibility (for CoreWcf). See [#​3140](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3140)\n\n## Fundamentals\n* Update dependency on Microsoft.Extensions.Logging.Abstractions from 9.0.0 to 8.0.2 to avoid package downgrade in apps on .NET 9 using a netstandard2.0 library referencing logging.abstractions. See [3143](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3143)\n* Add more tests for encrypted tokens. See [#​3139](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3139)\n\n## What's Changed\n* Update CHANGELOG.md by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3133\n* Update version.props to next version by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3137\n* Add TryAllDecryptionKeys flag to whether decrypt if no key IDs match by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3128\n* Change KeyInfo.MatchesKey from internal to protected internal virtual. by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3140\n* Fix #​3112 by @​jmprieur in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3143\n* Add more auto-decryption related tests by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3139\n* Update changelog.md for 8.6.0 by @​jmprieur in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3144\n\n\n**Full Changelog**: https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.5.0...8.6.0\n\n## 8.5.0\n\n8.5.0\n=====\n## Reverting previous breaking change\n- The Configuration Manager has been reverted to version 8.3.1. The changes made in 8.4.0 assume the configuration manager is used as a singleton, which is similar to marking the type as disposable. We have since learned that [adding IDisposable is a breaking change](https://learn.microsoft.com/en-us/dotnet/fundamentals/runtime-libraries/system-idisposable), so we are following [semver guidance](https://semver.org/#what-do-i-do-if-i-accidentally-release-a-backward-incompatible-change-as-a-minor-version) and reverting and releasing a minor version (8.5.0).\n- Cherry-picked Changes: Included changes from PR [#​3022](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3022) and [#​3104](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3104).\n\n## What's Changed\n* Update version.props by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3126\n* fix formatting error by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3134\n* Revert configuration manager to 8.3.1 by @​keegan-caruso in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3132\n\n\n**Full Changelog**: https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.4.0...8.5.0\n\n## 8.4.0\n\n8.4.0\n=====\n## New Features\n- App context switch allows blocking or non-blocking calls for configuration. See PR [#​3106](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3106) for details and issue [#​3082](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3082) for details. If you are not using the ConfigurationManager as a singleton and not using the blocking option, you may need to call ShutdownBackgroundTask() to stop the background task to avoid leaking Tasks.\n- IdentityModel now enables symmetric and asymmetric keys to be created publicly with JWK. See [#​3094](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3094) for details.\n- IdentityModel now allows specifying the HTTP protocol version and version policy. See [#​2808](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2808) for details.\n\n## Repair items\n- Add request count and duration telemetry for configuration requests. See [#​3022](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3022) for details.\n- `KeyID` should be present in exception messages and is no longer PII. See [#​3104](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3104) for details.\n\n## Fundamentals\n- Fix spelling issues in xml comments. See [#​3117](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3117) for details.\n- Fix comment coverage in PR builds. See [#​3079](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3079) for details.\n\n### Work related to redesign of IdentityModel's token validation logic [#​2711](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2711)\n- See [#​3056](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3056). [#​3100](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3100), [#​3017](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3107), and [#​3111](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3111).\n- Add internal virtual on TokenHandler. See [#​3084](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3084) for details.\n\n* @​prochnowc made their first contribution in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2809\n\n## 8.3.1\n\n8.3.1\n=====\n## Bug Fixes\n* Respect TVP.RequireAudience when set to false. See [#​3055](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3055)\n* For net4.6.2 select RSACng for PSS support. See [#​3097](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3097)\n* Fix package downgrade in consuming libraries. See[#​3062](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3062)\n* Fix integer overflow in `AuthenticationEncryptionProvider.cs`. See [#​3063](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3063)\n\n## Fundamentals\n* Removed unused property on JsonWebToken ClaimsIdentity. See [#​3071](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3071) for details.\n* Upgrade to C# 13. See [#​2998](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2998)\n* Use new Base64Url API. See [#​22817](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2817)\n* Add warning quality check. See [#​3067](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3067)\n* Update dotnet actions. see [#​3074](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3074)\n* Fix warnings. See [#​3081](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3081)\n* Test updates in JsonWebToken. See [#​3080](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3080).\n\n### Work related to redesign of IdentityModel's token validation logic [#​2711](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2711)\n- [#​3027](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3027), [#​3028](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3028), [#​3051](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3051), [#​3054](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3054)\n\n## What's Changed\n* Update CHANGELOG.md by @​jmprieur in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3053\n* Extensibility tests: Audience - JWT, SAML and SAML2 by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3027\n* Extensibility tests: Lifetime - JWT, SAML and SAML2 by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3028\n* Implement lazy ClaimsIdentity creation from ValidatedToken on SAML and SAML2 on the new validation model by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3051\n* Add logging to the new validation model by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3054\n* update version by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3057\n* lower version to avoid downgrades. by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3058\n* Respect TVP.RequireAudience when set to false by @​kllysng in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3055\n* Fix package downgrade in consuming libraries by @​jmprieur in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3062\n* Add slnf for running perf and stress tests by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3066\n* Add Warning Quality Check Build Task 🔨 by @​kllysng in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3067\n* Update template-Build-run-tests-sign.yml by @​ciaozhang in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3069\n* Removed unused property on JsonWebToken by @​keegan-caruso in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3072\n* Update setup dotnet actions by @​keegan-caruso in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3074\n* fixed #​2983 and re-add code coverage comments to PRs by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3076\n* Remove duplicate keyid into var keysAttempted by @​bdapoigny in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2899\n* Upgrade to C# 13 by @​westin-m in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2998\n* Use new Base64Url API by @​msbw2 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2817\n* Update common.props by @​ciaozhang in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3078\n* fix warnings by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3081\n* Fixed integer overflow in AuthenticatedEncryptionProvider.cs by @​gparametr in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3063\n* Test updates by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3080\n* For net4.6.2 select RSACng for PSS support. by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3085\n* changelog for 8.3.1 by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3098\n\n## New Contributors\n* @​bdapoigny made their first contribution in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2899\n* @​gparametr made their first contribution in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3063\n\n ... (truncated)\n\n## 8.3.0\n\n## New features\n\n### Work related to redesign of IdentityModel's token validation logic [#​2711](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2711)\n* SAML and SAML2 new model validation: Token Replay. See [#​2994](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2994)\n* Extensibility tests: Token Type - JWT ([#​3030](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3030)), Issuer - SAML and SAML2 ([#​3026](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3026)), Algorithm and Signature - JWT, SAML and SAML2 ([#​3034](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3034)), Token Replay - JWT, SAML and SAML2 ([#​3032](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3032)),  Issuer signing key - JWT, SAML and SAML2 ([#​3029](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/302))\n* Avoid code duplication in extensibility testing. See [#​3041](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3041)\n* Extensibility Testing: Refactor. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3011\n* Remove duplicate code in extensibility tests. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3044\n\n## Bug fixes\n* Fix bug with AadIssuerValidator. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3042\n* Fixed SignedHttpRequest flaky test. See [#​3037](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3037)\n \n## Fundamentals\n* Install all .NET versions in pipeline to fix run tests task. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3018\n* Changelog for 8.2.1. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3009\n* Remove unnecessary AoT test project. See in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3045\n* Fix powershell script for nuget update. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3046\n* Update to next version. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3010\n* Disable Coverage PR comments. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3048\n* Updates GitHub Action to support long paths, See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3049\n* Stack parameters to improve reading of code. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3031\n\n## New Contributors\n* @​ssmelov made their first contribution in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3042\n\n**Full Changelog**: https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.2.1...8.3.0\n\n## 8.2.1\n\n8.2.1\n=====\n### New features\n- Update to use .NET 9 GA. See [2990](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2990).\n\n### Bug fixes\n- Remove dependency on Microsoft.Bcl.TimeProvider for .NET 8+ targets. See [2935](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2935).\n- Update cgmanifest to align with the JSON schema. See [2969](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2969).\n\n### Fundamentals\n- Streamline token creation in `SecurityTokenDescriptor`. See [2993](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2993).\n- Prevent inlining to guarantee stack frames in test. See [2999](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2999).\n\n### Work related to redesign of IdentityModel's token validation logic [#​2711](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2711)\n- Simplify stack frame caching. See [2976](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2976).\n- Implement reading SAML and SAML2 tokens. See [2980](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2980).\n- Implement validating SAML signature. See [2950](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2950).\n- Add tests for `IssuerExtensibility`. See [2987](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2987).\n- Add validation for SAML and SAML2 issuer signing key. See [2965](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2965).\n- Add validation for SAML and SAML2 algorithm. See [2984](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2984).\n\n## What's Changed\n* Microsoft.Rest.ClientRuntime has been deprecated, which results in so… by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2970\n* Update to next version after 8.2.0 release by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2975\n* Consolidating test statics by @​trwalke in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2956\n* New token validation model: Simplify stack frame caching by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2976\n* Remove dependency on Microsoft.Bcl.TimeProvider for .NET 8+ targets by @​filipnavara in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2935\n* Update cgmanifest to align with the JSON schema by @​jeffhandley in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2969\n* SAML and SAML2 new model validation: Read Token by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2980\n* SAML2 new model validation: Signature by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2961\n* JsonWebTokenHandler IssuerExtensibility by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2987\n* SAML and SAML2 new model validation: Issuer Signing Key by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2965\n* Ignore AotCompatibilityTests on ADO by @​jmprieur in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2992\n* SAML and SAML2 new model validation: Algorithm by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2984\n* Use SecurityTokenDescriptor when creating tokens by @​msbw2 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2991\n* Prevent inlining to guarantee stack frames in test by @​westin-m in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3002\n* Update to .NET 9 GA. Update some test dependencies. by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2990\n* Add Abstractions.Tests to strong name bypass file. by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3004\n\n## New Contributors\n* @​jeffhandley made their first contribution in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2969\n\n**Full Changelog**: https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.2.0...8.2.1\n\n## 8.2.0\n\n8.2.0\n=====\n### Fundamentals\n- Update System.Text.Json to 8.0.5 CVE-2024-43485. See [2892](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2892).\n- Using FixedTimeEquals in NETCore targets. See [2857](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2857).\n- Updated .NET 9 to RC 2 [2898](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2898).\n- Adds ability to create token without kid [2968](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2968)\n- Enables code coverage in PRs [2946](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2946)\n- Various test improvements:\n- [#​2953](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2953)\n- [#​2955](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2955)\n- [#​2951](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2951)\n- [#​2952](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2952)\n- [#​2947](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2947)\n\n### Work related to redesign of IdentityModel's token validation logic [#​2711](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2711)\n- Validates Audience for SAML2TokenHandler with New Model [2863](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2863)\n- Improvements to AudienceValidation [2902](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2902)\n- Added properties to ValidationResult [2923](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2923)\n- Implements Audience and Lifetime validations in SamlSecurityTokenHandler [2925](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2925)\n- Implements Issuer validation in SamlSecurityTokenHandler [2948](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2948)\n\n## What's Changed\n* update to next version by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2890\n* Use FixedTimeEquals in NETCore targets  by @​westin-m in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2857\n* Update System.Text.Json to 8.0.5 CVE-2024-43485 by @​msbw2 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2892\n* Update .NET 9 to RC 2 by @​msbw2 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2898\n* Validate Audience for SAML2TokenHandler with New Model by @​FuPingFranco in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2863\n* Regression tests: Issuer by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2868\n* Mark Wilson APIs as Shipped by @​westin-m in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2903\n* Add Tests for Lifetime Validation Using New Validation Model For SAML2 by @​FuPingFranco in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2906\n* Suggested changes to AudienceValidation by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2902\n* Extensibility tests: Audience by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2861\n* Added properties to ValidationResult without throwing by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2923\n* Extensibility tests: Lifetime by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2867\n* Regression tests: Issuer signing key by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2927\n* Do not serialize CaseSensitiveClaimsIdentity.SecurityToken. by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2896\n* Fix typo by @​westin-m in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2894\n* Implement and Test Audience and Lifetime validations in SamlSecurityTokenHandler with New Validation Model by @​FuPingFranco in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2925\n* Fix Flaky Tests: NameAndRoleClaimDelegates and RoleClaims by @​kellyyangsong in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2873\n* Regression tests: Signature by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2930\n* Validate Issuer Using New Validation Model in Saml2SecurityTokenHandler by @​FuPingFranco in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2929\n* Fix builds on macOS / Linux using the build.sh script by @​filipnavara in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2937\n* Regression tests: Algorithm by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2934\n* Regression tests: Token Type by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2932\n* Regression tests: Token Replay by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2931\n* Fix DevEx and IDDP builds such that when building internally, use an internal Nuget feed instead of nuget.org by @​kellyyangsong in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2936\n* Restore PopKeyResolvingTests.GetPopKeysFromJkuAsync by @​kellyyangsong in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2947\n* Restore skipped test: ReferenceCountingTest_MultiThreaded by @​kellyyangsong in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2952\n* Restore EnsureAotCompatibility test by @​kellyyangsong in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2951\n ... (truncated)\n\n## 8.1.2\n\n## What's Changed\n\n### Bug fixes\n\n* CaseSensitiveClaimsIdentity.Clone() now returns a `CaseSensitiveClaimsIdentity` as expected, by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2879\n* Multiple unused and unusable (for the moment) public APIs were removed. These were introduced by mistake leaking from the work done on logging and exception handling, by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2888\n\n### Fundamentals\n* Enabled PublicApiAnalyzers to better understand and trace changes to the public API, by @​keegan-caruso in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2782\n\n\n**Full Changelog**: https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.1.1...8.1.2\n\n## 8.1.1\n\n8.1.1\n=====\n### Bug fixes\n- Fix bug where ConfigurationManager was updating keys too frequently. See [2866](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2866) for details.\n\n## What's Changed\n* Rename validation delegates by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2847\n* Remove TransformBeforeSignatureValidationDelegate from ValidationParameters by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2848\n* Add disable discovery enumeration = true to all theory tests by @​kellyyangsong in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2849\n* Make CaseSensitiveClaimIdentity serializable by @​kellyyangsong in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2850\n* Remove Obsolete BinaryFormatter  by @​kellyyangsong in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2851\n* Refactor ValidateConditions in Saml2SecurityTokenHandler by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2855\n* Set custom BenchmarkDotNetconfig as default by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2852\n* Regression tests: Audience by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2838\n* Fix ValidateJsonWebTokenClaimMapping Flaky Test 🐞 by @​kellyyangsong in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2859\n* update current version by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2862\n* Regression tests: Lifetime by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2839\n* Rename ResolveTokenDecryptionKeyDelegate to DecryptionKeyResolverDelegate by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2869\n* Set internal _syncAfter using only AutomaticRefreshInterval. by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2865\n* 8.1.1 Changelog by @​kellyyangsong in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2864\n* Adjust for RefreshInterval not influencing AutomaticRefreshInterval. by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2870\n\n\n**Full Changelog**: https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.1.0...8.1.1\n\n## 8.1.0\n\n8.1.0\n=====\n### Performance improvements\n- Improves performance during issuer validation by replacing string comparison with span comparison. See PR [#​2826](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2826).\n\n### New features\n- Add optional check to prevent using keys that are shared across multiple clouds. See issue [#​2832](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2832) for details.\n\n### Bug fixes\n- JsonWebTokenHandler would only return unwrapped keys if there was no errors. This change is to align with the behavior in JwtSecurityTokenHandler, that is it returns the keys that were able to be unwrapped, and only throw if no keys were able to be unwrapped. See issue [#​2695](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2695) for details.\n\n### Fundamentals\n- Fix flaky tests. See [#​2793](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2793) for details.\n- Update XUnit versoin and fix test warnings due to new XUnit analyzers. See PR [#​2796](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2796) for details.\n- Onhboard to code coverage in ADO. See PR [#​2798](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2798).\n- Use `IsTargetFrameworkCompatible(*)` so AOT is forward-compatible with .NET 9 and beyond. See PR [#​2790](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2790) for details.\n- Fix a merge conflict impacting dev. See PR [#​2819](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2819).\n- Defining the following attribute in multiple assemblies (.Tokens, .Logging) causes an internal error.\n[DynamicallyAccessedMembers(DynamicallyAccessedMemberTypes.PublicConstructors)]. See PR [#​2820](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2820).\n- Remove perl dependency. See PR [#​2830](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2830).\n\n### Work related to redesign of IdentityModel's token validation logic [#​2711](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2711)\n- [#​2794](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2794)\n- [#​2800](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2800)\n- [#​2810](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2810)\n- [#​2811](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2811)\n- [#​2816](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2816)\n- [#​2822](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2822)\n- [#​2815](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2815)\n- [#​2818](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2818)\n- [#​2813](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2813)\n- [#​2827](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2827)\n\n## What's Changed\n* changelog 8.0.2 by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2792\n* Update version.props to 8.0.2 by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2791\n* Fix Async Issue in Extensibility Tests by @​FuPingFranco in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2795\n* Update xUnit version and fix test warnings by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2796\n* ValidateTokenAsync - New Path: Refactor result types by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2794\n* Onboard to code coverage in ADO by @​keegan-caruso in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2798\n* Exception refinement: Adding additional information by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2800\n* Add initial regression tests for the new validation path by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2810\n* Use IsTargetFrameworkCompatible() by @​martincostello in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2790\n* Regression tests: Added inner exception detail and invalid signature failure due to invalid algorithm used by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2811\n* Return unwrapped keys if able by @​keegan-caruso in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2812\n* New token validation path: Renamed result types by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2816\n* Fix merge conflict by @​msbw2 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2819\n* Removed attribute that causes issues with internal builds. by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2820\n* Add missing exception type to ValidationError -\u003e GetException() by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2822\n* Regression testing: Add JWE use cases by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2815\n ... (truncated)\n\n## 8.0.2\n\n8.0.2\n=====\n\n### Security fundamentals\n- Add `BannedApiAnalyzers` to prevent use of `ClaimsIdentity` constructors. See PR [#​2778](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2778) for details.\n\n### Bug fixes\n- IdentityModel now allows the JWT payload to be an empty string. See issue [#​2656](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2656) for details.\n- Cache `UseRfcDefinitionOfEpkAndKid` switch. See PR [#​2747](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2747) for details.\n- Method was named `DoNotFailOnMissingTid` in 7x and `DontFailOnMissingTid` in 8x, adding the method for back compat. See issue [#​2750](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2750) for details.\n- Metadata is now updated on a background thread. See [#​2780](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2780) for details.\n- `JsonWebKeySet` stores the original string it was created with. See PR [#​2755](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2755) for details.\n- Restore AOT compatibility. See [#​2711](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2711).\n- Fix OpenIdConnect parsing bug. See [#​2772](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2772) for details.\n- Remove the lock on creating a `SignatureProvider`. See [#​2788](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2788) for details.\n\n### Fundamentals\n- Test clean up [#​2742](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2742).\n- Use only FxCop in .NET framework targets [#​2693](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2693).\n- Add rule to add file headers automatically [#​2748](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2748).\n- Code analysis updates [#​2746](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2746).\n- Include README packages in NuGet [#​2752](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2752).\n- Update projects inside WilsonUnix solution [#​2768](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2768).\n- Code style enforced in build [#​2603](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2603).\n- CodeQL update [#​2767](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2767).\n- Update build pipeline to new one release build format [#​2777](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2777).\n- Update GitHub actions to `9.0.100-preview.7.24407.12` and add `\u003cNoWarn\u003e$(NoWarn);SYSLIB0057\u003c/NoWarn\u003e` due to breaking changes in preview7. [#​2786](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2786).\n\n### Work relating to [#​2711](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2711)\n- [#​2725](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2725), [#​2729](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2729), [#​2753](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2753), [#​2758](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2758), [#​2759](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2759), [#​2757](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2758), [#​2759](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2757), [#​2764](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2758), [#​2759](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2764), [#​2771](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2758), [#​2759](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2759), and [#​2779](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2779).\n\n\n## What's Changed\n* Remove old 6x tests used that are not needed anymore by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2742\n* Only use fxcop in netfw by @​keegan-caruso in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2693\n* Allow Jwt payload to be the empty string. by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2745\n* Add rule to add file headers automatically. by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2748\n* Remove Delegate Checks in Multiple Validators and Prevents Null Setting of Delegates by @​FuPingFranco in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2725\n* Fix CodeQL by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2746\n* Cache UseRfcDefinitionOfEpkAndKid switch. by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2747\n* Decrypt token: Remove exceptions + use new ValidationParameters by @​iNinja in https://githu.....\n\n_Description has been truncated_","html_url":"https://github.com/behdad088/EshopMicroservices/pull/146","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/behdad088%2FEshopMicroservices/issues/146","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/146/packages"}},{"old_version":null,"new_version":null,"update_type":null,"path":null,"pr_created_at":"2026-05-20T05:33:29.000Z","version_change":null,"issue":{"uuid":"4483460433","node_id":"PR_kwDOPtbroc7dX3xR","number":117,"state":"open","title":"Bump Microsoft.IdentityModel.JsonWebTokens and 2 others","user":"dependabot[bot]","labels":[],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-20T05:33:29.000Z","updated_at":"2026-05-20T05:33:30.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"Microsoft.IdentityModel.JsonWebTokens","repository_url":"https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet"},{"name":"2 others"}],"path":null,"ecosystem":"nuget"},"body":"Updated [Microsoft.IdentityModel.JsonWebTokens](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet) from 8.1.2 to 8.18.0.\n\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\n_Sourced from [Microsoft.IdentityModel.JsonWebTokens's releases](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/releases)._\n\n## 8.18.0\n\n## New Features\n- Introduced a new interface `IConfigurationEventHandlerContextAware\u003cT\u003e` that provides context to the configuration event handler implementation, allowing it to optionally bypass a cache lookup. See [PR #​3444](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3444).\n- Added Microsoft.IdentityModel.Dpop — a new package implementing DPoP (Demonstrating Proof-of-Possession) per RFC 9449. Provides both client-side and server-side proof validation with no System.Net.Http dependency. See [PR #​3443](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3443).\n\n\n## 8.17.0\n\n## Dependencies\n* Downgrade MicrosoftExtensionsLoggingAbstractionsVersion to 8.0.0 on .NET 10. See [PR #​3435](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3435).\n\n\n## 8.16.0\n\n## New Features\n* Add telemetry around signature validation. See [PR #​3415](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3415) for details.\n\n## Fundamentals\n* Fix FileVersion format to use two-digit year and day of year. See [PR #​3389](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3389) for details.\n\n## 8.15.0\n\n## New Features\n- **Add ECDsa support in `X509SecurityKey` and `JsonWebKeyConverter.ConvertFromX509SecurityKey`**  \n  Extended `X509SecurityKey` and `JsonWebKeyConverter.ConvertFromX509SecurityKey` to support ECDSA keys.  \n  See PR [#​2377](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2377) for details.\n\n## Bug Fixes\n- **Sanitize logs to avoid leaking sensitive data**  \n  Updated logging to sanitize sensitive values, reducing the risk of inadvertently exposing secrets or PII in logs.  \n  See PR [#​3316](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3316) for details.\n- **Optimize log sanitization with `SearchValues`**  \n  Improved the performance of the log sanitization logic introduced earlier by using `SearchValues`, making sanitization more efficient in high-throughput scenarios.  \n  See PR [#​3341](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3341) for details.\n- **Update test for `IDX10400`**  \n  Adjusted the `IDX10400` test to align with the current behavior and error messaging.  \n  See PR [#​3314](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3314) for details.\n\n## Fundamentals\n- **Add supported algorithm tests**  \n  Added new tests to validate the set of supported cryptographic algorithms, increasing confidence in algorithm coverage and compatibility.  \n  See PR [#​3296](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3296) for details.\n- **Migrate repository agent rules from `.clinerules` to `agents.md`**  \n  Moved repository agent/AI-assist rules into markdown documentation to make them more visible and easier to maintain.  \n  See PR [#​3313](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3313) for details.\n- **Migrate `Microsoft.IdentityModel.TestExtensions` from Newtonsoft.Json to System.Text.Json**  \n  Updated `Microsoft.IdentityModel.TestExtensions` to use `System.Text.Json` instead of `Newtonsoft.Json`, aligning tests with the runtime serialization stack.  \n  See PR [#​3356](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3356) for details.\n- **Disable code coverage comments**  \n  Turned off automated code coverage comments on PRs to reduce noise while retaining coverage data elsewhere.  \n  See PR [#​3349](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3349) for details.\n- **Fix CodeQL alerts**  \n  Addressed CodeQL-reported issues to improve security posture and static analysis cleanliness.  \n  See PR [#​3364](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3364) for details.\n\n### .NET 10 / SDK and tooling updates\n- **Building with .NET 10 preview / RC 1**  \n  Updated the repository to build and test against .NET 10.0 preview/RC1, ensuring early compatibility with the upcoming runtime.  \n  See PRs [#​3287](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3287), [#​3357](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3357), and [#​3358](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3358) for details.\n- **Fix .NET 10 test execution consistency**  \n  Ensured consistent use of the `TargetNetNext` parameter across build, test, and pack phases so .NET 10.0 tests execute reliably.  \n  See PR [#​3337](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3337) for details.\n- **Update project files and workflows for .NET 10.0 compatibility**  \n  Adjusted project files and CI workflows to correctly target and run on .NET 10.0, including test and pack scenarios.  \n  See PR [#​3363](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3363) for details.\n- **Update .NET version to meet CG compliance**  \n  Updated the .NET version references to be compliant with corporate governance (CG) requirements.  \n  See PR [#​3353](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3353) for details.\n- **Update Coverlet collector and test SDK**  \n  - Bumped `CoverletCollectorVersion` to 6.0.4.  \n    See PR [#​3333](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3333) for details.  \n  - Upgraded `Microsoft.NET.Test.Sdk` to a newer version for improved test reliability and tooling support.  \n ... (truncated)\n\n## 8.14.0\n\n8.14.0\n====\n## Bug Fixes\n- Switch back to use `ValidationResult` instead of `OperationResult` when validating a token in a new experimental validation flow. Additionally removed the dependency on Microsoft.IdentityModel.Abstractions. See [#​3299](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3299) for details.\n\n## 8.13.1\n\n8.13.1\n====\n## Dependencies\nMicrosoft.IdentityModel now depends on Microsoft.Identity.Abstractions 9.3.0\n\n## Bug Fixes\n- Fixed a decompression failure happening for large JWE payloads. See [#​3286](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3286) for details.\n\n### Work related to redesign of IdentityModel's token validation logic [#​2711](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2711)\n- Update the validation methods to return Microsoft.Identity.Abstractions.OperationResult. See [#​3284](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3284) for details.\n\n8.13.0\n\n## 8.13.0\n\n8.13.0\n====\n### Fundamentals\n- `CaseSensitiveClaimsIdentity.SecurityToken` setter is now protected internal (was internal). See PR [#​3278](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3278) for details.\n- Update .NET SDK version to 9.0.108 used when building or running the code. See PR [#​3274](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3274) for details.\n- Update RsaSecurityKey.cs to replace the Pkcs1 padding by Pss from HasPrivateKey check. See [#​3280](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3280) for details.\n\n## What's Changed\n* Make CaseSensitiveClaimsIdentity.SecurityToken setter protected by @​keegan-caruso in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3278\n* Update .NET SDK version in global.json from 9.0.107 to 9.0.108 by @​Copilot in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3274\n* Update RsaSecurityKey.cs to remove Pkcs 1 by @​keegan-caruso in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3280\n* changelog for 8.13 by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3282\n\n## New Contributors\n* @​Copilot made their first contribution in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3274\n\n**Full Changelog**: https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.12.1...8.13.0\n\n## 8.12.1\n\n8.12.1\n====\n### Fundamentals\n- Update .NET SDK version to 9.0.107 used when building or running the code. See [#​3263](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3263) for details.\n- To keep our experimental code separate from production code, all files associated with experimental features have been moved to the Experimental folders. See PR [#​3261](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3261) for details.\n- Experimental code leaked into TokenValidationResult from early prototypes. See PR [#​3259](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3259) for details.\n\n## What's Changed\n* Remove experimental code from TokenValidationResult by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3259\n* Moved files to experimental folder by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3261\n* Update global.json to latest by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3263\n\n\n**Full Changelog**: https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.12.0...8.12.1\n\n## 8.12.0\n\n8.12.0\n====\n\n## New Features\n- **Enhance ConfigurationManager with event handling**  \n  Added event handling capabilities to the `ConfigurationManager`, enabling consumers to subscribe to configuration change events. This enhancement improves extensibility and allows more responsive applications. For details see [#​3253](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3253)  \n\n## Bug Fixes\n- **Add expected Base64UrlEncoder.Decode overload for NET6 and 8**  \n  Introduced the expected overload of `Base64UrlEncoder.Decode` for .NET 6 and 8, ensuring compatibility and preventing missing method issues on these frameworks.  \n  For details see [#​3249](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3249)  \n\n## Fundamentals\n- **Add AI assist rules**  \n  Incorporated AI assist rules to enhance AI agents effectiveness.  \n  For details see [#​3255](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3255)  \n- **Update PublicApiAnalyzers and BannedApiAnalyzers to 4.14.0**  \n  Upgraded analyzer packages for improved diagnostics and code consistency (in particular delegates are added).  \n  For details see [#​3256](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3256)  \n- **Move suppression of RS006 to csproj**  \n  Centralized suppression of RS006 warnings in project files for easier management.  \n  For details see [#​3230](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3230)\n\n## What's Changed\n* Move suppression of RS006 to csproj. by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3230\n* Add expected Base64UrlEncoder.Decode overload for NET6 and 8 by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3250\n* add ai assist rules by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3255\n* Enhance ConfigurationManager with event handling by @​GeoK in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3254\n* Update PublicApiAnalyzers and BannedApiAnalyzers to 4.14.0 by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3256\n* Update CHANGELOG.md for 8.12.0 by @​jmprieur in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3258\n\n\n**Full Changelog**: https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.11.0...8.12.0\n\n## 8.11.0\n\n8.11.0\n=====\n## New Features:\n- Microsoft.IdentityModel now exposes the AadIssuerValidator factory method publicly to enable caching functionality for AadIssuerValidator instances. See issue [#​3245](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3245) for details.\n- Added a new public async API: `JsonWebTokenHandler.DecryptTokenWithConfigurationAsync`, which decrypts a JWE token using keys from either `TokenValidationParameters` or, if not present, from configuration (such as via a ConfigurationManager). This enhancement improves developer experience by enabling asynchronous, cancellation-aware JWE decryption scenarios, aligning with modern .NET async patterns and making integration with external key/configuration sources more robust and observable. See PR [#​3243](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3243) for details.\n\n## What's Changed\n* few updates by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3242\n* Changelog for 8.10.0 by @​sruke in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3241\n* Exposes publicly override of AadIssuerValidator factory taking a delegate by @​jmprieur in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3244\n* update current version to 8.10.0 by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3246\n* Add DecryptTokenWithConfiguration API by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3243\n* changelog for 8.11 by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3248\n\n\n**Full Changelog**: https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.10.0...8.11.0\n\n## 8.10.0\n\n8.10.0\n=====\n## Bug Fixes\n- Corrected casing of the Type attribute in SubjectConfirmationData. See [#​3206](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3206).\n- Removed Microsoft.Bcl.Memory dependency for pre-.NET 9.0 targets. See [#​3220](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/commit/33784b8ec0ff4300efad788535f90b3adc5bdfd1).\n- Aligned Microsoft.Extensions.Logging.Abstractions version to 8.0.0 for .NET 9 to match other targets. See [#​3226](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/commit/793bd34e945eb8ba7528cf87c4a29a29c4704a65).\n\n## Fundamentals\n- Introduced Long-Term Support (LTS) policy. See [#​3228](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/commit/946bec18cdeb26b8133a04e8c056dd5f17588f89) and [#​3232](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/commit/14842aedb3d57c32b9ce784061cd9beccbdd1eb1).\n\n## 8.9.0\n\n8.9.0\n=====\n## Bug Fixes\n- syncAfter has been updated to preserve UTC information, addressing a bug where GetConfigurationAsync does not refresh configuration in ConfigurationManager. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3213.\n- Fixed a null reference issue in KeyInfo. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3203.\n\n## New Features\n- Introduced a new delegate for reading custom token payload values on JsonWebToken. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2981.\n- Added an overload for ReadJsonWebToken to take a ReadOnlyMemory. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3205.\n\n## Fundamentals\n- Utilized IList to avoid enumerator allocation during audience validation. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3204.\n\n## 8.8.0\n\n8.8.0\n=====\n## New Features\n- Adds the ability for the metadata refresh to be done as a blocking call, as per 8.0.1 behavior. This is done through the `Switch.Microsoft.IdentityModel.UpdateConfigAsBlocking` switch. If set, configuration calls will be blocking when metadata is updated, otherwise, if token arrive with a new signing keys, validation errors will be returned to the caller. See PR [#​3193](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3193) for details.\n- Identity.Model updates some log and error messages (IDX10214, IDX10215). If the information is needed for debugging purposes, it can be reverted via the `Switch.Microsoft.IdentityModel.DoNotScrubExceptions` AppContextSwitch. See PR [#​3195](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3195) and https://aka.ms/identitymodel/app-context-switches for details.\n- Change all plain object locks to `System.Thread.Lock` objects for .NET 9 or greater. See PRs [#​3185](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3185) and [#​3189](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3189) for details.\n\n\n## 8.7.0\n\n## Bug Fixes\n- Add back internal methods `IsRecoverableException` and `IsRecoverableExceptionType` whose signatures were changed in the previous version. See [#​3181](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3181).\n\n## New Features\n- Make `Cnf` class public and move it to Microsoft.IdentityModel.Tokens package. See [#​3165](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3165).\n\n## What's Changed\n* Post Release 8.6.1 cleanup  by @​mdchennu in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3160\n* Updates CodeQL.yaml to exclude test files by @​sruke in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3163\n* Adds explanation for CodeQL warnings by @​sruke in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3167\n* Fix typo by @​rstm-sf in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3175\n* Need to change the locks by @​JoshLozensky in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3171\n* Move CNF from SHR to M.IM.Tokens by @​keegan-caruso in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3168\n* Add back IsRecoverableException methods. by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3183\n* Revert \"Need to change the locks\" by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3186\n* 8.7.0 changelog by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3184\n\n## New Contributors\n* @​rstm-sf made their first contribution in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3175\n\n**Full Changelog**: https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.6.1...8.7.0\n\n## 8.6.1\n\n8.6.1\n=====\n## Bug fix\n- Microsoft.IdentityModel now triggers a configuration refresh if token decryption fails. See issue [#​3148](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3148) for details.\n- Fix a bug in `JsonWebTokenHandler` where `JwtTokenDecryptionParameters`'s `Alg` and `Enc` were not set during token decryption, causing `IDX10611` and `IDX10619` errors to show null values in the messages. See issue [#​3003](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3003) for details.\n\n## Fundamentals\n- For development, IdentityModel now has a global.json file to specify the .NET SDK version. See issue [#​2995](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2995) for details.\n\n## What's Changed\n* Update version.props to next version by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3145\n* Update the public API shipped files by @​jmprieur in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3146\n* Add global.json file by @​mdchennu in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3153\n* Trigger metadata refresh for token decryption errors by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3149\n* Populate error messages correctly from JwtTokenUtilities.DecryptJwtToken by @​ksaaf in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3152\n* first changelog update by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3156\n\n## New Contributors\n* @​mdchennu made their first contribution in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3153\n* @​ksaaf made their first contribution in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3152\n\n**Full Changelog**: https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.6.0...8.6.1\n\n## 8.6.0\n\n8.6.0\n=====\n## New Features\n- TokenValidationParameters has a new boolean property `TryAllDecryptionKeys` that let you choose whether to try all decrypt keys when no key matches the token decrypt key IDs. By default it's set to **true** (legacy behavior) but you can set it to false to avoid tyring all keys which is more performant. See [#​3128](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3128)\n- Promote KeyInfo.MatchesKey from internal to protected internal virtual to enable SAML extensibility (for CoreWcf). See [#​3140](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3140)\n\n## Fundamentals\n* Update dependency on Microsoft.Extensions.Logging.Abstractions from 9.0.0 to 8.0.2 to avoid package downgrade in apps on .NET 9 using a netstandard2.0 library referencing logging.abstractions. See [3143](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3143)\n* Add more tests for encrypted tokens. See [#​3139](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3139)\n\n## What's Changed\n* Update CHANGELOG.md by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3133\n* Update version.props to next version by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3137\n* Add TryAllDecryptionKeys flag to whether decrypt if no key IDs match by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3128\n* Change KeyInfo.MatchesKey from internal to protected internal virtual. by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3140\n* Fix #​3112 by @​jmprieur in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3143\n* Add more auto-decryption related tests by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3139\n* Update changelog.md for 8.6.0 by @​jmprieur in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3144\n\n\n**Full Changelog**: https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.5.0...8.6.0\n\n## 8.5.0\n\n8.5.0\n=====\n## Reverting previous breaking change\n- The Configuration Manager has been reverted to version 8.3.1. The changes made in 8.4.0 assume the configuration manager is used as a singleton, which is similar to marking the type as disposable. We have since learned that [adding IDisposable is a breaking change](https://learn.microsoft.com/en-us/dotnet/fundamentals/runtime-libraries/system-idisposable), so we are following [semver guidance](https://semver.org/#what-do-i-do-if-i-accidentally-release-a-backward-incompatible-change-as-a-minor-version) and reverting and releasing a minor version (8.5.0).\n- Cherry-picked Changes: Included changes from PR [#​3022](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3022) and [#​3104](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3104).\n\n## What's Changed\n* Update version.props by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3126\n* fix formatting error by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3134\n* Revert configuration manager to 8.3.1 by @​keegan-caruso in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3132\n\n\n**Full Changelog**: https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.4.0...8.5.0\n\n## 8.4.0\n\n8.4.0\n=====\n## New Features\n- App context switch allows blocking or non-blocking calls for configuration. See PR [#​3106](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3106) for details and issue [#​3082](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3082) for details. If you are not using the ConfigurationManager as a singleton and not using the blocking option, you may need to call ShutdownBackgroundTask() to stop the background task to avoid leaking Tasks.\n- IdentityModel now enables symmetric and asymmetric keys to be created publicly with JWK. See [#​3094](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3094) for details.\n- IdentityModel now allows specifying the HTTP protocol version and version policy. See [#​2808](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2808) for details.\n\n## Repair items\n- Add request count and duration telemetry for configuration requests. See [#​3022](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3022) for details.\n- `KeyID` should be present in exception messages and is no longer PII. See [#​3104](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3104) for details.\n\n## Fundamentals\n- Fix spelling issues in xml comments. See [#​3117](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3117) for details.\n- Fix comment coverage in PR builds. See [#​3079](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3079) for details.\n\n### Work related to redesign of IdentityModel's token validation logic [#​2711](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2711)\n- See [#​3056](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3056). [#​3100](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3100), [#​3017](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3107), and [#​3111](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3111).\n- Add internal virtual on TokenHandler. See [#​3084](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3084) for details.\n\n* @​prochnowc made their first contribution in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2809\n\n## 8.3.1\n\n8.3.1\n=====\n## Bug Fixes\n* Respect TVP.RequireAudience when set to false. See [#​3055](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3055)\n* For net4.6.2 select RSACng for PSS support. See [#​3097](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3097)\n* Fix package downgrade in consuming libraries. See[#​3062](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3062)\n* Fix integer overflow in `AuthenticationEncryptionProvider.cs`. See [#​3063](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3063)\n\n## Fundamentals\n* Removed unused property on JsonWebToken ClaimsIdentity. See [#​3071](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3071) for details.\n* Upgrade to C# 13. See [#​2998](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2998)\n* Use new Base64Url API. See [#​22817](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2817)\n* Add warning quality check. See [#​3067](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3067)\n* Update dotnet actions. see [#​3074](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3074)\n* Fix warnings. See [#​3081](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3081)\n* Test updates in JsonWebToken. See [#​3080](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3080).\n\n### Work related to redesign of IdentityModel's token validation logic [#​2711](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2711)\n- [#​3027](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3027), [#​3028](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3028), [#​3051](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3051), [#​3054](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3054)\n\n## What's Changed\n* Update CHANGELOG.md by @​jmprieur in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3053\n* Extensibility tests: Audience - JWT, SAML and SAML2 by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3027\n* Extensibility tests: Lifetime - JWT, SAML and SAML2 by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3028\n* Implement lazy ClaimsIdentity creation from ValidatedToken on SAML and SAML2 on the new validation model by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3051\n* Add logging to the new validation model by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3054\n* update version by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3057\n* lower version to avoid downgrades. by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3058\n* Respect TVP.RequireAudience when set to false by @​kllysng in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3055\n* Fix package downgrade in consuming libraries by @​jmprieur in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3062\n* Add slnf for running perf and stress tests by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3066\n* Add Warning Quality Check Build Task 🔨 by @​kllysng in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3067\n* Update template-Build-run-tests-sign.yml by @​ciaozhang in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3069\n* Removed unused property on JsonWebToken by @​keegan-caruso in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3072\n* Update setup dotnet actions by @​keegan-caruso in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3074\n* fixed #​2983 and re-add code coverage comments to PRs by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3076\n* Remove duplicate keyid into var keysAttempted by @​bdapoigny in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2899\n* Upgrade to C# 13 by @​westin-m in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2998\n* Use new Base64Url API by @​msbw2 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2817\n* Update common.props by @​ciaozhang in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3078\n* fix warnings by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3081\n* Fixed integer overflow in AuthenticatedEncryptionProvider.cs by @​gparametr in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3063\n* Test updates by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3080\n* For net4.6.2 select RSACng for PSS support. by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3085\n* changelog for 8.3.1 by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3098\n\n## New Contributors\n* @​bdapoigny made their first contribution in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2899\n* @​gparametr made their first contribution in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3063\n\n ... (truncated)\n\n## 8.3.0\n\n## New features\n\n### Work related to redesign of IdentityModel's token validation logic [#​2711](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2711)\n* SAML and SAML2 new model validation: Token Replay. See [#​2994](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2994)\n* Extensibility tests: Token Type - JWT ([#​3030](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3030)), Issuer - SAML and SAML2 ([#​3026](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3026)), Algorithm and Signature - JWT, SAML and SAML2 ([#​3034](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3034)), Token Replay - JWT, SAML and SAML2 ([#​3032](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3032)),  Issuer signing key - JWT, SAML and SAML2 ([#​3029](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/302))\n* Avoid code duplication in extensibility testing. See [#​3041](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3041)\n* Extensibility Testing: Refactor. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3011\n* Remove duplicate code in extensibility tests. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3044\n\n## Bug fixes\n* Fix bug with AadIssuerValidator. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3042\n* Fixed SignedHttpRequest flaky test. See [#​3037](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3037)\n \n## Fundamentals\n* Install all .NET versions in pipeline to fix run tests task. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3018\n* Changelog for 8.2.1. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3009\n* Remove unnecessary AoT test project. See in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3045\n* Fix powershell script for nuget update. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3046\n* Update to next version. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3010\n* Disable Coverage PR comments. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3048\n* Updates GitHub Action to support long paths, See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3049\n* Stack parameters to improve reading of code. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3031\n\n## New Contributors\n* @​ssmelov made their first contribution in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3042\n\n**Full Changelog**: https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.2.1...8.3.0\n\n## 8.2.1\n\n8.2.1\n=====\n### New features\n- Update to use .NET 9 GA. See [2990](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2990).\n\n### Bug fixes\n- Remove dependency on Microsoft.Bcl.TimeProvider for .NET 8+ targets. See [2935](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2935).\n- Update cgmanifest to align with the JSON schema. See [2969](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2969).\n\n### Fundamentals\n- Streamline token creation in `SecurityTokenDescriptor`. See [2993](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2993).\n- Prevent inlining to guarantee stack frames in test. See [2999](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2999).\n\n### Work related to redesign of IdentityModel's token validation logic [#​2711](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2711)\n- Simplify stack frame caching. See [2976](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2976).\n- Implement reading SAML and SAML2 tokens. See [2980](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2980).\n- Implement validating SAML signature. See [2950](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2950).\n- Add tests for `IssuerExtensibility`. See [2987](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2987).\n- Add validation for SAML and SAML2 issuer signing key. See [2965](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2965).\n- Add validation for SAML and SAML2 algorithm. See [2984](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2984).\n\n## What's Changed\n* Microsoft.Rest.ClientRuntime has been deprecated, which results in so… by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2970\n* Update to next version after 8.2.0 release by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2975\n* Consolidating test statics by @​trwalke in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2956\n* New token validation model: Simplify stack frame caching by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2976\n* Remove dependency on Microsoft.Bcl.TimeProvider for .NET 8+ targets by @​filipnavara in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2935\n* Update cgmanifest to align with the JSON schema by @​jeffhandley in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2969\n* SAML and SAML2 new model validation: Read Token by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2980\n* SAML2 new model validation: Signature by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2961\n* JsonWebTokenHandler IssuerExtensibility by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2987\n* SAML and SAML2 new model validation: Issuer Signing Key by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2965\n* Ignore AotCompatibilityTests on ADO by @​jmprieur in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2992\n* SAML and SAML2 new model validation: Algorithm by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2984\n* Use SecurityTokenDescriptor when creating tokens by @​msbw2 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2991\n* Prevent inlining to guarantee stack frames in test by @​westin-m in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3002\n* Update to .NET 9 GA. Update some test dependencies. by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2990\n* Add Abstractions.Tests to strong name bypass file. by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3004\n\n## New Contributors\n* @​jeffhandley made their first contribution in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2969\n\n**Full Changelog**: https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.2.0...8.2.1\n\n## 8.2.0\n\n8.2.0\n=====\n### Fundamentals\n- Update System.Text.Json to 8.0.5 CVE-2024-43485. See [2892](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2892).\n- Using FixedTimeEquals in NETCore targets. See [2857](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2857).\n- Updated .NET 9 to RC 2 [2898](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2898).\n- Adds ability to create token without kid [2968](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2968)\n- Enables code coverage in PRs [2946](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2946)\n- Various test improvements:\n- [#​2953](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2953)\n- [#​2955](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2955)\n- [#​2951](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2951)\n- [#​2952](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2952)\n- [#​2947](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2947)\n\n### Work related to redesign of IdentityModel's token validation logic [#​2711](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2711)\n- Validates Audience for SAML2TokenHandler with New Model [2863](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2863)\n- Improvements to AudienceValidation [2902](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2902)\n- Added properties to ValidationResult [2923](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2923)\n- Implements Audience and Lifetime validations in SamlSecurityTokenHandler [2925](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2925)\n- Implements Issuer validation in SamlSecurityTokenHandler [2948](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2948)\n\n## What's Changed\n* update to next version by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2890\n* Use FixedTimeEquals in NETCore targets  by @​westin-m in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2857\n* Update System.Text.Json to 8.0.5 CVE-2024-43485 by @​msbw2 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2892\n* Update .NET 9 to RC 2 by @​msbw2 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2898\n* Validate Audience for SAML2TokenHandler with New Model by @​FuPingFranco in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2863\n* Regression tests: Issuer by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2868\n* Mark Wilson APIs as Shipped by @​westin-m in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2903\n* Add Tests for Lifetime Validation Using New Validation Model For SAML2 by @​FuPingFranco in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2906\n* Suggested changes to AudienceValidation by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2902\n* Extensibility tests: Audience by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2861\n* Added properties to ValidationResult without throwing by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2923\n* Extensibility tests: Lifetime by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2867\n* Regression tests: Issuer signing key by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2927\n* Do not serialize CaseSensitiveClaimsIdentity.SecurityToken. by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2896\n* Fix typo by @​westin-m in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2894\n* Implement and Test Audience and Lifetime validations in SamlSecurityTokenHandler with New Validation Model by @​FuPingFranco in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2925\n* Fix Flaky Tests: NameAndRoleClaimDelegates and RoleClaims by @​kellyyangsong in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2873\n* Regression tests: Signature by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2930\n* Validate Issuer Using New Validation Model in Saml2SecurityTokenHandler by @​FuPingFranco in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2929\n* Fix builds on macOS / Linux using the build.sh script by @​filipnavara in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2937\n* Regression tests: Algorithm by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2934\n* Regression tests: Token Type by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2932\n* Regression tests: Token Replay by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2931\n* Fix DevEx and IDDP builds such that when building internally, use an internal Nuget feed instead of nuget.org by @​kellyyangsong in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2936\n* Restore PopKeyResolvingTests.GetPopKeysFromJkuAsync by @​kellyyangsong in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2947\n* Restore skipped test: ReferenceCountingTest_MultiThreaded by @​kellyyangsong in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2952\n* Restore EnsureAotCompatibility test by @​kellyyangsong in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2951\n ... (truncated)\n\nCommits viewable in [compare view](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.1.2...8.18.0).\n\u003c/details\u003e\n\nUpdated [Microsoft.IdentityModel.Tokens](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet) from 8.1.2 to 8.18.0.\n\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\n_Sourced from [Microsoft.IdentityModel.Tokens's releases](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/releases)._\n\n## 8.18.0\n\n## New Features\n- Introduced a new interface `IConfigurationEventHandlerContextAware\u003cT\u003e` that provides context to the configuration event handler implementation, allowing it to optionally bypass a cache lookup. See [PR #​3444](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3444).\n- Added Microsoft.IdentityModel.Dpop — a new package implementing DPoP (Demonstrating Proof-of-Possession) per RFC 9449. Provides both client-side and server-side proof validation with no System.Net.Http dependency. See [PR #​3443](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3443).\n\n\n## 8.17.0\n\n## Dependencies\n* Downgrade MicrosoftExtensionsLoggingAbstractionsVersion to 8.0.0 on .NET 10. See [PR #​3435](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3435).\n\n\n## 8.16.0\n\n## New Features\n* Add telemetry around signature validation. See [PR #​3415](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3415) for details.\n\n## Fundamentals\n* Fix FileVersion format to use two-digit year and day of year. See [PR #​3389](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3389) for details.\n\n## 8.15.0\n\n## New Features\n- **Add ECDsa support in `X509SecurityKey` and `JsonWebKeyConverter.ConvertFromX509SecurityKey`**  \n  Extended `X509SecurityKey` and `JsonWebKeyConverter.ConvertFromX509SecurityKey` to support ECDSA keys.  \n  See PR [#​2377](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2377) for details.\n\n## Bug Fixes\n- **Sanitize logs to avoid leaking sensitive data**  \n  Updated logging to sanitize sensitive values, reducing the risk of inadvertently exposing secrets or PII in logs.  \n  See PR [#​3316](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3316) for details.\n- **Optimize log sanitization with `SearchValues`**  \n  Improved the performance of the log sanitization logic introduced earlier by using `SearchValues`, making sanitization more efficient in high-throughput scenarios.  \n  See PR [#​3341](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3341) for details.\n- **Update test for `IDX10400`**  \n  Adjusted the `IDX10400` test to align with the current behavior and error messaging.  \n  See PR [#​3314](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3314) for details.\n\n## Fundamentals\n- **Add supported algorithm tests**  \n  Added new tests to validate the set of supported cryptographic algorithms, increasing confidence in algorithm coverage and compatibility.  \n  See PR [#​3296](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3296) for details.\n- **Migrate repository agent rules from `.clinerules` to `agents.md`**  \n  Moved repository agent/AI-assist rules into markdown documentation to make them more visible and easier to maintain.  \n  See PR [#​3313](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3313) for details.\n- **Migrate `Microsoft.IdentityModel.TestExtensions` from Newtonsoft.Json to System.Text.Json**  \n  Updated `Microsoft.IdentityModel.TestExtensions` to use `System.Text.Json` instead of `Newtonsoft.Json`, aligning tests with the runtime serialization stack.  \n  See PR [#​3356](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3356) for details.\n- **Disable code coverage comments**  \n  Turned off automated code coverage comments on PRs to reduce noise while retaining coverage data elsewhere.  \n  See PR [#​3349](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3349) for details.\n- **Fix CodeQL alerts**  \n  Addressed CodeQL-reported issues to improve security posture and static analysis cleanliness.  \n  See PR [#​3364](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3364) for details.\n\n### .NET 10 / SDK and tooling updates\n- **Building with .NET 10 preview / RC 1**  \n  Updated the repository to build and test against .NET 10.0 preview/RC1, ensuring early compatibility with the upcoming runtime.  \n  See PRs [#​3287](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3287), [#​3357](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3357), and [#​3358](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3358) for details.\n- **Fix .NET 10 test execution consistency**  \n  Ensured consistent use of the `TargetNetNext` parameter across build, test, and pack phases so .NET 10.0 tests execute reliably.  \n  See PR [#​3337](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3337) for details.\n- **Update project files and workflows for .NET 10.0 compatibility**  \n  Adjusted project files and CI workflows to correctly target and run on .NET 10.0, including test and pack scenarios.  \n  See PR [#​3363](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3363) for details.\n- **Update .NET version to meet CG compliance**  \n  Updated the .NET version references to be compliant with corporate governance (CG) requirements.  \n  See PR [#​3353](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3353) for details.\n- **Update Coverlet collector and test SDK**  \n  - Bumped `CoverletCollectorVersion` to 6.0.4.  \n    See PR [#​3333](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3333) for details.  \n  - Upgraded `Microsoft.NET.Test.Sdk` to a newer version for improved test reliability and tooling support.  \n ... (truncated)\n\n## 8.14.0\n\n8.14.0\n====\n## Bug Fixes\n- Switch back to use `ValidationResult` instead of `OperationResult` when validating a token in a new experimental validation flow. Additionally removed the dependency on Microsoft.IdentityModel.Abstractions. See [#​3299](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3299) for details.\n\n## 8.13.1\n\n8.13.1\n====\n## Dependencies\nMicrosoft.IdentityModel now depends on Microsoft.Identity.Abstractions 9.3.0\n\n## Bug Fixes\n- Fixed a decompression failure happening for large JWE payloads. See [#​3286](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3286) for details.\n\n### Work related to redesign of IdentityModel's token validation logic [#​2711](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2711)\n- Update the validation methods to return Microsoft.Identity.Abstractions.OperationResult. See [#​3284](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3284) for details.\n\n8.13.0\n\n## 8.13.0\n\n8.13.0\n====\n### Fundamentals\n- `CaseSensitiveClaimsIdentity.SecurityToken` setter is now protected internal (was internal). See PR [#​3278](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3278) for details.\n- Update .NET SDK version to 9.0.108 used when building or running the code. See PR [#​3274](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3274) for details.\n- Update RsaSecurityKey.cs to replace the Pkcs1 padding by Pss from HasPrivateKey check. See [#​3280](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3280) for details.\n\n## What's Changed\n* Make CaseSensitiveClaimsIdentity.SecurityToken setter protected by @​keegan-caruso in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3278\n* Update .NET SDK version in global.json from 9.0.107 to 9.0.108 by @​Copilot in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3274\n* Update RsaSecurityKey.cs to remove Pkcs 1 by @​keegan-caruso in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3280\n* changelog for 8.13 by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3282\n\n## New Contributors\n* @​Copilot made their first contribution in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3274\n\n**Full Changelog**: https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.12.1...8.13.0\n\n## 8.12.1\n\n8.12.1\n====\n### Fundamentals\n- Update .NET SDK version to 9.0.107 used when building or running the code. See [#​3263](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3263) for details.\n- To keep our experimental code separate from production code, all files associated with experimental features have been moved to the Experimental folders. See PR [#​3261](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3261) for details.\n- Experimental code leaked into TokenValidationResult from early prototypes. See PR [#​3259](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3259) for details.\n\n## What's Changed\n* Remove experimental code from TokenValidationResult by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3259\n* Moved files to experimental folder by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3261\n* Update global.json to latest by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3263\n\n\n**Full Changelog**: https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.12.0...8.12.1\n\n## 8.12.0\n\n8.12.0\n====\n\n## New Features\n- **Enhance ConfigurationManager with event handling**  \n  Added event handling capabilities to the `ConfigurationManager`, enabling consumers to subscribe to configuration change events. This enhancement improves extensibility and allows more responsive applications. For details see [#​3253](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3253)  \n\n## Bug Fixes\n- **Add expected Base64UrlEncoder.Decode overload for NET6 and 8**  \n  Introduced the expected overload of `Base64UrlEncoder.Decode` for .NET 6 and 8, ensuring compatibility and preventing missing method issues on these frameworks.  \n  For details see [#​3249](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3249)  \n\n## Fundamentals\n- **Add AI assist rules**  \n  Incorporated AI assist rules to enhance AI agents effectiveness.  \n  For details see [#​3255](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3255)  \n- **Update PublicApiAnalyzers and BannedApiAnalyzers to 4.14.0**  \n  Upgraded analyzer packages for improved diagnostics and code consistency (in particular delegates are added).  \n  For details see [#​3256](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3256)  \n- **Move suppression of RS006 to csproj**  \n  Centralized suppression of RS006 warnings in project files for easier management.  \n  For details see [#​3230](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3230)\n\n## What's Changed\n* Move suppression of RS006 to csproj. by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3230\n* Add expected Base64UrlEncoder.Decode overload for NET6 and 8 by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3250\n* add ai assist rules by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3255\n* Enhance ConfigurationManager with event handling by @​GeoK in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3254\n* Update PublicApiAnalyzers and BannedApiAnalyzers to 4.14.0 by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3256\n* Update CHANGELOG.md for 8.12.0 by @​jmprieur in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3258\n\n\n**Full Changelog**: https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.11.0...8.12.0\n\n## 8.11.0\n\n8.11.0\n=====\n## New Features:\n- Microsoft.IdentityModel now exposes the AadIssuerValidator factory method publicly to enable caching functionality for AadIssuerValidator instances. See issue [#​3245](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3245) for details.\n- Added a new public async API: `JsonWebTokenHandler.DecryptTokenWithConfigurationAsync`, which decrypts a JWE token using keys from either `TokenValidationParameters` or, if not present, from configuration (such as via a ConfigurationManager). This enhancement improves developer experience by enabling asynchronous, cancellation-aware JWE decryption scenarios, aligning with modern .NET async patterns and making integration with external key/configuration sources more robust and observable. See PR [#​3243](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3243) for details.\n\n## What's Changed\n* few updates by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3242\n* Changelog for 8.10.0 by @​sruke in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3241\n* Exposes publicly override of AadIssuerValidator factory taking a delegate by @​jmprieur in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3244\n* update current version to 8.10.0 by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3246\n* Add DecryptTokenWithConfiguration API by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3243\n* changelog for 8.11 by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3248\n\n\n**Full Changelog**: https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.10.0...8.11.0\n\n## 8.10.0\n\n8.10.0\n=====\n## Bug Fixes\n- Corrected casing of the Type attribute in SubjectConfirm....\n\n_Description has been truncated_","html_url":"https://github.com/AzureCosmosDB/MCPToolKit/pull/117","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/AzureCosmosDB%2FMCPToolKit/issues/117","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/117/packages"}},{"old_version":null,"new_version":null,"update_type":null,"path":null,"pr_created_at":"2026-05-20T05:31:11.000Z","version_change":null,"issue":{"uuid":"4483448919","node_id":"PR_kwDOPtbroc7dX1bc","number":112,"state":"closed","title":"Bump Microsoft.IdentityModel.JsonWebTokens and Microsoft.IdentityModel.Tokens","user":"dependabot[bot]","labels":[],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":"2026-05-20T05:32:13.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-20T05:31:11.000Z","updated_at":"2026-05-20T05:32:15.000Z","time_to_close":62,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"Microsoft.IdentityModel.JsonWebTokens","repository_url":"https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet"},{"name":"Microsoft.IdentityModel.Tokens","repository_url":"https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet"}],"path":null,"ecosystem":"nuget"},"body":"Updated [Microsoft.IdentityModel.JsonWebTokens](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet) from 8.1.2 to 8.18.0.\n\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\n_Sourced from [Microsoft.IdentityModel.JsonWebTokens's releases](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/releases)._\n\n## 8.18.0\n\n## New Features\n- Introduced a new interface `IConfigurationEventHandlerContextAware\u003cT\u003e` that provides context to the configuration event handler implementation, allowing it to optionally bypass a cache lookup. See [PR #​3444](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3444).\n- Added Microsoft.IdentityModel.Dpop — a new package implementing DPoP (Demonstrating Proof-of-Possession) per RFC 9449. Provides both client-side and server-side proof validation with no System.Net.Http dependency. See [PR #​3443](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3443).\n\n\n## 8.17.0\n\n## Dependencies\n* Downgrade MicrosoftExtensionsLoggingAbstractionsVersion to 8.0.0 on .NET 10. See [PR #​3435](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3435).\n\n\n## 8.16.0\n\n## New Features\n* Add telemetry around signature validation. See [PR #​3415](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3415) for details.\n\n## Fundamentals\n* Fix FileVersion format to use two-digit year and day of year. See [PR #​3389](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3389) for details.\n\n## 8.15.0\n\n## New Features\n- **Add ECDsa support in `X509SecurityKey` and `JsonWebKeyConverter.ConvertFromX509SecurityKey`**  \n  Extended `X509SecurityKey` and `JsonWebKeyConverter.ConvertFromX509SecurityKey` to support ECDSA keys.  \n  See PR [#​2377](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2377) for details.\n\n## Bug Fixes\n- **Sanitize logs to avoid leaking sensitive data**  \n  Updated logging to sanitize sensitive values, reducing the risk of inadvertently exposing secrets or PII in logs.  \n  See PR [#​3316](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3316) for details.\n- **Optimize log sanitization with `SearchValues`**  \n  Improved the performance of the log sanitization logic introduced earlier by using `SearchValues`, making sanitization more efficient in high-throughput scenarios.  \n  See PR [#​3341](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3341) for details.\n- **Update test for `IDX10400`**  \n  Adjusted the `IDX10400` test to align with the current behavior and error messaging.  \n  See PR [#​3314](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3314) for details.\n\n## Fundamentals\n- **Add supported algorithm tests**  \n  Added new tests to validate the set of supported cryptographic algorithms, increasing confidence in algorithm coverage and compatibility.  \n  See PR [#​3296](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3296) for details.\n- **Migrate repository agent rules from `.clinerules` to `agents.md`**  \n  Moved repository agent/AI-assist rules into markdown documentation to make them more visible and easier to maintain.  \n  See PR [#​3313](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3313) for details.\n- **Migrate `Microsoft.IdentityModel.TestExtensions` from Newtonsoft.Json to System.Text.Json**  \n  Updated `Microsoft.IdentityModel.TestExtensions` to use `System.Text.Json` instead of `Newtonsoft.Json`, aligning tests with the runtime serialization stack.  \n  See PR [#​3356](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3356) for details.\n- **Disable code coverage comments**  \n  Turned off automated code coverage comments on PRs to reduce noise while retaining coverage data elsewhere.  \n  See PR [#​3349](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3349) for details.\n- **Fix CodeQL alerts**  \n  Addressed CodeQL-reported issues to improve security posture and static analysis cleanliness.  \n  See PR [#​3364](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3364) for details.\n\n### .NET 10 / SDK and tooling updates\n- **Building with .NET 10 preview / RC 1**  \n  Updated the repository to build and test against .NET 10.0 preview/RC1, ensuring early compatibility with the upcoming runtime.  \n  See PRs [#​3287](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3287), [#​3357](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3357), and [#​3358](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3358) for details.\n- **Fix .NET 10 test execution consistency**  \n  Ensured consistent use of the `TargetNetNext` parameter across build, test, and pack phases so .NET 10.0 tests execute reliably.  \n  See PR [#​3337](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3337) for details.\n- **Update project files and workflows for .NET 10.0 compatibility**  \n  Adjusted project files and CI workflows to correctly target and run on .NET 10.0, including test and pack scenarios.  \n  See PR [#​3363](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3363) for details.\n- **Update .NET version to meet CG compliance**  \n  Updated the .NET version references to be compliant with corporate governance (CG) requirements.  \n  See PR [#​3353](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3353) for details.\n- **Update Coverlet collector and test SDK**  \n  - Bumped `CoverletCollectorVersion` to 6.0.4.  \n    See PR [#​3333](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3333) for details.  \n  - Upgraded `Microsoft.NET.Test.Sdk` to a newer version for improved test reliability and tooling support.  \n ... (truncated)\n\n## 8.14.0\n\n8.14.0\n====\n## Bug Fixes\n- Switch back to use `ValidationResult` instead of `OperationResult` when validating a token in a new experimental validation flow. Additionally removed the dependency on Microsoft.IdentityModel.Abstractions. See [#​3299](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3299) for details.\n\n## 8.13.1\n\n8.13.1\n====\n## Dependencies\nMicrosoft.IdentityModel now depends on Microsoft.Identity.Abstractions 9.3.0\n\n## Bug Fixes\n- Fixed a decompression failure happening for large JWE payloads. See [#​3286](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3286) for details.\n\n### Work related to redesign of IdentityModel's token validation logic [#​2711](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2711)\n- Update the validation methods to return Microsoft.Identity.Abstractions.OperationResult. See [#​3284](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3284) for details.\n\n8.13.0\n\n## 8.13.0\n\n8.13.0\n====\n### Fundamentals\n- `CaseSensitiveClaimsIdentity.SecurityToken` setter is now protected internal (was internal). See PR [#​3278](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3278) for details.\n- Update .NET SDK version to 9.0.108 used when building or running the code. See PR [#​3274](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3274) for details.\n- Update RsaSecurityKey.cs to replace the Pkcs1 padding by Pss from HasPrivateKey check. See [#​3280](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3280) for details.\n\n## What's Changed\n* Make CaseSensitiveClaimsIdentity.SecurityToken setter protected by @​keegan-caruso in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3278\n* Update .NET SDK version in global.json from 9.0.107 to 9.0.108 by @​Copilot in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3274\n* Update RsaSecurityKey.cs to remove Pkcs 1 by @​keegan-caruso in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3280\n* changelog for 8.13 by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3282\n\n## New Contributors\n* @​Copilot made their first contribution in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3274\n\n**Full Changelog**: https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.12.1...8.13.0\n\n## 8.12.1\n\n8.12.1\n====\n### Fundamentals\n- Update .NET SDK version to 9.0.107 used when building or running the code. See [#​3263](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3263) for details.\n- To keep our experimental code separate from production code, all files associated with experimental features have been moved to the Experimental folders. See PR [#​3261](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3261) for details.\n- Experimental code leaked into TokenValidationResult from early prototypes. See PR [#​3259](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3259) for details.\n\n## What's Changed\n* Remove experimental code from TokenValidationResult by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3259\n* Moved files to experimental folder by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3261\n* Update global.json to latest by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3263\n\n\n**Full Changelog**: https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.12.0...8.12.1\n\n## 8.12.0\n\n8.12.0\n====\n\n## New Features\n- **Enhance ConfigurationManager with event handling**  \n  Added event handling capabilities to the `ConfigurationManager`, enabling consumers to subscribe to configuration change events. This enhancement improves extensibility and allows more responsive applications. For details see [#​3253](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3253)  \n\n## Bug Fixes\n- **Add expected Base64UrlEncoder.Decode overload for NET6 and 8**  \n  Introduced the expected overload of `Base64UrlEncoder.Decode` for .NET 6 and 8, ensuring compatibility and preventing missing method issues on these frameworks.  \n  For details see [#​3249](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3249)  \n\n## Fundamentals\n- **Add AI assist rules**  \n  Incorporated AI assist rules to enhance AI agents effectiveness.  \n  For details see [#​3255](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3255)  \n- **Update PublicApiAnalyzers and BannedApiAnalyzers to 4.14.0**  \n  Upgraded analyzer packages for improved diagnostics and code consistency (in particular delegates are added).  \n  For details see [#​3256](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3256)  \n- **Move suppression of RS006 to csproj**  \n  Centralized suppression of RS006 warnings in project files for easier management.  \n  For details see [#​3230](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3230)\n\n## What's Changed\n* Move suppression of RS006 to csproj. by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3230\n* Add expected Base64UrlEncoder.Decode overload for NET6 and 8 by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3250\n* add ai assist rules by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3255\n* Enhance ConfigurationManager with event handling by @​GeoK in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3254\n* Update PublicApiAnalyzers and BannedApiAnalyzers to 4.14.0 by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3256\n* Update CHANGELOG.md for 8.12.0 by @​jmprieur in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3258\n\n\n**Full Changelog**: https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.11.0...8.12.0\n\n## 8.11.0\n\n8.11.0\n=====\n## New Features:\n- Microsoft.IdentityModel now exposes the AadIssuerValidator factory method publicly to enable caching functionality for AadIssuerValidator instances. See issue [#​3245](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3245) for details.\n- Added a new public async API: `JsonWebTokenHandler.DecryptTokenWithConfigurationAsync`, which decrypts a JWE token using keys from either `TokenValidationParameters` or, if not present, from configuration (such as via a ConfigurationManager). This enhancement improves developer experience by enabling asynchronous, cancellation-aware JWE decryption scenarios, aligning with modern .NET async patterns and making integration with external key/configuration sources more robust and observable. See PR [#​3243](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3243) for details.\n\n## What's Changed\n* few updates by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3242\n* Changelog for 8.10.0 by @​sruke in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3241\n* Exposes publicly override of AadIssuerValidator factory taking a delegate by @​jmprieur in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3244\n* update current version to 8.10.0 by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3246\n* Add DecryptTokenWithConfiguration API by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3243\n* changelog for 8.11 by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3248\n\n\n**Full Changelog**: https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.10.0...8.11.0\n\n## 8.10.0\n\n8.10.0\n=====\n## Bug Fixes\n- Corrected casing of the Type attribute in SubjectConfirmationData. See [#​3206](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3206).\n- Removed Microsoft.Bcl.Memory dependency for pre-.NET 9.0 targets. See [#​3220](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/commit/33784b8ec0ff4300efad788535f90b3adc5bdfd1).\n- Aligned Microsoft.Extensions.Logging.Abstractions version to 8.0.0 for .NET 9 to match other targets. See [#​3226](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/commit/793bd34e945eb8ba7528cf87c4a29a29c4704a65).\n\n## Fundamentals\n- Introduced Long-Term Support (LTS) policy. See [#​3228](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/commit/946bec18cdeb26b8133a04e8c056dd5f17588f89) and [#​3232](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/commit/14842aedb3d57c32b9ce784061cd9beccbdd1eb1).\n\n## 8.9.0\n\n8.9.0\n=====\n## Bug Fixes\n- syncAfter has been updated to preserve UTC information, addressing a bug where GetConfigurationAsync does not refresh configuration in ConfigurationManager. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3213.\n- Fixed a null reference issue in KeyInfo. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3203.\n\n## New Features\n- Introduced a new delegate for reading custom token payload values on JsonWebToken. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2981.\n- Added an overload for ReadJsonWebToken to take a ReadOnlyMemory. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3205.\n\n## Fundamentals\n- Utilized IList to avoid enumerator allocation during audience validation. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3204.\n\n## 8.8.0\n\n8.8.0\n=====\n## New Features\n- Adds the ability for the metadata refresh to be done as a blocking call, as per 8.0.1 behavior. This is done through the `Switch.Microsoft.IdentityModel.UpdateConfigAsBlocking` switch. If set, configuration calls will be blocking when metadata is updated, otherwise, if token arrive with a new signing keys, validation errors will be returned to the caller. See PR [#​3193](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3193) for details.\n- Identity.Model updates some log and error messages (IDX10214, IDX10215). If the information is needed for debugging purposes, it can be reverted via the `Switch.Microsoft.IdentityModel.DoNotScrubExceptions` AppContextSwitch. See PR [#​3195](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3195) and https://aka.ms/identitymodel/app-context-switches for details.\n- Change all plain object locks to `System.Thread.Lock` objects for .NET 9 or greater. See PRs [#​3185](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3185) and [#​3189](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3189) for details.\n\n\n## 8.7.0\n\n## Bug Fixes\n- Add back internal methods `IsRecoverableException` and `IsRecoverableExceptionType` whose signatures were changed in the previous version. See [#​3181](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3181).\n\n## New Features\n- Make `Cnf` class public and move it to Microsoft.IdentityModel.Tokens package. See [#​3165](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3165).\n\n## What's Changed\n* Post Release 8.6.1 cleanup  by @​mdchennu in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3160\n* Updates CodeQL.yaml to exclude test files by @​sruke in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3163\n* Adds explanation for CodeQL warnings by @​sruke in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3167\n* Fix typo by @​rstm-sf in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3175\n* Need to change the locks by @​JoshLozensky in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3171\n* Move CNF from SHR to M.IM.Tokens by @​keegan-caruso in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3168\n* Add back IsRecoverableException methods. by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3183\n* Revert \"Need to change the locks\" by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3186\n* 8.7.0 changelog by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3184\n\n## New Contributors\n* @​rstm-sf made their first contribution in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3175\n\n**Full Changelog**: https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.6.1...8.7.0\n\n## 8.6.1\n\n8.6.1\n=====\n## Bug fix\n- Microsoft.IdentityModel now triggers a configuration refresh if token decryption fails. See issue [#​3148](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3148) for details.\n- Fix a bug in `JsonWebTokenHandler` where `JwtTokenDecryptionParameters`'s `Alg` and `Enc` were not set during token decryption, causing `IDX10611` and `IDX10619` errors to show null values in the messages. See issue [#​3003](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3003) for details.\n\n## Fundamentals\n- For development, IdentityModel now has a global.json file to specify the .NET SDK version. See issue [#​2995](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2995) for details.\n\n## What's Changed\n* Update version.props to next version by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3145\n* Update the public API shipped files by @​jmprieur in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3146\n* Add global.json file by @​mdchennu in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3153\n* Trigger metadata refresh for token decryption errors by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3149\n* Populate error messages correctly from JwtTokenUtilities.DecryptJwtToken by @​ksaaf in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3152\n* first changelog update by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3156\n\n## New Contributors\n* @​mdchennu made their first contribution in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3153\n* @​ksaaf made their first contribution in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3152\n\n**Full Changelog**: https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.6.0...8.6.1\n\n## 8.6.0\n\n8.6.0\n=====\n## New Features\n- TokenValidationParameters has a new boolean property `TryAllDecryptionKeys` that let you choose whether to try all decrypt keys when no key matches the token decrypt key IDs. By default it's set to **true** (legacy behavior) but you can set it to false to avoid tyring all keys which is more performant. See [#​3128](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3128)\n- Promote KeyInfo.MatchesKey from internal to protected internal virtual to enable SAML extensibility (for CoreWcf). See [#​3140](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3140)\n\n## Fundamentals\n* Update dependency on Microsoft.Extensions.Logging.Abstractions from 9.0.0 to 8.0.2 to avoid package downgrade in apps on .NET 9 using a netstandard2.0 library referencing logging.abstractions. See [3143](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3143)\n* Add more tests for encrypted tokens. See [#​3139](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3139)\n\n## What's Changed\n* Update CHANGELOG.md by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3133\n* Update version.props to next version by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3137\n* Add TryAllDecryptionKeys flag to whether decrypt if no key IDs match by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3128\n* Change KeyInfo.MatchesKey from internal to protected internal virtual. by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3140\n* Fix #​3112 by @​jmprieur in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3143\n* Add more auto-decryption related tests by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3139\n* Update changelog.md for 8.6.0 by @​jmprieur in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3144\n\n\n**Full Changelog**: https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.5.0...8.6.0\n\n## 8.5.0\n\n8.5.0\n=====\n## Reverting previous breaking change\n- The Configuration Manager has been reverted to version 8.3.1. The changes made in 8.4.0 assume the configuration manager is used as a singleton, which is similar to marking the type as disposable. We have since learned that [adding IDisposable is a breaking change](https://learn.microsoft.com/en-us/dotnet/fundamentals/runtime-libraries/system-idisposable), so we are following [semver guidance](https://semver.org/#what-do-i-do-if-i-accidentally-release-a-backward-incompatible-change-as-a-minor-version) and reverting and releasing a minor version (8.5.0).\n- Cherry-picked Changes: Included changes from PR [#​3022](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3022) and [#​3104](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3104).\n\n## What's Changed\n* Update version.props by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3126\n* fix formatting error by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3134\n* Revert configuration manager to 8.3.1 by @​keegan-caruso in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3132\n\n\n**Full Changelog**: https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.4.0...8.5.0\n\n## 8.4.0\n\n8.4.0\n=====\n## New Features\n- App context switch allows blocking or non-blocking calls for configuration. See PR [#​3106](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3106) for details and issue [#​3082](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3082) for details. If you are not using the ConfigurationManager as a singleton and not using the blocking option, you may need to call ShutdownBackgroundTask() to stop the background task to avoid leaking Tasks.\n- IdentityModel now enables symmetric and asymmetric keys to be created publicly with JWK. See [#​3094](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3094) for details.\n- IdentityModel now allows specifying the HTTP protocol version and version policy. See [#​2808](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2808) for details.\n\n## Repair items\n- Add request count and duration telemetry for configuration requests. See [#​3022](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3022) for details.\n- `KeyID` should be present in exception messages and is no longer PII. See [#​3104](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3104) for details.\n\n## Fundamentals\n- Fix spelling issues in xml comments. See [#​3117](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3117) for details.\n- Fix comment coverage in PR builds. See [#​3079](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3079) for details.\n\n### Work related to redesign of IdentityModel's token validation logic [#​2711](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2711)\n- See [#​3056](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3056). [#​3100](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3100), [#​3017](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3107), and [#​3111](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3111).\n- Add internal virtual on TokenHandler. See [#​3084](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3084) for details.\n\n* @​prochnowc made their first contribution in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2809\n\n## 8.3.1\n\n8.3.1\n=====\n## Bug Fixes\n* Respect TVP.RequireAudience when set to false. See [#​3055](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3055)\n* For net4.6.2 select RSACng for PSS support. See [#​3097](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3097)\n* Fix package downgrade in consuming libraries. See[#​3062](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3062)\n* Fix integer overflow in `AuthenticationEncryptionProvider.cs`. See [#​3063](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3063)\n\n## Fundamentals\n* Removed unused property on JsonWebToken ClaimsIdentity. See [#​3071](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3071) for details.\n* Upgrade to C# 13. See [#​2998](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2998)\n* Use new Base64Url API. See [#​22817](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2817)\n* Add warning quality check. See [#​3067](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3067)\n* Update dotnet actions. see [#​3074](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3074)\n* Fix warnings. See [#​3081](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3081)\n* Test updates in JsonWebToken. See [#​3080](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3080).\n\n### Work related to redesign of IdentityModel's token validation logic [#​2711](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2711)\n- [#​3027](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3027), [#​3028](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3028), [#​3051](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3051), [#​3054](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3054)\n\n## What's Changed\n* Update CHANGELOG.md by @​jmprieur in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3053\n* Extensibility tests: Audience - JWT, SAML and SAML2 by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3027\n* Extensibility tests: Lifetime - JWT, SAML and SAML2 by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3028\n* Implement lazy ClaimsIdentity creation from ValidatedToken on SAML and SAML2 on the new validation model by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3051\n* Add logging to the new validation model by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3054\n* update version by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3057\n* lower version to avoid downgrades. by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3058\n* Respect TVP.RequireAudience when set to false by @​kllysng in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3055\n* Fix package downgrade in consuming libraries by @​jmprieur in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3062\n* Add slnf for running perf and stress tests by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3066\n* Add Warning Quality Check Build Task 🔨 by @​kllysng in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3067\n* Update template-Build-run-tests-sign.yml by @​ciaozhang in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3069\n* Removed unused property on JsonWebToken by @​keegan-caruso in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3072\n* Update setup dotnet actions by @​keegan-caruso in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3074\n* fixed #​2983 and re-add code coverage comments to PRs by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3076\n* Remove duplicate keyid into var keysAttempted by @​bdapoigny in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2899\n* Upgrade to C# 13 by @​westin-m in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2998\n* Use new Base64Url API by @​msbw2 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2817\n* Update common.props by @​ciaozhang in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3078\n* fix warnings by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3081\n* Fixed integer overflow in AuthenticatedEncryptionProvider.cs by @​gparametr in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3063\n* Test updates by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3080\n* For net4.6.2 select RSACng for PSS support. by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3085\n* changelog for 8.3.1 by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3098\n\n## New Contributors\n* @​bdapoigny made their first contribution in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2899\n* @​gparametr made their first contribution in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3063\n\n ... (truncated)\n\n## 8.3.0\n\n## New features\n\n### Work related to redesign of IdentityModel's token validation logic [#​2711](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2711)\n* SAML and SAML2 new model validation: Token Replay. See [#​2994](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2994)\n* Extensibility tests: Token Type - JWT ([#​3030](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3030)), Issuer - SAML and SAML2 ([#​3026](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3026)), Algorithm and Signature - JWT, SAML and SAML2 ([#​3034](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3034)), Token Replay - JWT, SAML and SAML2 ([#​3032](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3032)),  Issuer signing key - JWT, SAML and SAML2 ([#​3029](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/302))\n* Avoid code duplication in extensibility testing. See [#​3041](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3041)\n* Extensibility Testing: Refactor. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3011\n* Remove duplicate code in extensibility tests. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3044\n\n## Bug fixes\n* Fix bug with AadIssuerValidator. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3042\n* Fixed SignedHttpRequest flaky test. See [#​3037](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3037)\n \n## Fundamentals\n* Install all .NET versions in pipeline to fix run tests task. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3018\n* Changelog for 8.2.1. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3009\n* Remove unnecessary AoT test project. See in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3045\n* Fix powershell script for nuget update. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3046\n* Update to next version. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3010\n* Disable Coverage PR comments. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3048\n* Updates GitHub Action to support long paths, See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3049\n* Stack parameters to improve reading of code. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3031\n\n## New Contributors\n* @​ssmelov made their first contribution in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3042\n\n**Full Changelog**: https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.2.1...8.3.0\n\n## 8.2.1\n\n8.2.1\n=====\n### New features\n- Update to use .NET 9 GA. See [2990](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2990).\n\n### Bug fixes\n- Remove dependency on Microsoft.Bcl.TimeProvider for .NET 8+ targets. See [2935](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2935).\n- Update cgmanifest to align with the JSON schema. See [2969](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2969).\n\n### Fundamentals\n- Streamline token creation in `SecurityTokenDescriptor`. See [2993](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2993).\n- Prevent inlining to guarantee stack frames in test. See [2999](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2999).\n\n### Work related to redesign of IdentityModel's token validation logic [#​2711](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2711)\n- Simplify stack frame caching. See [2976](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2976).\n- Implement reading SAML and SAML2 tokens. See [2980](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2980).\n- Implement validating SAML signature. See [2950](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2950).\n- Add tests for `IssuerExtensibility`. See [2987](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2987).\n- Add validation for SAML and SAML2 issuer signing key. See [2965](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2965).\n- Add validation for SAML and SAML2 algorithm. See [2984](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2984).\n\n## What's Changed\n* Microsoft.Rest.ClientRuntime has been deprecated, which results in so… by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2970\n* Update to next version after 8.2.0 release by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2975\n* Consolidating test statics by @​trwalke in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2956\n* New token validation model: Simplify stack frame caching by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2976\n* Remove dependency on Microsoft.Bcl.TimeProvider for .NET 8+ targets by @​filipnavara in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2935\n* Update cgmanifest to align with the JSON schema by @​jeffhandley in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2969\n* SAML and SAML2 new model validation: Read Token by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2980\n* SAML2 new model validation: Signature by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2961\n* JsonWebTokenHandler IssuerExtensibility by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2987\n* SAML and SAML2 new model validation: Issuer Signing Key by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2965\n* Ignore AotCompatibilityTests on ADO by @​jmprieur in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2992\n* SAML and SAML2 new model validation: Algorithm by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2984\n* Use SecurityTokenDescriptor when creating tokens by @​msbw2 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2991\n* Prevent inlining to guarantee stack frames in test by @​westin-m in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3002\n* Update to .NET 9 GA. Update some test dependencies. by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2990\n* Add Abstractions.Tests to strong name bypass file. by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3004\n\n## New Contributors\n* @​jeffhandley made their first contribution in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2969\n\n**Full Changelog**: https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.2.0...8.2.1\n\n## 8.2.0\n\n8.2.0\n=====\n### Fundamentals\n- Update System.Text.Json to 8.0.5 CVE-2024-43485. See [2892](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2892).\n- Using FixedTimeEquals in NETCore targets. See [2857](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2857).\n- Updated .NET 9 to RC 2 [2898](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2898).\n- Adds ability to create token without kid [2968](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2968)\n- Enables code coverage in PRs [2946](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2946)\n- Various test improvements:\n- [#​2953](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2953)\n- [#​2955](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2955)\n- [#​2951](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2951)\n- [#​2952](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2952)\n- [#​2947](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2947)\n\n### Work related to redesign of IdentityModel's token validation logic [#​2711](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2711)\n- Validates Audience for SAML2TokenHandler with New Model [2863](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2863)\n- Improvements to AudienceValidation [2902](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2902)\n- Added properties to ValidationResult [2923](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2923)\n- Implements Audience and Lifetime validations in SamlSecurityTokenHandler [2925](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2925)\n- Implements Issuer validation in SamlSecurityTokenHandler [2948](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2948)\n\n## What's Changed\n* update to next version by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2890\n* Use FixedTimeEquals in NETCore targets  by @​westin-m in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2857\n* Update System.Text.Json to 8.0.5 CVE-2024-43485 by @​msbw2 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2892\n* Update .NET 9 to RC 2 by @​msbw2 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2898\n* Validate Audience for SAML2TokenHandler with New Model by @​FuPingFranco in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2863\n* Regression tests: Issuer by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2868\n* Mark Wilson APIs as Shipped by @​westin-m in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2903\n* Add Tests for Lifetime Validation Using New Validation Model For SAML2 by @​FuPingFranco in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2906\n* Suggested changes to AudienceValidation by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2902\n* Extensibility tests: Audience by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2861\n* Added properties to ValidationResult without throwing by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2923\n* Extensibility tests: Lifetime by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2867\n* Regression tests: Issuer signing key by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2927\n* Do not serialize CaseSensitiveClaimsIdentity.SecurityToken. by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2896\n* Fix typo by @​westin-m in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2894\n* Implement and Test Audience and Lifetime validations in SamlSecurityTokenHandler with New Validation Model by @​FuPingFranco in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2925\n* Fix Flaky Tests: NameAndRoleClaimDelegates and RoleClaims by @​kellyyangsong in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2873\n* Regression tests: Signature by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2930\n* Validate Issuer Using New Validation Model in Saml2SecurityTokenHandler by @​FuPingFranco in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2929\n* Fix builds on macOS / Linux using the build.sh script by @​filipnavara in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2937\n* Regression tests: Algorithm by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2934\n* Regression tests: Token Type by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2932\n* Regression tests: Token Replay by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2931\n* Fix DevEx and IDDP builds such that when building internally, use an internal Nuget feed instead of nuget.org by @​kellyyangsong in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2936\n* Restore PopKeyResolvingTests.GetPopKeysFromJkuAsync by @​kellyyangsong in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2947\n* Restore skipped test: ReferenceCountingTest_MultiThreaded by @​kellyyangsong in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2952\n* Restore EnsureAotCompatibility test by @​kellyyangsong in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2951\n ... (truncated)\n\nCommits viewable in [compare view](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.1.2...8.18.0).\n\u003c/details\u003e\n\nUpdated [Microsoft.IdentityModel.Tokens](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet) from 8.1.2 to 8.18.0.\n\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\n_Sourced from [Microsoft.IdentityModel.Tokens's releases](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/releases)._\n\n## 8.18.0\n\n## New Features\n- Introduced a new interface `IConfigurationEventHandlerContextAware\u003cT\u003e` that provides context to the configuration event handler implementation, allowing it to optionally bypass a cache lookup. See [PR #​3444](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3444).\n- Added Microsoft.IdentityModel.Dpop — a new package implementing DPoP (Demonstrating Proof-of-Possession) per RFC 9449. Provides both client-side and server-side proof validation with no System.Net.Http dependency. See [PR #​3443](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3443).\n\n\n## 8.17.0\n\n## Dependencies\n* Downgrade MicrosoftExtensionsLoggingAbstractionsVersion to 8.0.0 on .NET 10. See [PR #​3435](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3435).\n\n\n## 8.16.0\n\n## New Features\n* Add telemetry around signature validation. See [PR #​3415](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3415) for details.\n\n## Fundamentals\n* Fix FileVersion format to use two-digit year and day of year. See [PR #​3389](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3389) for details.\n\n## 8.15.0\n\n## New Features\n- **Add ECDsa support in `X509SecurityKey` and `JsonWebKeyConverter.ConvertFromX509SecurityKey`**  \n  Extended `X509SecurityKey` and `JsonWebKeyConverter.ConvertFromX509SecurityKey` to support ECDSA keys.  \n  See PR [#​2377](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2377) for details.\n\n## Bug Fixes\n- **Sanitize logs to avoid leaking sensitive data**  \n  Updated logging to sanitize sensitive values, reducing the risk of inadvertently exposing secrets or PII in logs.  \n  See PR [#​3316](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3316) for details.\n- **Optimize log sanitization with `SearchValues`**  \n  Improved the performance of the log sanitization logic introduced earlier by using `SearchValues`, making sanitization more efficient in high-throughput scenarios.  \n  See PR [#​3341](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3341) for details.\n- **Update test for `IDX10400`**  \n  Adjusted the `IDX10400` test to align with the current behavior and error messaging.  \n  See PR [#​3314](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3314) for details.\n\n## Fundamentals\n- **Add supported algorithm tests**  \n  Added new tests to validate the set of supported cryptographic algorithms, increasing confidence in algorithm coverage and compatibility.  \n  See PR [#​3296](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3296) for details.\n- **Migrate repository agent rules from `.clinerules` to `agents.md`**  \n  Moved repository agent/AI-assist rules into markdown documentation to make them more visible and easier to maintain.  \n  See PR [#​3313](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3313) for details.\n- **Migrate `Microsoft.IdentityModel.TestExtensions` from Newtonsoft.Json to System.Text.Json**  \n  Updated `Microsoft.IdentityModel.TestExtensions` to use `System.Text.Json` instead of `Newtonsoft.Json`, aligning tests with the runtime serialization stack.  \n  See PR [#​3356](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3356) for details.\n- **Disable code coverage comments**  \n  Turned off automated code coverage comments on PRs to reduce noise while retaining coverage data elsewhere.  \n  See PR [#​3349](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3349) for details.\n- **Fix CodeQL alerts**  \n  Addressed CodeQL-reported issues to improve security posture and static analysis cleanliness.  \n  See PR [#​3364](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3364) for details.\n\n### .NET 10 / SDK and tooling updates\n- **Building with .NET 10 preview / RC 1**  \n  Updated the repository to build and test against .NET 10.0 preview/RC1, ensuring early compatibility with the upcoming runtime.  \n  See PRs [#​3287](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3287), [#​3357](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3357), and [#​3358](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3358) for details.\n- **Fix .NET 10 test execution consistency**  \n  Ensured consistent use of the `TargetNetNext` parameter across build, test, and pack phases so .NET 10.0 tests execute reliably.  \n  See PR [#​3337](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3337) for details.\n- **Update project files and workflows for .NET 10.0 compatibility**  \n  Adjusted project files and CI workflows to correctly target and run on .NET 10.0, including test and pack scenarios.  \n  See PR [#​3363](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3363) for details.\n- **Update .NET version to meet CG compliance**  \n  Updated the .NET version references to be compliant with corporate governance (CG) requirements.  \n  See PR [#​3353](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3353) for details.\n- **Update Coverlet collector and test SDK**  \n  - Bumped `CoverletCollectorVersion` to 6.0.4.  \n    See PR [#​3333](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3333) for details.  \n  - Upgraded `Microsoft.NET.Test.Sdk` to a newer version for improved test reliability and tooling support.  \n ... (truncated)\n\n## 8.14.0\n\n8.14.0\n====\n## Bug Fixes\n- Switch back to use `ValidationResult` instead of `OperationResult` when validating a token in a new experimental validation flow. Additionally removed the dependency on Microsoft.IdentityModel.Abstractions. See [#​3299](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3299) for details.\n\n## 8.13.1\n\n8.13.1\n====\n## Dependencies\nMicrosoft.IdentityModel now depends on Microsoft.Identity.Abstractions 9.3.0\n\n## Bug Fixes\n- Fixed a decompression failure happening for large JWE payloads. See [#​3286](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3286) for details.\n\n### Work related to redesign of IdentityModel's token validation logic [#​2711](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2711)\n- Update the validation methods to return Microsoft.Identity.Abstractions.OperationResult. See [#​3284](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3284) for details.\n\n8.13.0\n\n## 8.13.0\n\n8.13.0\n====\n### Fundamentals\n- `CaseSensitiveClaimsIdentity.SecurityToken` setter is now protected internal (was internal). See PR [#​3278](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3278) for details.\n- Update .NET SDK version to 9.0.108 used when building or running the code. See PR [#​3274](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3274) for details.\n- Update RsaSecurityKey.cs to replace the Pkcs1 padding by Pss from HasPrivateKey check. See [#​3280](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3280) for details.\n\n## What's Changed\n* Make CaseSensitiveClaimsIdentity.SecurityToken setter protected by @​keegan-caruso in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3278\n* Update .NET SDK version in global.json from 9.0.107 to 9.0.108 by @​Copilot in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3274\n* Update RsaSecurityKey.cs to remove Pkcs 1 by @​keegan-caruso in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3280\n* changelog for 8.13 by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3282\n\n## New Contributors\n* @​Copilot made their first contribution in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3274\n\n**Full Changelog**: https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.12.1...8.13.0\n\n## 8.12.1\n\n8.12.1\n====\n### Fundamentals\n- Update .NET SDK version to 9.0.107 used when building or running the code. See [#​3263](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3263) for details.\n- To keep our experimental code separate from production code, all files associated with experimental features have been moved to the Experimental folders. See PR [#​3261](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3261) for details.\n- Experimental code leaked into TokenValidationResult from early prototypes. See PR [#​3259](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3259) for details.\n\n## What's Changed\n* Remove experimental code from TokenValidationResult by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3259\n* Moved files to experimental folder by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3261\n* Update global.json to latest by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3263\n\n\n**Full Changelog**: https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.12.0...8.12.1\n\n## 8.12.0\n\n8.12.0\n====\n\n## New Features\n- **Enhance ConfigurationManager with event handling**  \n  Added event handling capabilities to the `ConfigurationManager`, enabling consumers to subscribe to configuration change events. This enhancement improves extensibility and allows more responsive applications. For details see [#​3253](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3253)  \n\n## Bug Fixes\n- **Add expected Base64UrlEncoder.Decode overload for NET6 and 8**  \n  Introduced the expected overload of `Base64UrlEncoder.Decode` for .NET 6 and 8, ensuring compatibility and preventing missing method issues on these frameworks.  \n  For details see [#​3249](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3249)  \n\n## Fundamentals\n- **Add AI assist rules**  \n  Incorporated AI assist rules to enhance AI agents effectiveness.  \n  For details see [#​3255](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3255)  \n- **Update PublicApiAnalyzers and BannedApiAnalyzers to 4.14.0**  \n  Upgraded analyzer packages for improved diagnostics and code consistency (in particular delegates are added).  \n  For details see [#​3256](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3256)  \n- **Move suppression of RS006 to csproj**  \n  Centralized suppression of RS006 warnings in project files for easier management.  \n  For details see [#​3230](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3230)\n\n## What's Changed\n* Move suppression of RS006 to csproj. by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3230\n* Add expected Base64UrlEncoder.Decode overload for NET6 and 8 by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3250\n* add ai assist rules by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3255\n* Enhance ConfigurationManager with event handling by @​GeoK in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3254\n* Update PublicApiAnalyzers and BannedApiAnalyzers to 4.14.0 by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3256\n* Update CHANGELOG.md for 8.12.0 by @​jmprieur in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3258\n\n\n**Full Changelog**: https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.11.0...8.12.0\n\n## 8.11.0\n\n8.11.0\n=====\n## New Features:\n- Microsoft.IdentityModel now exposes the AadIssuerValidator factory method publicly to enable caching functionality for AadIssuerValidator instances. See issue [#​3245](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3245) for details.\n- Added a new public async API: `JsonWebTokenHandler.DecryptTokenWithConfigurationAsync`, which decrypts a JWE token using keys from either `TokenValidationParameters` or, if not present, from configuration (such as via a ConfigurationManager). This enhancement improves developer experience by enabling asynchronous, cancellation-aware JWE decryption scenarios, aligning with modern .NET async patterns and making integration with external key/configuration sources more robust and observable. See PR [#​3243](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3243) for details.\n\n## What's Changed\n* few updates by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3242\n* Changelog for 8.10.0 by @​sruke in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3241\n* Exposes publicly override of AadIssuerValidator factory taking a delegate by @​jmprieur in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3244\n* update current version to 8.10.0 by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3246\n* Add DecryptTokenWithConfiguration API by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3243\n* changelog for 8.11 by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3248\n\n\n**Full Changelog**: https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.10.0...8.11.0\n\n## 8.10.0\n\n8.10.0\n=====\n## Bug Fixes\n- Corrected casing of the Type attribute in SubjectConfirm....\n\n_Description has been truncated_","html_url":"https://github.com/AzureCosmosDB/MCPToolKit/pull/112","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/AzureCosmosDB%2FMCPToolKit/issues/112","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/112/packages"}},{"old_version":null,"new_version":null,"update_type":null,"path":null,"pr_created_at":"2026-05-07T22:20:32.000Z","version_change":null,"issue":{"uuid":"4402371124","node_id":"PR_kwDOLkzEy87ZU3e9","number":134,"state":"open","title":"Bump MediatR and Microsoft.IdentityModel.JsonWebTokens","user":"dependabot[bot]","labels":[],"assignees":[],"locked":false,"comments_count":3,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-07T22:20:32.000Z","updated_at":"2026-05-07T22:39:55.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"MediatR","repository_url":"https://github.com/LuckyPennySoftware/MediatR"},{"name":"Microsoft.IdentityModel.JsonWebTokens","repository_url":"https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet"}],"path":null,"ecosystem":"nuget"},"body":"Updated [MediatR](https://github.com/LuckyPennySoftware/MediatR) from 12.4.1 to 14.1.0.\n\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\n_Sourced from [MediatR's releases](https://github.com/LuckyPennySoftware/MediatR/releases)._\n\n## 14.1.0\n\n## What's Changed\n* Migrating to slnx by @​jbogard in https://github.com/LuckyPennySoftware/MediatR/pull/1147\n* Remove Azure-dependent CI steps to fix forked PR builds by @​Copilot in https://github.com/LuckyPennySoftware/MediatR/pull/1154\n* Handling nested generic arguments by @​jbogard in https://github.com/LuckyPennySoftware/MediatR/pull/1155\n* Handling F# assemblies correctly by catching reflection exceptions an… by @​jbogard in https://github.com/LuckyPennySoftware/MediatR/pull/1156\n* Simplify CheckLicense to use GetRequiredService instead of fallback constructors by @​Copilot in https://github.com/LuckyPennySoftware/MediatR/pull/1158\n* Fix: Cryptic \"No constructor\" Error When ILoggerFactory Is Not Registered (Issue #​1153) by @​jbogard in https://github.com/LuckyPennySoftware/MediatR/pull/1157\n* De-duping notification handlers before dispatching by @​jbogard in https://github.com/LuckyPennySoftware/MediatR/pull/1159\n* Log warning when perpetual license cannot be applied due to missing build date by @​Copilot in https://github.com/LuckyPennySoftware/MediatR/pull/1163\n* Perpetual licensing by @​jbogard in https://github.com/LuckyPennySoftware/MediatR/pull/1162\n\n## New Contributors\n* @​Copilot made their first contribution in https://github.com/LuckyPennySoftware/MediatR/pull/1154\n\n**Full Changelog**: https://github.com/LuckyPennySoftware/MediatR/compare/v14.0.0...v14.1.0\n\n## 14.0.0\n\n## What's Changed\n* Bumping to .NET 10 by @​jbogard in https://github.com/LuckyPennySoftware/MediatR/pull/1143\n* Enabling package signing\n\n**Full Changelog**: https://github.com/LuckyPennySoftware/MediatR/compare/v13.1.0...v14.0.0\n\n## 14.0.0-beta-1\n\n## What's Changed\n* Bumping to .NET 10 by @​jbogard in https://github.com/LuckyPennySoftware/MediatR/pull/1143\n* [Signed packages](https://learn.microsoft.com/en-us/nuget/create-packages/sign-a-package)\n\n**Full Changelog**: https://github.com/LuckyPennySoftware/MediatR/compare/v13.1.0...v14.0.0-beta-1\n\nThis release is a beta release that introduces .NET 10 support and package signing. Signed packages means going forward packages can be validated against trusted authorities that the package has been published by Lucky Penny Software and not tampered with.\n\n## 13.1.0\n\n## What's Changed\n* Do not require non-public license classes to be registered; fixes #​1127 by @​jbogard in https://github.com/LuckyPennySoftware/MediatR/pull/1129\n* Adding direct .NET 4.x support by @​jbogard in https://github.com/LuckyPennySoftware/MediatR/pull/1131\n* Update release.yml by @​dhgatjeye in https://github.com/LuckyPennySoftware/MediatR/pull/1132\n* Allowing static license key values by @​jbogard in https://github.com/LuckyPennySoftware/MediatR/pull/1136\n* Dependency Injection tests for various providers by @​jithu7432 in https://github.com/LuckyPennySoftware/MediatR/pull/1134\n* Upgrade to System.Text.Json version without transitive vulnerability by @​kanilsz in https://github.com/LuckyPennySoftware/MediatR/pull/1139\n* Add DI tests for `LightInject`, `StashBox`, `Lamar` by @​jithu7432 in https://github.com/LuckyPennySoftware/MediatR/pull/1137\n\n## New Contributors\n* @​dhgatjeye made their first contribution in https://github.com/LuckyPennySoftware/MediatR/pull/1132\n* @​kanilsz made their first contribution in https://github.com/LuckyPennySoftware/MediatR/pull/1139\n\n**Full Changelog**: https://github.com/LuckyPennySoftware/MediatR/compare/v13.0.0...v13.1.0\n\n## 13.0.0\n\n**Full Changelog**: https://github.com/LuckyPennySoftware/MediatR/compare/v12.5.0...v13.0.0\n\n* Added support for .NET Standard 2.0\n* Requiring license key\n* Moving from Apache license to dual commercial/OSS license\n\nTo set your license key:\n\n```csharp\nservices.AddMediatR(cfg =\u003e {\n    cfg.LicenseKey = \"\u003cLicense key here\u003e\";\n});\n```\n\nYou can obtain your license key at [MediatR.io](https://mediatr.io)\n\n## 12.5.0\n\n## What's Changed\n* Open behavior multiple registration extensions by @​Emopusta in https://github.com/jbogard/MediatR/pull/1065\n* Remove duplicate `Nullable` property from `MediatR.Contracts` by @​jithu7432 in https://github.com/jbogard/MediatR/pull/1061\n* Timeout behavior support by @​zachpainter77 in https://github.com/jbogard/MediatR/pull/1058\n* GitHub Actions upload-artifacts@​v2 deprecated moving to v4 by @​jithu7432 in https://github.com/jbogard/MediatR/pull/1072\n* update MinVer from 4.3.0 to 6.0.0 by @​adamralph in https://github.com/jbogard/MediatR/pull/1102\n* Update setup-dotnet package version. by @​Emopusta in https://github.com/jbogard/MediatR/pull/1086\n* Add test for multiple open behavior registration feature. by @​Emopusta in https://github.com/jbogard/MediatR/pull/1077\n* Add validation and comments to OpenBehavior entity. by @​Emopusta in https://github.com/jbogard/MediatR/pull/1078\n* Passing CancellationToken to the call chain by @​podobaas in https://github.com/jbogard/MediatR/pull/1100\n\n## New Contributors\n* @​Emopusta made their first contribution in https://github.com/jbogard/MediatR/pull/1065\n* @​jithu7432 made their first contribution in https://github.com/jbogard/MediatR/pull/1061\n* @​podobaas made their first contribution in https://github.com/jbogard/MediatR/pull/1100\n\n**Full Changelog**: https://github.com/jbogard/MediatR/compare/v12.4.1...v12.5.0\n\nCommits viewable in [compare view](https://github.com/LuckyPennySoftware/MediatR/compare/v12.4.1...v14.1.0).\n\u003c/details\u003e\n\nUpdated [Microsoft.IdentityModel.JsonWebTokens](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet) from 7.4.0 to 8.14.0.\n\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\n_Sourced from [Microsoft.IdentityModel.JsonWebTokens's releases](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/releases)._\n\n## 8.14.0\n\n8.14.0\n====\n## Bug Fixes\n- Switch back to use `ValidationResult` instead of `OperationResult` when validating a token in a new experimental validation flow. Additionally removed the dependency on Microsoft.IdentityModel.Abstractions. See [#​3299](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3299) for details.\n\n## 8.13.1\n\n8.13.1\n====\n## Dependencies\nMicrosoft.IdentityModel now depends on Microsoft.Identity.Abstractions 9.3.0\n\n## Bug Fixes\n- Fixed a decompression failure happening for large JWE payloads. See [#​3286](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3286) for details.\n\n### Work related to redesign of IdentityModel's token validation logic [#​2711](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2711)\n- Update the validation methods to return Microsoft.Identity.Abstractions.OperationResult. See [#​3284](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3284) for details.\n\n8.13.0\n\n## 8.13.0\n\n8.13.0\n====\n### Fundamentals\n- `CaseSensitiveClaimsIdentity.SecurityToken` setter is now protected internal (was internal). See PR [#​3278](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3278) for details.\n- Update .NET SDK version to 9.0.108 used when building or running the code. See PR [#​3274](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3274) for details.\n- Update RsaSecurityKey.cs to replace the Pkcs1 padding by Pss from HasPrivateKey check. See [#​3280](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3280) for details.\n\n## What's Changed\n* Make CaseSensitiveClaimsIdentity.SecurityToken setter protected by @​keegan-caruso in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3278\n* Update .NET SDK version in global.json from 9.0.107 to 9.0.108 by @​Copilot in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3274\n* Update RsaSecurityKey.cs to remove Pkcs 1 by @​keegan-caruso in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3280\n* changelog for 8.13 by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3282\n\n## New Contributors\n* @​Copilot made their first contribution in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3274\n\n**Full Changelog**: https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.12.1...8.13.0\n\n## 8.12.1\n\n8.12.1\n====\n### Fundamentals\n- Update .NET SDK version to 9.0.107 used when building or running the code. See [#​3263](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3263) for details.\n- To keep our experimental code separate from production code, all files associated with experimental features have been moved to the Experimental folders. See PR [#​3261](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3261) for details.\n- Experimental code leaked into TokenValidationResult from early prototypes. See PR [#​3259](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3259) for details.\n\n## What's Changed\n* Remove experimental code from TokenValidationResult by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3259\n* Moved files to experimental folder by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3261\n* Update global.json to latest by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3263\n\n\n**Full Changelog**: https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.12.0...8.12.1\n\n## 8.12.0\n\n8.12.0\n====\n\n## New Features\n- **Enhance ConfigurationManager with event handling**  \n  Added event handling capabilities to the `ConfigurationManager`, enabling consumers to subscribe to configuration change events. This enhancement improves extensibility and allows more responsive applications. For details see [#​3253](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3253)  \n\n## Bug Fixes\n- **Add expected Base64UrlEncoder.Decode overload for NET6 and 8**  \n  Introduced the expected overload of `Base64UrlEncoder.Decode` for .NET 6 and 8, ensuring compatibility and preventing missing method issues on these frameworks.  \n  For details see [#​3249](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3249)  \n\n## Fundamentals\n- **Add AI assist rules**  \n  Incorporated AI assist rules to enhance AI agents effectiveness.  \n  For details see [#​3255](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3255)  \n- **Update PublicApiAnalyzers and BannedApiAnalyzers to 4.14.0**  \n  Upgraded analyzer packages for improved diagnostics and code consistency (in particular delegates are added).  \n  For details see [#​3256](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3256)  \n- **Move suppression of RS006 to csproj**  \n  Centralized suppression of RS006 warnings in project files for easier management.  \n  For details see [#​3230](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3230)\n\n## What's Changed\n* Move suppression of RS006 to csproj. by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3230\n* Add expected Base64UrlEncoder.Decode overload for NET6 and 8 by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3250\n* add ai assist rules by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3255\n* Enhance ConfigurationManager with event handling by @​GeoK in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3254\n* Update PublicApiAnalyzers and BannedApiAnalyzers to 4.14.0 by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3256\n* Update CHANGELOG.md for 8.12.0 by @​jmprieur in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3258\n\n\n**Full Changelog**: https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.11.0...8.12.0\n\n## 8.11.0\n\n8.11.0\n=====\n## New Features:\n- Microsoft.IdentityModel now exposes the AadIssuerValidator factory method publicly to enable caching functionality for AadIssuerValidator instances. See issue [#​3245](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3245) for details.\n- Added a new public async API: `JsonWebTokenHandler.DecryptTokenWithConfigurationAsync`, which decrypts a JWE token using keys from either `TokenValidationParameters` or, if not present, from configuration (such as via a ConfigurationManager). This enhancement improves developer experience by enabling asynchronous, cancellation-aware JWE decryption scenarios, aligning with modern .NET async patterns and making integration with external key/configuration sources more robust and observable. See PR [#​3243](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3243) for details.\n\n## What's Changed\n* few updates by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3242\n* Changelog for 8.10.0 by @​sruke in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3241\n* Exposes publicly override of AadIssuerValidator factory taking a delegate by @​jmprieur in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3244\n* update current version to 8.10.0 by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3246\n* Add DecryptTokenWithConfiguration API by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3243\n* changelog for 8.11 by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3248\n\n\n**Full Changelog**: https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.10.0...8.11.0\n\n## 8.10.0\n\n8.10.0\n=====\n## Bug Fixes\n- Corrected casing of the Type attribute in SubjectConfirmationData. See [#​3206](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3206).\n- Removed Microsoft.Bcl.Memory dependency for pre-.NET 9.0 targets. See [#​3220](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/commit/33784b8ec0ff4300efad788535f90b3adc5bdfd1).\n- Aligned Microsoft.Extensions.Logging.Abstractions version to 8.0.0 for .NET 9 to match other targets. See [#​3226](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/commit/793bd34e945eb8ba7528cf87c4a29a29c4704a65).\n\n## Fundamentals\n- Introduced Long-Term Support (LTS) policy. See [#​3228](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/commit/946bec18cdeb26b8133a04e8c056dd5f17588f89) and [#​3232](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/commit/14842aedb3d57c32b9ce784061cd9beccbdd1eb1).\n\n## 8.9.0\n\n8.9.0\n=====\n## Bug Fixes\n- syncAfter has been updated to preserve UTC information, addressing a bug where GetConfigurationAsync does not refresh configuration in ConfigurationManager. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3213.\n- Fixed a null reference issue in KeyInfo. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3203.\n\n## New Features\n- Introduced a new delegate for reading custom token payload values on JsonWebToken. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2981.\n- Added an overload for ReadJsonWebToken to take a ReadOnlyMemory. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3205.\n\n## Fundamentals\n- Utilized IList to avoid enumerator allocation during audience validation. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3204.\n\n## 8.8.0\n\n8.8.0\n=====\n## New Features\n- Adds the ability for the metadata refresh to be done as a blocking call, as per 8.0.1 behavior. This is done through the `Switch.Microsoft.IdentityModel.UpdateConfigAsBlocking` switch. If set, configuration calls will be blocking when metadata is updated, otherwise, if token arrive with a new signing keys, validation errors will be returned to the caller. See PR [#​3193](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3193) for details.\n- Identity.Model updates some log and error messages (IDX10214, IDX10215). If the information is needed for debugging purposes, it can be reverted via the `Switch.Microsoft.IdentityModel.DoNotScrubExceptions` AppContextSwitch. See PR [#​3195](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3195) and https://aka.ms/identitymodel/app-context-switches for details.\n- Change all plain object locks to `System.Thread.Lock` objects for .NET 9 or greater. See PRs [#​3185](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3185) and [#​3189](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3189) for details.\n\n\n## 8.7.0\n\n## Bug Fixes\n- Add back internal methods `IsRecoverableException` and `IsRecoverableExceptionType` whose signatures were changed in the previous version. See [#​3181](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3181).\n\n## New Features\n- Make `Cnf` class public and move it to Microsoft.IdentityModel.Tokens package. See [#​3165](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3165).\n\n## What's Changed\n* Post Release 8.6.1 cleanup  by @​mdchennu in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3160\n* Updates CodeQL.yaml to exclude test files by @​sruke in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3163\n* Adds explanation for CodeQL warnings by @​sruke in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3167\n* Fix typo by @​rstm-sf in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3175\n* Need to change the locks by @​JoshLozensky in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3171\n* Move CNF from SHR to M.IM.Tokens by @​keegan-caruso in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3168\n* Add back IsRecoverableException methods. by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3183\n* Revert \"Need to change the locks\" by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3186\n* 8.7.0 changelog by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3184\n\n## New Contributors\n* @​rstm-sf made their first contribution in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3175\n\n**Full Changelog**: https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.6.1...8.7.0\n\n## 8.6.1\n\n8.6.1\n=====\n## Bug fix\n- Microsoft.IdentityModel now triggers a configuration refresh if token decryption fails. See issue [#​3148](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3148) for details.\n- Fix a bug in `JsonWebTokenHandler` where `JwtTokenDecryptionParameters`'s `Alg` and `Enc` were not set during token decryption, causing `IDX10611` and `IDX10619` errors to show null values in the messages. See issue [#​3003](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3003) for details.\n\n## Fundamentals\n- For development, IdentityModel now has a global.json file to specify the .NET SDK version. See issue [#​2995](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2995) for details.\n\n## What's Changed\n* Update version.props to next version by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3145\n* Update the public API shipped files by @​jmprieur in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3146\n* Add global.json file by @​mdchennu in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3153\n* Trigger metadata refresh for token decryption errors by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3149\n* Populate error messages correctly from JwtTokenUtilities.DecryptJwtToken by @​ksaaf in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3152\n* first changelog update by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3156\n\n## New Contributors\n* @​mdchennu made their first contribution in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3153\n* @​ksaaf made their first contribution in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3152\n\n**Full Changelog**: https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.6.0...8.6.1\n\n## 8.6.0\n\n8.6.0\n=====\n## New Features\n- TokenValidationParameters has a new boolean property `TryAllDecryptionKeys` that let you choose whether to try all decrypt keys when no key matches the token decrypt key IDs. By default it's set to **true** (legacy behavior) but you can set it to false to avoid tyring all keys which is more performant. See [#​3128](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3128)\n- Promote KeyInfo.MatchesKey from internal to protected internal virtual to enable SAML extensibility (for CoreWcf). See [#​3140](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3140)\n\n## Fundamentals\n* Update dependency on Microsoft.Extensions.Logging.Abstractions from 9.0.0 to 8.0.2 to avoid package downgrade in apps on .NET 9 using a netstandard2.0 library referencing logging.abstractions. See [3143](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3143)\n* Add more tests for encrypted tokens. See [#​3139](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3139)\n\n## What's Changed\n* Update CHANGELOG.md by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3133\n* Update version.props to next version by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3137\n* Add TryAllDecryptionKeys flag to whether decrypt if no key IDs match by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3128\n* Change KeyInfo.MatchesKey from internal to protected internal virtual. by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3140\n* Fix #​3112 by @​jmprieur in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3143\n* Add more auto-decryption related tests by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3139\n* Update changelog.md for 8.6.0 by @​jmprieur in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3144\n\n\n**Full Changelog**: https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.5.0...8.6.0\n\n## 8.5.0\n\n8.5.0\n=====\n## Reverting previous breaking change\n- The Configuration Manager has been reverted to version 8.3.1. The changes made in 8.4.0 assume the configuration manager is used as a singleton, which is similar to marking the type as disposable. We have since learned that [adding IDisposable is a breaking change](https://learn.microsoft.com/en-us/dotnet/fundamentals/runtime-libraries/system-idisposable), so we are following [semver guidance](https://semver.org/#what-do-i-do-if-i-accidentally-release-a-backward-incompatible-change-as-a-minor-version) and reverting and releasing a minor version (8.5.0).\n- Cherry-picked Changes: Included changes from PR [#​3022](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3022) and [#​3104](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3104).\n\n## What's Changed\n* Update version.props by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3126\n* fix formatting error by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3134\n* Revert configuration manager to 8.3.1 by @​keegan-caruso in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3132\n\n\n**Full Changelog**: https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.4.0...8.5.0\n\n## 8.4.0\n\n8.4.0\n=====\n## New Features\n- App context switch allows blocking or non-blocking calls for configuration. See PR [#​3106](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3106) for details and issue [#​3082](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3082) for details. If you are not using the ConfigurationManager as a singleton and not using the blocking option, you may need to call ShutdownBackgroundTask() to stop the background task to avoid leaking Tasks.\n- IdentityModel now enables symmetric and asymmetric keys to be created publicly with JWK. See [#​3094](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3094) for details.\n- IdentityModel now allows specifying the HTTP protocol version and version policy. See [#​2808](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2808) for details.\n\n## Repair items\n- Add request count and duration telemetry for configuration requests. See [#​3022](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3022) for details.\n- `KeyID` should be present in exception messages and is no longer PII. See [#​3104](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3104) for details.\n\n## Fundamentals\n- Fix spelling issues in xml comments. See [#​3117](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3117) for details.\n- Fix comment coverage in PR builds. See [#​3079](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3079) for details.\n\n### Work related to redesign of IdentityModel's token validation logic [#​2711](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2711)\n- See [#​3056](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3056). [#​3100](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3100), [#​3017](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3107), and [#​3111](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3111).\n- Add internal virtual on TokenHandler. See [#​3084](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3084) for details.\n\n* @​prochnowc made their first contribution in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2809\n\n## 8.3.1\n\n8.3.1\n=====\n## Bug Fixes\n* Respect TVP.RequireAudience when set to false. See [#​3055](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3055)\n* For net4.6.2 select RSACng for PSS support. See [#​3097](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3097)\n* Fix package downgrade in consuming libraries. See[#​3062](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3062)\n* Fix integer overflow in `AuthenticationEncryptionProvider.cs`. See [#​3063](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3063)\n\n## Fundamentals\n* Removed unused property on JsonWebToken ClaimsIdentity. See [#​3071](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3071) for details.\n* Upgrade to C# 13. See [#​2998](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2998)\n* Use new Base64Url API. See [#​22817](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2817)\n* Add warning quality check. See [#​3067](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3067)\n* Update dotnet actions. see [#​3074](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3074)\n* Fix warnings. See [#​3081](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3081)\n* Test updates in JsonWebToken. See [#​3080](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3080).\n\n### Work related to redesign of IdentityModel's token validation logic [#​2711](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2711)\n- [#​3027](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3027), [#​3028](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3028), [#​3051](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3051), [#​3054](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3054)\n\n## What's Changed\n* Update CHANGELOG.md by @​jmprieur in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3053\n* Extensibility tests: Audience - JWT, SAML and SAML2 by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3027\n* Extensibility tests: Lifetime - JWT, SAML and SAML2 by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3028\n* Implement lazy ClaimsIdentity creation from ValidatedToken on SAML and SAML2 on the new validation model by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3051\n* Add logging to the new validation model by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3054\n* update version by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3057\n* lower version to avoid downgrades. by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3058\n* Respect TVP.RequireAudience when set to false by @​kllysng in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3055\n* Fix package downgrade in consuming libraries by @​jmprieur in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3062\n* Add slnf for running perf and stress tests by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3066\n* Add Warning Quality Check Build Task 🔨 by @​kllysng in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3067\n* Update template-Build-run-tests-sign.yml by @​ciaozhang in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3069\n* Removed unused property on JsonWebToken by @​keegan-caruso in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3072\n* Update setup dotnet actions by @​keegan-caruso in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3074\n* fixed #​2983 and re-add code coverage comments to PRs by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3076\n* Remove duplicate keyid into var keysAttempted by @​bdapoigny in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2899\n* Upgrade to C# 13 by @​westin-m in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2998\n* Use new Base64Url API by @​msbw2 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2817\n* Update common.props by @​ciaozhang in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3078\n* fix warnings by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3081\n* Fixed integer overflow in AuthenticatedEncryptionProvider.cs by @​gparametr in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3063\n* Test updates by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3080\n* For net4.6.2 select RSACng for PSS support. by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3085\n* changelog for 8.3.1 by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3098\n\n## New Contributors\n* @​bdapoigny made their first contribution in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2899\n* @​gparametr made their first contribution in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3063\n\n ... (truncated)\n\n## 8.3.0\n\n## New features\n\n### Work related to redesign of IdentityModel's token validation logic [#​2711](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2711)\n* SAML and SAML2 new model validation: Token Replay. See [#​2994](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2994)\n* Extensibility tests: Token Type - JWT ([#​3030](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3030)), Issuer - SAML and SAML2 ([#​3026](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3026)), Algorithm and Signature - JWT, SAML and SAML2 ([#​3034](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3034)), Token Replay - JWT, SAML and SAML2 ([#​3032](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3032)),  Issuer signing key - JWT, SAML and SAML2 ([#​3029](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/302))\n* Avoid code duplication in extensibility testing. See [#​3041](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3041)\n* Extensibility Testing: Refactor. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3011\n* Remove duplicate code in extensibility tests. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3044\n\n## Bug fixes\n* Fix bug with AadIssuerValidator. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3042\n* Fixed SignedHttpRequest flaky test. See [#​3037](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3037)\n \n## Fundamentals\n* Install all .NET versions in pipeline to fix run tests task. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3018\n* Changelog for 8.2.1. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3009\n* Remove unnecessary AoT test project. See in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3045\n* Fix powershell script for nuget update. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3046\n* Update to next version. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3010\n* Disable Coverage PR comments. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3048\n* Updates GitHub Action to support long paths, See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3049\n* Stack parameters to improve reading of code. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3031\n\n## New Contributors\n* @​ssmelov made their first contribution in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3042\n\n**Full Changelog**: https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.2.1...8.3.0\n\n## 8.2.1\n\n8.2.1\n=====\n### New features\n- Update to use .NET 9 GA. See [2990](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2990).\n\n### Bug fixes\n- Remove dependency on Microsoft.Bcl.TimeProvider for .NET 8+ targets. See [2935](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2935).\n- Update cgmanifest to align with the JSON schema. See [2969](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2969).\n\n### Fundamentals\n- Streamline token creation in `SecurityTokenDescriptor`. See [2993](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2993).\n- Prevent inlining to guarantee stack frames in test. See [2999](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2999).\n\n### Work related to redesign of IdentityModel's token validation logic [#​2711](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2711)\n- Simplify stack frame caching. See [2976](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2976).\n- Implement reading SAML and SAML2 tokens. See [2980](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2980).\n- Implement validating SAML signature. See [2950](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2950).\n- Add tests for `IssuerExtensibility`. See [2987](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2987).\n- Add validation for SAML and SAML2 issuer signing key. See [2965](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2965).\n- Add validation for SAML and SAML2 algorithm. See [2984](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2984).\n\n## What's Changed\n* Microsoft.Rest.ClientRuntime has been deprecated, which results in so… by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2970\n* Update to next version after 8.2.0 release by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2975\n* Consolidating test statics by @​trwalke in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2956\n* New token validation model: Simplify stack frame caching by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2976\n* Remove dependency on Microsoft.Bcl.TimeProvider for .NET 8+ targets by @​filipnavara in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2935\n* Update cgmanifest to align with the JSON schema by @​jeffhandley in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2969\n* SAML and SAML2 new model validation: Read Token by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2980\n* SAML2 new model validation: Signature by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2961\n* JsonWebTokenHandler IssuerExtensibility by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2987\n* SAML and SAML2 new model validation: Issuer Signing Key by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2965\n* Ignore AotCompatibilityTests on ADO by @​jmprieur in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2992\n* SAML and SAML2 new model validation: Algorithm by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2984\n* Use SecurityTokenDescriptor when creating tokens by @​msbw2 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2991\n* Prevent inlining to guarantee stack frames in test by @​westin-m in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3002\n* Update to .NET 9 GA. Update some test dependencies. by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2990\n* Add Abstractions.Tests to strong name bypass file. by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3004\n\n## New Contributors\n* @​jeffhandley made their first contribution in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2969\n\n**Full Changelog**: https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.2.0...8.2.1\n\n## 8.2.0\n\n8.2.0\n=====\n### Fundamentals\n- Update System.Text.Json to 8.0.5 CVE-2024-43485. See [2892](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2892).\n- Using FixedTimeEquals in NETCore targets. See [2857](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2857).\n- Updated .NET 9 to RC 2 [2898](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2898).\n- Adds ability to create token without kid [2968](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2968)\n- Enables code coverage in PRs [2946](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2946)\n- Various test improvements:\n- [#​2953](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2953)\n- [#​2955](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2955)\n- [#​2951](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2951)\n- [#​2952](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2952)\n- [#​2947](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2947)\n\n### Work related to redesign of IdentityModel's token validation logic [#​2711](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2711)\n- Validates Audience for SAML2TokenHandler with New Model [2863](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2863)\n- Improvements to AudienceValidation [2902](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2902)\n- Added properties to ValidationResult [2923](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2923)\n- Implements Audience and Lifetime validations in SamlSecurityTokenHandler [2925](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2925)\n- Implements Issuer validation in SamlSecurityTokenHandler [2948](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2948)\n\n## What's Changed\n* update to next version by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2890\n* Use FixedTimeEquals in NETCore targets  by @​westin-m in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2857\n* Update System.Text.Json to 8.0.5 CVE-2024-43485 by @​msbw2 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2892\n* Update .NET 9 to RC 2 by @​msbw2 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2898\n* Validate Audience for SAML2TokenHandler with New Model by @​FuPingFranco in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2863\n* Regression tests: Issuer by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2868\n* Mark Wilson APIs as Shipped by @​westin-m in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2903\n* Add Tests for Lifetime Validation Using New Validation Model For SAML2 by @​FuPingFranco in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2906\n* Suggested changes to AudienceValidation by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2902\n* Extensibility tests: Audience by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2861\n* Added properties to ValidationResult without throwing by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2923\n* Extensibility tests: Lifetime by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2867\n* Regression tests: Issuer signing key by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2927\n* Do not serialize CaseSensitiveClaimsIdentity.SecurityToken. by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2896\n* Fix typo by @​westin-m in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2894\n* Implement and Test Audience and Lifetime validations in SamlSecurityTokenHandler with New Validation Model by @​FuPingFranco in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2925\n* Fix Flaky Tests: NameAndRoleClaimDelegates and RoleClaims by @​kellyyangsong in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2873\n* Regression tests: Signature by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2930\n* Validate Issuer Using New Validation Model in Saml2SecurityTokenHandler by @​FuPingFranco in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2929\n* Fix builds on macOS / Linux using the build.sh script by @​filipnavara in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2937\n* Regression tests: Algorithm by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2934\n* Regression tests: Token Type by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2932\n* Regression tests: Token Replay by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2931\n* Fix DevEx and IDDP builds such that when building internally, use an internal Nuget feed instead of nuget.org by @​kellyyangsong in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2936\n* Restore PopKeyResolvingTests.GetPopKeysFromJkuAsync by @​kellyyangsong in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2947\n* Restore skipped test: ReferenceCountingTest_MultiThreaded by @​kellyyangsong in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2952\n* Restore EnsureAotCompatibility test by @​kellyyangsong in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2951\n ... (truncated)\n\n## 8.1.2\n\n## What's Changed\n\n### Bug fixes\n\n* CaseSensitiveClaimsIdentity.Clone() now returns a `CaseSensitiveClaimsIdentity` as expected, by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2879\n* Multiple unused and unusable (for the moment) public APIs were removed. These were introduced by mistake leaking from the work done on logging and exception handling, by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2888\n\n### Fundamentals\n* Enabled PublicApiAnalyzers to better understand and trace changes to the public API, by @​keegan-caruso in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2782\n\n\n**Full Changelog**: https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.1.1...8.1.2\n\n## 8.1.1\n\n8.1.1\n=====\n### Bug fixes\n- Fix bug where ConfigurationManager was updating keys too frequently. See [2866](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2866) for details.\n\n## What's Changed\n* Rename validation delegates by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2847\n* Remove TransformBeforeSignatureValidationDelegate from ValidationParameters by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2848\n* Add disable discovery enumeration = true to all theory tests by @​kellyyangsong in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2849\n* Make CaseSensitiveClaimIdentity serializable by @​kellyyangsong in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2850\n* Remove Obsolete BinaryFormatter  by @​kellyyangsong in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2851\n* Refactor ValidateConditions in Saml2SecurityTokenHandler by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2855\n* Set custom BenchmarkDotNetconfig as default by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2852\n* Regression tests: Audience by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2838\n* Fix ValidateJsonWebTokenClaimMapping Flaky Test 🐞 by @​kellyyangsong in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2859\n* update current version by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2862\n* Regression tests: Lifetime by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2839\n* Rename ResolveTokenDecryptionKeyDelegate to DecryptionKeyResolverDelegate by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2869\n* Set internal _syncAfter using only AutomaticRefreshInterval. by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2865\n* 8.1.1 Changelog by @​kellyyangsong in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2864\n* Adjust for RefreshInterval not influencing AutomaticRefreshInterval. by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2870\n\n\n**Full Changelog**: https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.1.0...8.1.1\n\n## 8.1.0\n\n8.1.0\n=====\n### Performance improvements\n- Improves performance during issuer validation by replacing string comparison with span comparison. See PR [#​2826](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2826).\n\n### New features\n- Add optional check to prevent using keys that are shared across multiple clouds. See issue [#​2832](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2832) for details.\n\n### Bug fixes\n- JsonWebTokenHandler would only return unwrapped keys if there was no errors. This change is to align with the behavior in JwtSecurityTokenHandler, that is it returns the keys that were able to be unwrapped, and only throw if no keys were able to be unwrapped. See issue [#​2695](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2695) for details.\n\n### Fundamentals\n- Fix flaky tests. See [#​2793](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2793) for details.\n- Update XUnit versoin and fix test warnings due to new XUnit analyzers. See PR [#​2796](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2796) for details.\n- Onhboard to code coverage in ADO. See PR [#​2798](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2798).\n- Use `IsTargetFrameworkCompatible(*)` so AOT is forward-compatible with .NET 9 and beyond. See PR [#​2790](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2790) for details.\n- Fix a merge conflict impacting dev. See PR [#​2819](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2819).\n- Defining the following attribute in multiple assemblies (.Tokens, .Logging) causes an internal error.\n[DynamicallyAccessedMembers(DynamicallyAccessedMemberTypes.PublicConstructors)]. See PR [#​2820](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2820).\n- Remove perl dependency. See PR [#​2830](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2830).\n\n### Work related to redesign of IdentityModel's token validation logic [#​2711](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2711)\n- [#​2794](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2794)\n- [#​2800](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2800)\n- [#​2810](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2810)\n- [#​2811](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2811)\n- [#​2816](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2816)\n- [#​2822](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2822)\n- [#​2815](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2815)\n- [#​2818](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2818)\n- [#​2813](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2813)\n- [#​2827](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2827)\n\n## What's Changed\n* changelog 8.0.2 by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2792\n* Update version.props to 8.0.2 by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2791\n* Fix Async Issue in Extensibility Tests by @​FuPingFranco in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2795\n* Update xUnit version and fix test warnings by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2796\n* ValidateTokenAsync - New Path: Refactor result types by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2794\n* Onboard to code coverage in ADO by @​keegan-caruso in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2798\n* Exception refinement: Adding additional information by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2800\n* Add initial regression tests for the new validation path by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2810\n* Use IsTargetFrameworkCompatible() by @​martincostello in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2790\n* Regression tests: Added inner exception detail and invalid signature failure due to invalid algorithm used by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2811\n* Return unwrapped keys if able by @​keegan-caruso in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2812\n* New token validation path: Renamed result types by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2816\n* Fix merge conflict by @​msbw2 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2819\n* Removed attribute that causes issues with internal builds. by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2820\n* Add missing exception type to ValidationError -\u003e GetException() by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2822\n* Regression testing: Add JWE use cases by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2815\n ... (truncated)\n\n## 8.0.2\n\n8.0.2\n=====\n\n### Security fundamentals\n- Add `BannedApiAnalyzers` to prevent use of `ClaimsIdentity` constructors. See PR [#​2778](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2778) for details.\n\n### Bug fixes\n- IdentityModel now allows the JWT payload to be an empty string. See issue [#​2656](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2656) for details.\n- Cache `UseRfcDefinitionOfEpkAndKid` switch. See PR [#​2747](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2747) for details.\n- Method was named `DoNotFailOnMissingTid` in 7x and `DontFailOnMissingTid` in 8x, adding the method for back compat. See issue [#​2750](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2750) for details.\n- Metadata is now updated on a background thread. See [#​2780](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2780) for details.\n- `JsonWebKeySet` stores the original string it was created with. See PR [#​2755](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2755) for details.\n- Restore AOT compatibility. See [#​2711](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2711).\n- Fix OpenIdConnect parsing bug. See [#​2772](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2772) for details.\n- Remove the lock on creating a `SignatureProvider`. See [#​2788](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2788) for details.\n\n### Fundamentals\n- Test clean up [#​2742](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2742).\n- Use only FxCop in .NET framework targets [#​2693](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2693).\n- Add rule to add file headers automatically [#​2748](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2748).\n- Code analysis updates [#​2746](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2746).\n- Include README packages in NuGet [#​2752](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2752).\n- Update projects inside WilsonUnix solution [#​2768](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2768).\n- Code style enforced in build [#​2603](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2603).\n- CodeQL update [#​2767](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2767).\n- Update build pipeline to new one release build format [#​2777](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2777).\n- Update GitHub actions to `9.0.100-preview.7.24407.12` and add `\u003cNoWarn\u003e$(NoWarn);SYSLIB0057\u003c/NoWarn\u003e` due to breaking changes in preview7. [#​2786](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2786).\n\n### Work relating to [#​2711](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2711)\n- [#​2725](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2725), [#​2729](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2729), [#​2753](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2753), [#​2758](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2758), [#​2759](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2759), [#​2757](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2758), [#​2759](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2757), [#​2764](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2758), [#​2759](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2764), [#​2771](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2758), [#​2759](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2759), and [#​2779](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2779).\n\n\n## What's Changed\n* Remove old 6x tests used that are not needed anymore by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2742\n* Only use fxcop in netfw by @​keegan-caruso in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2693\n* Allow Jwt payload to be the empty string. by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2745\n* Add rule to add file headers automatically. by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2748\n* Remove Delegate Checks in Multiple Validators and Prevents Null Setting of Delegates by @​FuPingFranco in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2725\n* Fix CodeQL by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2746\n* Cache UseRfcDefinitionOfEpkAndKid switch. by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2747\n* Decrypt token: Remove exceptions + use new ValidationParameters by @​iNinja in https://githu.....\n\n_Description has been truncated_","html_url":"https://github.com/behdad088/EshopMicroservices/pull/134","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/behdad088%2FEshopMicroservices/issues/134","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/134/packages"}},{"old_version":"8.17.0","new_version":"8.18.0","update_type":"minor","path":null,"pr_created_at":"2026-05-06T22:15:51.000Z","version_change":"8.17.0 → 8.18.0","issue":{"uuid":"4394790193","node_id":"PR_kwDOJEF0-M7Y8RNO","number":912,"state":"open","title":"Bump Microsoft.IdentityModel.JsonWebTokens from 8.17.0 to 8.18.0","user":"dependabot[bot]","labels":["dependencies",".NET"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-06T22:15:51.000Z","updated_at":"2026-05-06T22:19:05.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"Microsoft.IdentityModel.JsonWebTokens","old_version":"8.17.0","new_version":"8.18.0","repository_url":"https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet"}],"path":null,"ecosystem":"nuget"},"body":"Updated [Microsoft.IdentityModel.JsonWebTokens](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet) from 8.17.0 to 8.18.0.\n\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\n_Sourced from [Microsoft.IdentityModel.JsonWebTokens's releases](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/releases)._\n\n## 8.18.0\n\n## New Features\n- Introduced a new interface `IConfigurationEventHandlerContextAware\u003cT\u003e` that provides context to the configuration event handler implementation, allowing it to optionally bypass a cache lookup. See [PR #​3444](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3444).\n- Added Microsoft.IdentityModel.Dpop — a new package implementing DPoP (Demonstrating Proof-of-Possession) per RFC 9449. Provides both client-side and server-side proof validation with no System.Net.Http dependency. See [PR #​3443](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3443).\n\n\nCommits viewable in [compare view](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.17.0...8.18.0).\n\u003c/details\u003e\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=Microsoft.IdentityModel.JsonWebTokens\u0026package-manager=nuget\u0026previous-version=8.17.0\u0026new-version=8.18.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e\n\n\u003c!-- This is an auto-generated comment: release notes by coderabbit.ai --\u003e\n\n## Summary by CodeRabbit\n\n* **Chores**\n  * Updated core security and authentication libraries to their latest stable versions for improved reliability and security.\n\n\u003c!-- end of auto-generated comment: release notes by coderabbit.ai --\u003e","html_url":"https://github.com/Psychoboy/PenguinTwitchBot/pull/912","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/Psychoboy%2FPenguinTwitchBot/issues/912","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/912/packages"}},{"old_version":"8.17.0","new_version":"8.18.0","update_type":"minor","path":null,"pr_created_at":"2026-05-06T22:04:32.000Z","version_change":"8.17.0 → 8.18.0","issue":{"uuid":"4394735941","node_id":"PR_kwDOJEF0-M7Y8F0U","number":908,"state":"open","title":"Bump Microsoft.IdentityModel.JsonWebTokens from 8.17.0 to 8.18.0","user":"dependabot[bot]","labels":["dependencies",".NET"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-06T22:04:32.000Z","updated_at":"2026-05-06T22:07:37.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"Microsoft.IdentityModel.JsonWebTokens","old_version":"8.17.0","new_version":"8.18.0","repository_url":"https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet"}],"path":null,"ecosystem":"nuget"},"body":"Updated [Microsoft.IdentityModel.JsonWebTokens](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet) from 8.17.0 to 8.18.0.\n\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\n_Sourced from [Microsoft.IdentityModel.JsonWebTokens's releases](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/releases)._\n\n## 8.18.0\n\n## New Features\n- Introduced a new interface `IConfigurationEventHandlerContextAware\u003cT\u003e` that provides context to the configuration event handler implementation, allowing it to optionally bypass a cache lookup. See [PR #​3444](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3444).\n- Added Microsoft.IdentityModel.Dpop — a new package implementing DPoP (Demonstrating Proof-of-Possession) per RFC 9449. Provides both client-side and server-side proof validation with no System.Net.Http dependency. See [PR #​3443](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3443).\n\n\nCommits viewable in [compare view](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.17.0...8.18.0).\n\u003c/details\u003e\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=Microsoft.IdentityModel.JsonWebTokens\u0026package-manager=nuget\u0026previous-version=8.17.0\u0026new-version=8.18.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e\n\n\u003c!-- This is an auto-generated comment: release notes by coderabbit.ai --\u003e\n\n## Summary by CodeRabbit\n\n* **Chores**\n  * Updated project dependencies to latest stable versions.\n\n\u003c!-- end of auto-generated comment: release notes by coderabbit.ai --\u003e","html_url":"https://github.com/Psychoboy/PenguinTwitchBot/pull/908","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/Psychoboy%2FPenguinTwitchBot/issues/908","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/908/packages"}},{"old_version":"8.17.0","new_version":"8.18.0","update_type":"minor","path":null,"pr_created_at":"2026-05-04T03:55:35.000Z","version_change":"8.17.0 → 8.18.0","issue":{"uuid":"4373915631","node_id":"PR_kwDOMHViBc7X3u3s","number":80,"state":"closed","title":"Bump Microsoft.IdentityModel.JsonWebTokens from 8.17.0 to 8.18.0","user":"dependabot[bot]","labels":["dependencies",".NET"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-05-04T03:55:52.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-04T03:55:35.000Z","updated_at":"2026-05-04T03:55:54.000Z","time_to_close":17,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"Microsoft.IdentityModel.JsonWebTokens","old_version":"8.17.0","new_version":"8.18.0","repository_url":"https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet"}],"path":null,"ecosystem":"nuget"},"body":"Updated [Microsoft.IdentityModel.JsonWebTokens](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet) from 8.17.0 to 8.18.0.\n\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\n_Sourced from [Microsoft.IdentityModel.JsonWebTokens's releases](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/releases)._\n\nNo release notes found for this version range.\n\nCommits viewable in [compare view](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/commits).\n\u003c/details\u003e\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=Microsoft.IdentityModel.JsonWebTokens\u0026package-manager=nuget\u0026previous-version=8.17.0\u0026new-version=8.18.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/lookbusy1344/SqlDatabaseDump/pull/80","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/lookbusy1344%2FSqlDatabaseDump/issues/80","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/80/packages"}},{"old_version":"8.9.0","new_version":"8.18.0","update_type":"minor","path":null,"pr_created_at":"2026-05-01T23:43:14.000Z","version_change":"8.9.0 → 8.18.0","issue":{"uuid":"4367138237","node_id":"PR_kwDOGKWCq87Xji2k","number":89,"state":"open","title":"Bump Microsoft.IdentityModel.JsonWebTokens from 8.9.0 to 8.18.0","user":"dependabot[bot]","labels":["dependencies",".NET"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-01T23:43:14.000Z","updated_at":"2026-05-01T23:44:31.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"Microsoft.IdentityModel.JsonWebTokens","old_version":"8.9.0","new_version":"8.18.0","repository_url":"https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet"}],"path":null,"ecosystem":"nuget"},"body":"Updated [Microsoft.IdentityModel.JsonWebTokens](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet) from 8.9.0 to 8.18.0.\n\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\n_Sourced from [Microsoft.IdentityModel.JsonWebTokens's releases](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/releases)._\n\n## 8.17.0\n\n## Dependencies\n* Downgrade MicrosoftExtensionsLoggingAbstractionsVersion to 8.0.0 on .NET 10. See [PR #​3435](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3435).\n\n\n## 8.16.0\n\n## New Features\n* Add telemetry around signature validation. See [PR #​3415](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3415) for details.\n\n## Fundamentals\n* Fix FileVersion format to use two-digit year and day of year. See [PR #​3389](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3389) for details.\n\n## 8.15.0\n\n## New Features\n- **Add ECDsa support in `X509SecurityKey` and `JsonWebKeyConverter.ConvertFromX509SecurityKey`**  \n  Extended `X509SecurityKey` and `JsonWebKeyConverter.ConvertFromX509SecurityKey` to support ECDSA keys.  \n  See PR [#​2377](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2377) for details.\n\n## Bug Fixes\n- **Sanitize logs to avoid leaking sensitive data**  \n  Updated logging to sanitize sensitive values, reducing the risk of inadvertently exposing secrets or PII in logs.  \n  See PR [#​3316](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3316) for details.\n- **Optimize log sanitization with `SearchValues`**  \n  Improved the performance of the log sanitization logic introduced earlier by using `SearchValues`, making sanitization more efficient in high-throughput scenarios.  \n  See PR [#​3341](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3341) for details.\n- **Update test for `IDX10400`**  \n  Adjusted the `IDX10400` test to align with the current behavior and error messaging.  \n  See PR [#​3314](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3314) for details.\n\n## Fundamentals\n- **Add supported algorithm tests**  \n  Added new tests to validate the set of supported cryptographic algorithms, increasing confidence in algorithm coverage and compatibility.  \n  See PR [#​3296](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3296) for details.\n- **Migrate repository agent rules from `.clinerules` to `agents.md`**  \n  Moved repository agent/AI-assist rules into markdown documentation to make them more visible and easier to maintain.  \n  See PR [#​3313](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3313) for details.\n- **Migrate `Microsoft.IdentityModel.TestExtensions` from Newtonsoft.Json to System.Text.Json**  \n  Updated `Microsoft.IdentityModel.TestExtensions` to use `System.Text.Json` instead of `Newtonsoft.Json`, aligning tests with the runtime serialization stack.  \n  See PR [#​3356](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3356) for details.\n- **Disable code coverage comments**  \n  Turned off automated code coverage comments on PRs to reduce noise while retaining coverage data elsewhere.  \n  See PR [#​3349](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3349) for details.\n- **Fix CodeQL alerts**  \n  Addressed CodeQL-reported issues to improve security posture and static analysis cleanliness.  \n  See PR [#​3364](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3364) for details.\n\n### .NET 10 / SDK and tooling updates\n- **Building with .NET 10 preview / RC 1**  \n  Updated the repository to build and test against .NET 10.0 preview/RC1, ensuring early compatibility with the upcoming runtime.  \n  See PRs [#​3287](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3287), [#​3357](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3357), and [#​3358](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3358) for details.\n- **Fix .NET 10 test execution consistency**  \n  Ensured consistent use of the `TargetNetNext` parameter across build, test, and pack phases so .NET 10.0 tests execute reliably.  \n  See PR [#​3337](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3337) for details.\n- **Update project files and workflows for .NET 10.0 compatibility**  \n  Adjusted project files and CI workflows to correctly target and run on .NET 10.0, including test and pack scenarios.  \n  See PR [#​3363](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3363) for details.\n- **Update .NET version to meet CG compliance**  \n  Updated the .NET version references to be compliant with corporate governance (CG) requirements.  \n  See PR [#​3353](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3353) for details.\n- **Update Coverlet collector and test SDK**  \n  - Bumped `CoverletCollectorVersion` to 6.0.4.  \n    See PR [#​3333](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3333) for details.  \n  - Upgraded `Microsoft.NET.Test.Sdk` to a newer version for improved test reliability and tooling support.  \n ... (truncated)\n\n## 8.14.0\n\n8.14.0\n====\n## Bug Fixes\n- Switch back to use `ValidationResult` instead of `OperationResult` when validating a token in a new experimental validation flow. Additionally removed the dependency on Microsoft.IdentityModel.Abstractions. See [#​3299](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3299) for details.\n\n## 8.13.1\n\n8.13.1\n====\n## Dependencies\nMicrosoft.IdentityModel now depends on Microsoft.Identity.Abstractions 9.3.0\n\n## Bug Fixes\n- Fixed a decompression failure happening for large JWE payloads. See [#​3286](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3286) for details.\n\n### Work related to redesign of IdentityModel's token validation logic [#​2711](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2711)\n- Update the validation methods to return Microsoft.Identity.Abstractions.OperationResult. See [#​3284](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3284) for details.\n\n8.13.0\n\n## 8.13.0\n\n8.13.0\n====\n### Fundamentals\n- `CaseSensitiveClaimsIdentity.SecurityToken` setter is now protected internal (was internal). See PR [#​3278](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3278) for details.\n- Update .NET SDK version to 9.0.108 used when building or running the code. See PR [#​3274](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3274) for details.\n- Update RsaSecurityKey.cs to replace the Pkcs1 padding by Pss from HasPrivateKey check. See [#​3280](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3280) for details.\n\n## What's Changed\n* Make CaseSensitiveClaimsIdentity.SecurityToken setter protected by @​keegan-caruso in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3278\n* Update .NET SDK version in global.json from 9.0.107 to 9.0.108 by @​Copilot in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3274\n* Update RsaSecurityKey.cs to remove Pkcs 1 by @​keegan-caruso in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3280\n* changelog for 8.13 by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3282\n\n## New Contributors\n* @​Copilot made their first contribution in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3274\n\n**Full Changelog**: https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.12.1...8.13.0\n\n## 8.12.1\n\n8.12.1\n====\n### Fundamentals\n- Update .NET SDK version to 9.0.107 used when building or running the code. See [#​3263](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3263) for details.\n- To keep our experimental code separate from production code, all files associated with experimental features have been moved to the Experimental folders. See PR [#​3261](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3261) for details.\n- Experimental code leaked into TokenValidationResult from early prototypes. See PR [#​3259](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3259) for details.\n\n## What's Changed\n* Remove experimental code from TokenValidationResult by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3259\n* Moved files to experimental folder by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3261\n* Update global.json to latest by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3263\n\n\n**Full Changelog**: https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.12.0...8.12.1\n\n## 8.12.0\n\n8.12.0\n====\n\n## New Features\n- **Enhance ConfigurationManager with event handling**  \n  Added event handling capabilities to the `ConfigurationManager`, enabling consumers to subscribe to configuration change events. This enhancement improves extensibility and allows more responsive applications. For details see [#​3253](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3253)  \n\n## Bug Fixes\n- **Add expected Base64UrlEncoder.Decode overload for NET6 and 8**  \n  Introduced the expected overload of `Base64UrlEncoder.Decode` for .NET 6 and 8, ensuring compatibility and preventing missing method issues on these frameworks.  \n  For details see [#​3249](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3249)  \n\n## Fundamentals\n- **Add AI assist rules**  \n  Incorporated AI assist rules to enhance AI agents effectiveness.  \n  For details see [#​3255](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3255)  \n- **Update PublicApiAnalyzers and BannedApiAnalyzers to 4.14.0**  \n  Upgraded analyzer packages for improved diagnostics and code consistency (in particular delegates are added).  \n  For details see [#​3256](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3256)  \n- **Move suppression of RS006 to csproj**  \n  Centralized suppression of RS006 warnings in project files for easier management.  \n  For details see [#​3230](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3230)\n\n## What's Changed\n* Move suppression of RS006 to csproj. by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3230\n* Add expected Base64UrlEncoder.Decode overload for NET6 and 8 by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3250\n* add ai assist rules by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3255\n* Enhance ConfigurationManager with event handling by @​GeoK in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3254\n* Update PublicApiAnalyzers and BannedApiAnalyzers to 4.14.0 by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3256\n* Update CHANGELOG.md for 8.12.0 by @​jmprieur in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3258\n\n\n**Full Changelog**: https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.11.0...8.12.0\n\n## 8.11.0\n\n8.11.0\n=====\n## New Features:\n- Microsoft.IdentityModel now exposes the AadIssuerValidator factory method publicly to enable caching functionality for AadIssuerValidator instances. See issue [#​3245](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3245) for details.\n- Added a new public async API: `JsonWebTokenHandler.DecryptTokenWithConfigurationAsync`, which decrypts a JWE token using keys from either `TokenValidationParameters` or, if not present, from configuration (such as via a ConfigurationManager). This enhancement improves developer experience by enabling asynchronous, cancellation-aware JWE decryption scenarios, aligning with modern .NET async patterns and making integration with external key/configuration sources more robust and observable. See PR [#​3243](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3243) for details.\n\n## What's Changed\n* few updates by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3242\n* Changelog for 8.10.0 by @​sruke in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3241\n* Exposes publicly override of AadIssuerValidator factory taking a delegate by @​jmprieur in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3244\n* update current version to 8.10.0 by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3246\n* Add DecryptTokenWithConfiguration API by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3243\n* changelog for 8.11 by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3248\n\n\n**Full Changelog**: https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.10.0...8.11.0\n\n## 8.10.0\n\n8.10.0\n=====\n## Bug Fixes\n- Corrected casing of the Type attribute in SubjectConfirmationData. See [#​3206](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3206).\n- Removed Microsoft.Bcl.Memory dependency for pre-.NET 9.0 targets. See [#​3220](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/commit/33784b8ec0ff4300efad788535f90b3adc5bdfd1).\n- Aligned Microsoft.Extensions.Logging.Abstractions version to 8.0.0 for .NET 9 to match other targets. See [#​3226](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/commit/793bd34e945eb8ba7528cf87c4a29a29c4704a65).\n\n## Fundamentals\n- Introduced Long-Term Support (LTS) policy. See [#​3228](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/commit/946bec18cdeb26b8133a04e8c056dd5f17588f89) and [#​3232](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/commit/14842aedb3d57c32b9ce784061cd9beccbdd1eb1).\n\nCommits viewable in [compare view](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/commits).\n\u003c/details\u003e\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\n\n\n\u003c/details\u003e","html_url":"https://github.com/devlooped/WebSocketChannel/pull/89","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/devlooped%2FWebSocketChannel/issues/89","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/89/packages"}},{"old_version":null,"new_version":null,"update_type":null,"path":null,"pr_created_at":"2026-04-06T08:28:48.000Z","version_change":null,"issue":{"uuid":"4210532282","node_id":"PR_kwDORbE1nc7QJrLv","number":47,"state":"closed","title":"Bump Microsoft.IdentityModel.JsonWebTokens and System.IdentityModel.Tokens.Jwt","user":"dependabot[bot]","labels":["dependencies"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":"2026-04-07T21:02:17.000Z","author_association":null,"state_reason":null,"created_at":"2026-04-06T08:28:48.000Z","updated_at":"2026-04-07T21:02:27.000Z","time_to_close":131609,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"Microsoft.IdentityModel.JsonWebTokens","repository_url":"https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet"},{"name":"System.IdentityModel.Tokens.Jwt"}],"path":null,"ecosystem":"nuget"},"body":"Updated [Microsoft.IdentityModel.JsonWebTokens](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet) from 6.34.0 to 8.17.0.\n\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\n_Sourced from [Microsoft.IdentityModel.JsonWebTokens's releases](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/releases)._\n\n## 8.17.0\n\n## Dependencies\n* Downgrade MicrosoftExtensionsLoggingAbstractionsVersion to 8.0.0 on .NET 10. See [PR #​3435](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3435).\n\n\n## 8.16.0\n\n## New Features\n* Add telemetry around signature validation. See [PR #​3415](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3415) for details.\n\n## Fundamentals\n* Fix FileVersion format to use two-digit year and day of year. See [PR #​3389](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3389) for details.\n\n## 8.15.0\n\n## New Features\n- **Add ECDsa support in `X509SecurityKey` and `JsonWebKeyConverter.ConvertFromX509SecurityKey`**  \n  Extended `X509SecurityKey` and `JsonWebKeyConverter.ConvertFromX509SecurityKey` to support ECDSA keys.  \n  See PR [#​2377](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2377) for details.\n\n## Bug Fixes\n- **Sanitize logs to avoid leaking sensitive data**  \n  Updated logging to sanitize sensitive values, reducing the risk of inadvertently exposing secrets or PII in logs.  \n  See PR [#​3316](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3316) for details.\n- **Optimize log sanitization with `SearchValues`**  \n  Improved the performance of the log sanitization logic introduced earlier by using `SearchValues`, making sanitization more efficient in high-throughput scenarios.  \n  See PR [#​3341](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3341) for details.\n- **Update test for `IDX10400`**  \n  Adjusted the `IDX10400` test to align with the current behavior and error messaging.  \n  See PR [#​3314](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3314) for details.\n\n## Fundamentals\n- **Add supported algorithm tests**  \n  Added new tests to validate the set of supported cryptographic algorithms, increasing confidence in algorithm coverage and compatibility.  \n  See PR [#​3296](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3296) for details.\n- **Migrate repository agent rules from `.clinerules` to `agents.md`**  \n  Moved repository agent/AI-assist rules into markdown documentation to make them more visible and easier to maintain.  \n  See PR [#​3313](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3313) for details.\n- **Migrate `Microsoft.IdentityModel.TestExtensions` from Newtonsoft.Json to System.Text.Json**  \n  Updated `Microsoft.IdentityModel.TestExtensions` to use `System.Text.Json` instead of `Newtonsoft.Json`, aligning tests with the runtime serialization stack.  \n  See PR [#​3356](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3356) for details.\n- **Disable code coverage comments**  \n  Turned off automated code coverage comments on PRs to reduce noise while retaining coverage data elsewhere.  \n  See PR [#​3349](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3349) for details.\n- **Fix CodeQL alerts**  \n  Addressed CodeQL-reported issues to improve security posture and static analysis cleanliness.  \n  See PR [#​3364](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3364) for details.\n\n### .NET 10 / SDK and tooling updates\n- **Building with .NET 10 preview / RC 1**  \n  Updated the repository to build and test against .NET 10.0 preview/RC1, ensuring early compatibility with the upcoming runtime.  \n  See PRs [#​3287](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3287), [#​3357](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3357), and [#​3358](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3358) for details.\n- **Fix .NET 10 test execution consistency**  \n  Ensured consistent use of the `TargetNetNext` parameter across build, test, and pack phases so .NET 10.0 tests execute reliably.  \n  See PR [#​3337](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3337) for details.\n- **Update project files and workflows for .NET 10.0 compatibility**  \n  Adjusted project files and CI workflows to correctly target and run on .NET 10.0, including test and pack scenarios.  \n  See PR [#​3363](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3363) for details.\n- **Update .NET version to meet CG compliance**  \n  Updated the .NET version references to be compliant with corporate governance (CG) requirements.  \n  See PR [#​3353](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3353) for details.\n- **Update Coverlet collector and test SDK**  \n  - Bumped `CoverletCollectorVersion` to 6.0.4.  \n    See PR [#​3333](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3333) for details.  \n  - Upgraded `Microsoft.NET.Test.Sdk` to a newer version for improved test reliability and tooling support.  \n ... (truncated)\n\n## 8.14.0\n\n8.14.0\n====\n## Bug Fixes\n- Switch back to use `ValidationResult` instead of `OperationResult` when validating a token in a new experimental validation flow. Additionally removed the dependency on Microsoft.IdentityModel.Abstractions. See [#​3299](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3299) for details.\n\n## 8.13.1\n\n8.13.1\n====\n## Dependencies\nMicrosoft.IdentityModel now depends on Microsoft.Identity.Abstractions 9.3.0\n\n## Bug Fixes\n- Fixed a decompression failure happening for large JWE payloads. See [#​3286](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3286) for details.\n\n### Work related to redesign of IdentityModel's token validation logic [#​2711](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2711)\n- Update the validation methods to return Microsoft.Identity.Abstractions.OperationResult. See [#​3284](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3284) for details.\n\n8.13.0\n\n## 8.13.0\n\n8.13.0\n====\n### Fundamentals\n- `CaseSensitiveClaimsIdentity.SecurityToken` setter is now protected internal (was internal). See PR [#​3278](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3278) for details.\n- Update .NET SDK version to 9.0.108 used when building or running the code. See PR [#​3274](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3274) for details.\n- Update RsaSecurityKey.cs to replace the Pkcs1 padding by Pss from HasPrivateKey check. See [#​3280](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3280) for details.\n\n## What's Changed\n* Make CaseSensitiveClaimsIdentity.SecurityToken setter protected by @​keegan-caruso in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3278\n* Update .NET SDK version in global.json from 9.0.107 to 9.0.108 by @​Copilot in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3274\n* Update RsaSecurityKey.cs to remove Pkcs 1 by @​keegan-caruso in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3280\n* changelog for 8.13 by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3282\n\n## New Contributors\n* @​Copilot made their first contribution in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3274\n\n**Full Changelog**: https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.12.1...8.13.0\n\n## 8.12.1\n\n8.12.1\n====\n### Fundamentals\n- Update .NET SDK version to 9.0.107 used when building or running the code. See [#​3263](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3263) for details.\n- To keep our experimental code separate from production code, all files associated with experimental features have been moved to the Experimental folders. See PR [#​3261](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3261) for details.\n- Experimental code leaked into TokenValidationResult from early prototypes. See PR [#​3259](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3259) for details.\n\n## What's Changed\n* Remove experimental code from TokenValidationResult by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3259\n* Moved files to experimental folder by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3261\n* Update global.json to latest by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3263\n\n\n**Full Changelog**: https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.12.0...8.12.1\n\n## 8.12.0\n\n8.12.0\n====\n\n## New Features\n- **Enhance ConfigurationManager with event handling**  \n  Added event handling capabilities to the `ConfigurationManager`, enabling consumers to subscribe to configuration change events. This enhancement improves extensibility and allows more responsive applications. For details see [#​3253](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3253)  \n\n## Bug Fixes\n- **Add expected Base64UrlEncoder.Decode overload for NET6 and 8**  \n  Introduced the expected overload of `Base64UrlEncoder.Decode` for .NET 6 and 8, ensuring compatibility and preventing missing method issues on these frameworks.  \n  For details see [#​3249](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3249)  \n\n## Fundamentals\n- **Add AI assist rules**  \n  Incorporated AI assist rules to enhance AI agents effectiveness.  \n  For details see [#​3255](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3255)  \n- **Update PublicApiAnalyzers and BannedApiAnalyzers to 4.14.0**  \n  Upgraded analyzer packages for improved diagnostics and code consistency (in particular delegates are added).  \n  For details see [#​3256](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3256)  \n- **Move suppression of RS006 to csproj**  \n  Centralized suppression of RS006 warnings in project files for easier management.  \n  For details see [#​3230](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3230)\n\n## What's Changed\n* Move suppression of RS006 to csproj. by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3230\n* Add expected Base64UrlEncoder.Decode overload for NET6 and 8 by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3250\n* add ai assist rules by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3255\n* Enhance ConfigurationManager with event handling by @​GeoK in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3254\n* Update PublicApiAnalyzers and BannedApiAnalyzers to 4.14.0 by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3256\n* Update CHANGELOG.md for 8.12.0 by @​jmprieur in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3258\n\n\n**Full Changelog**: https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.11.0...8.12.0\n\n## 8.11.0\n\n8.11.0\n=====\n## New Features:\n- Microsoft.IdentityModel now exposes the AadIssuerValidator factory method publicly to enable caching functionality for AadIssuerValidator instances. See issue [#​3245](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3245) for details.\n- Added a new public async API: `JsonWebTokenHandler.DecryptTokenWithConfigurationAsync`, which decrypts a JWE token using keys from either `TokenValidationParameters` or, if not present, from configuration (such as via a ConfigurationManager). This enhancement improves developer experience by enabling asynchronous, cancellation-aware JWE decryption scenarios, aligning with modern .NET async patterns and making integration with external key/configuration sources more robust and observable. See PR [#​3243](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3243) for details.\n\n## What's Changed\n* few updates by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3242\n* Changelog for 8.10.0 by @​sruke in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3241\n* Exposes publicly override of AadIssuerValidator factory taking a delegate by @​jmprieur in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3244\n* update current version to 8.10.0 by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3246\n* Add DecryptTokenWithConfiguration API by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3243\n* changelog for 8.11 by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3248\n\n\n**Full Changelog**: https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.10.0...8.11.0\n\n## 8.10.0\n\n8.10.0\n=====\n## Bug Fixes\n- Corrected casing of the Type attribute in SubjectConfirmationData. See [#​3206](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3206).\n- Removed Microsoft.Bcl.Memory dependency for pre-.NET 9.0 targets. See [#​3220](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/commit/33784b8ec0ff4300efad788535f90b3adc5bdfd1).\n- Aligned Microsoft.Extensions.Logging.Abstractions version to 8.0.0 for .NET 9 to match other targets. See [#​3226](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/commit/793bd34e945eb8ba7528cf87c4a29a29c4704a65).\n\n## Fundamentals\n- Introduced Long-Term Support (LTS) policy. See [#​3228](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/commit/946bec18cdeb26b8133a04e8c056dd5f17588f89) and [#​3232](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/commit/14842aedb3d57c32b9ce784061cd9beccbdd1eb1).\n\n## 8.9.0\n\n8.9.0\n=====\n## Bug Fixes\n- syncAfter has been updated to preserve UTC information, addressing a bug where GetConfigurationAsync does not refresh configuration in ConfigurationManager. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3213.\n- Fixed a null reference issue in KeyInfo. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3203.\n\n## New Features\n- Introduced a new delegate for reading custom token payload values on JsonWebToken. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2981.\n- Added an overload for ReadJsonWebToken to take a ReadOnlyMemory. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3205.\n\n## Fundamentals\n- Utilized IList to avoid enumerator allocation during audience validation. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3204.\n\n## 8.8.0\n\n8.8.0\n=====\n## New Features\n- Adds the ability for the metadata refresh to be done as a blocking call, as per 8.0.1 behavior. This is done through the `Switch.Microsoft.IdentityModel.UpdateConfigAsBlocking` switch. If set, configuration calls will be blocking when metadata is updated, otherwise, if token arrive with a new signing keys, validation errors will be returned to the caller. See PR [#​3193](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3193) for details.\n- Identity.Model updates some log and error messages (IDX10214, IDX10215). If the information is needed for debugging purposes, it can be reverted via the `Switch.Microsoft.IdentityModel.DoNotScrubExceptions` AppContextSwitch. See PR [#​3195](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3195) and https://aka.ms/identitymodel/app-context-switches for details.\n- Change all plain object locks to `System.Thread.Lock` objects for .NET 9 or greater. See PRs [#​3185](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3185) and [#​3189](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3189) for details.\n\n\n## 8.7.0\n\n## Bug Fixes\n- Add back internal methods `IsRecoverableException` and `IsRecoverableExceptionType` whose signatures were changed in the previous version. See [#​3181](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3181).\n\n## New Features\n- Make `Cnf` class public and move it to Microsoft.IdentityModel.Tokens package. See [#​3165](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3165).\n\n## What's Changed\n* Post Release 8.6.1 cleanup  by @​mdchennu in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3160\n* Updates CodeQL.yaml to exclude test files by @​sruke in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3163\n* Adds explanation for CodeQL warnings by @​sruke in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3167\n* Fix typo by @​rstm-sf in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3175\n* Need to change the locks by @​JoshLozensky in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3171\n* Move CNF from SHR to M.IM.Tokens by @​keegan-caruso in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3168\n* Add back IsRecoverableException methods. by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3183\n* Revert \"Need to change the locks\" by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3186\n* 8.7.0 changelog by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3184\n\n## New Contributors\n* @​rstm-sf made their first contribution in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3175\n\n**Full Changelog**: https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.6.1...8.7.0\n\n## 8.6.1\n\n8.6.1\n=====\n## Bug fix\n- Microsoft.IdentityModel now triggers a configuration refresh if token decryption fails. See issue [#​3148](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3148) for details.\n- Fix a bug in `JsonWebTokenHandler` where `JwtTokenDecryptionParameters`'s `Alg` and `Enc` were not set during token decryption, causing `IDX10611` and `IDX10619` errors to show null values in the messages. See issue [#​3003](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3003) for details.\n\n## Fundamentals\n- For development, IdentityModel now has a global.json file to specify the .NET SDK version. See issue [#​2995](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2995) for details.\n\n## What's Changed\n* Update version.props to next version by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3145\n* Update the public API shipped files by @​jmprieur in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3146\n* Add global.json file by @​mdchennu in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3153\n* Trigger metadata refresh for token decryption errors by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3149\n* Populate error messages correctly from JwtTokenUtilities.DecryptJwtToken by @​ksaaf in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3152\n* first changelog update by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3156\n\n## New Contributors\n* @​mdchennu made their first contribution in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3153\n* @​ksaaf made their first contribution in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3152\n\n**Full Changelog**: https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.6.0...8.6.1\n\n## 8.6.0\n\n8.6.0\n=====\n## New Features\n- TokenValidationParameters has a new boolean property `TryAllDecryptionKeys` that let you choose whether to try all decrypt keys when no key matches the token decrypt key IDs. By default it's set to **true** (legacy behavior) but you can set it to false to avoid tyring all keys which is more performant. See [#​3128](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3128)\n- Promote KeyInfo.MatchesKey from internal to protected internal virtual to enable SAML extensibility (for CoreWcf). See [#​3140](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3140)\n\n## Fundamentals\n* Update dependency on Microsoft.Extensions.Logging.Abstractions from 9.0.0 to 8.0.2 to avoid package downgrade in apps on .NET 9 using a netstandard2.0 library referencing logging.abstractions. See [3143](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3143)\n* Add more tests for encrypted tokens. See [#​3139](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3139)\n\n## What's Changed\n* Update CHANGELOG.md by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3133\n* Update version.props to next version by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3137\n* Add TryAllDecryptionKeys flag to whether decrypt if no key IDs match by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3128\n* Change KeyInfo.MatchesKey from internal to protected internal virtual. by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3140\n* Fix #​3112 by @​jmprieur in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3143\n* Add more auto-decryption related tests by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3139\n* Update changelog.md for 8.6.0 by @​jmprieur in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3144\n\n\n**Full Changelog**: https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.5.0...8.6.0\n\n## 8.5.0\n\n8.5.0\n=====\n## Reverting previous breaking change\n- The Configuration Manager has been reverted to version 8.3.1. The changes made in 8.4.0 assume the configuration manager is used as a singleton, which is similar to marking the type as disposable. We have since learned that [adding IDisposable is a breaking change](https://learn.microsoft.com/en-us/dotnet/fundamentals/runtime-libraries/system-idisposable), so we are following [semver guidance](https://semver.org/#what-do-i-do-if-i-accidentally-release-a-backward-incompatible-change-as-a-minor-version) and reverting and releasing a minor version (8.5.0).\n- Cherry-picked Changes: Included changes from PR [#​3022](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3022) and [#​3104](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3104).\n\n## What's Changed\n* Update version.props by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3126\n* fix formatting error by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3134\n* Revert configuration manager to 8.3.1 by @​keegan-caruso in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3132\n\n\n**Full Changelog**: https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.4.0...8.5.0\n\n## 8.4.0\n\n8.4.0\n=====\n## New Features\n- App context switch allows blocking or non-blocking calls for configuration. See PR [#​3106](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3106) for details and issue [#​3082](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3082) for details. If you are not using the ConfigurationManager as a singleton and not using the blocking option, you may need to call ShutdownBackgroundTask() to stop the background task to avoid leaking Tasks.\n- IdentityModel now enables symmetric and asymmetric keys to be created publicly with JWK. See [#​3094](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3094) for details.\n- IdentityModel now allows specifying the HTTP protocol version and version policy. See [#​2808](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2808) for details.\n\n## Repair items\n- Add request count and duration telemetry for configuration requests. See [#​3022](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3022) for details.\n- `KeyID` should be present in exception messages and is no longer PII. See [#​3104](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3104) for details.\n\n## Fundamentals\n- Fix spelling issues in xml comments. See [#​3117](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3117) for details.\n- Fix comment coverage in PR builds. See [#​3079](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3079) for details.\n\n### Work related to redesign of IdentityModel's token validation logic [#​2711](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2711)\n- See [#​3056](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3056). [#​3100](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3100), [#​3017](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3107), and [#​3111](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3111).\n- Add internal virtual on TokenHandler. See [#​3084](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3084) for details.\n\n* @​prochnowc made their first contribution in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2809\n\n## 8.3.1\n\n8.3.1\n=====\n## Bug Fixes\n* Respect TVP.RequireAudience when set to false. See [#​3055](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3055)\n* For net4.6.2 select RSACng for PSS support. See [#​3097](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3097)\n* Fix package downgrade in consuming libraries. See[#​3062](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3062)\n* Fix integer overflow in `AuthenticationEncryptionProvider.cs`. See [#​3063](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3063)\n\n## Fundamentals\n* Removed unused property on JsonWebToken ClaimsIdentity. See [#​3071](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3071) for details.\n* Upgrade to C# 13. See [#​2998](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2998)\n* Use new Base64Url API. See [#​22817](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2817)\n* Add warning quality check. See [#​3067](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3067)\n* Update dotnet actions. see [#​3074](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3074)\n* Fix warnings. See [#​3081](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3081)\n* Test updates in JsonWebToken. See [#​3080](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3080).\n\n### Work related to redesign of IdentityModel's token validation logic [#​2711](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2711)\n- [#​3027](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3027), [#​3028](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3028), [#​3051](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3051), [#​3054](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3054)\n\n## What's Changed\n* Update CHANGELOG.md by @​jmprieur in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3053\n* Extensibility tests: Audience - JWT, SAML and SAML2 by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3027\n* Extensibility tests: Lifetime - JWT, SAML and SAML2 by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3028\n* Implement lazy ClaimsIdentity creation from ValidatedToken on SAML and SAML2 on the new validation model by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3051\n* Add logging to the new validation model by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3054\n* update version by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3057\n* lower version to avoid downgrades. by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3058\n* Respect TVP.RequireAudience when set to false by @​kllysng in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3055\n* Fix package downgrade in consuming libraries by @​jmprieur in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3062\n* Add slnf for running perf and stress tests by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3066\n* Add Warning Quality Check Build Task 🔨 by @​kllysng in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3067\n* Update template-Build-run-tests-sign.yml by @​ciaozhang in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3069\n* Removed unused property on JsonWebToken by @​keegan-caruso in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3072\n* Update setup dotnet actions by @​keegan-caruso in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3074\n* fixed #​2983 and re-add code coverage comments to PRs by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3076\n* Remove duplicate keyid into var keysAttempted by @​bdapoigny in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2899\n* Upgrade to C# 13 by @​westin-m in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2998\n* Use new Base64Url API by @​msbw2 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2817\n* Update common.props by @​ciaozhang in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3078\n* fix warnings by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3081\n* Fixed integer overflow in AuthenticatedEncryptionProvider.cs by @​gparametr in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3063\n* Test updates by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3080\n* For net4.6.2 select RSACng for PSS support. by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3085\n* changelog for 8.3.1 by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3098\n\n## New Contributors\n* @​bdapoigny made their first contribution in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2899\n* @​gparametr made their first contribution in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3063\n\n ... (truncated)\n\n## 8.3.0\n\n## New features\n\n### Work related to redesign of IdentityModel's token validation logic [#​2711](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2711)\n* SAML and SAML2 new model validation: Token Replay. See [#​2994](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2994)\n* Extensibility tests: Token Type - JWT ([#​3030](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3030)), Issuer - SAML and SAML2 ([#​3026](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3026)), Algorithm and Signature - JWT, SAML and SAML2 ([#​3034](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3034)), Token Replay - JWT, SAML and SAML2 ([#​3032](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3032)),  Issuer signing key - JWT, SAML and SAML2 ([#​3029](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/302))\n* Avoid code duplication in extensibility testing. See [#​3041](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3041)\n* Extensibility Testing: Refactor. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3011\n* Remove duplicate code in extensibility tests. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3044\n\n## Bug fixes\n* Fix bug with AadIssuerValidator. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3042\n* Fixed SignedHttpRequest flaky test. See [#​3037](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3037)\n \n## Fundamentals\n* Install all .NET versions in pipeline to fix run tests task. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3018\n* Changelog for 8.2.1. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3009\n* Remove unnecessary AoT test project. See in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3045\n* Fix powershell script for nuget update. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3046\n* Update to next version. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3010\n* Disable Coverage PR comments. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3048\n* Updates GitHub Action to support long paths, See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3049\n* Stack parameters to improve reading of code. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3031\n\n## New Contributors\n* @​ssmelov made their first contribution in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3042\n\n**Full Changelog**: https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.2.1...8.3.0\n\n## 8.2.1\n\n8.2.1\n=====\n### New features\n- Update to use .NET 9 GA. See [2990](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2990).\n\n### Bug fixes\n- Remove dependency on Microsoft.Bcl.TimeProvider for .NET 8+ targets. See [2935](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2935).\n- Update cgmanifest to align with the JSON schema. See [2969](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2969).\n\n### Fundamentals\n- Streamline token creation in `SecurityTokenDescriptor`. See [2993](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2993).\n- Prevent inlining to guarantee stack frames in test. See [2999](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2999).\n\n### Work related to redesign of IdentityModel's token validation logic [#​2711](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2711)\n- Simplify stack frame caching. See [2976](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2976).\n- Implement reading SAML and SAML2 tokens. See [2980](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2980).\n- Implement validating SAML signature. See [2950](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2950).\n- Add tests for `IssuerExtensibility`. See [2987](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2987).\n- Add validation for SAML and SAML2 issuer signing key. See [2965](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2965).\n- Add validation for SAML and SAML2 algorithm. See [2984](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2984).\n\n## What's Changed\n* Microsoft.Rest.ClientRuntime has been deprecated, which results in so… by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2970\n* Update to next version after 8.2.0 release by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2975\n* Consolidating test statics by @​trwalke in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2956\n* New token validation model: Simplify stack frame caching by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2976\n* Remove dependency on Microsoft.Bcl.TimeProvider for .NET 8+ targets by @​filipnavara in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2935\n* Update cgmanifest to align with the JSON schema by @​jeffhandley in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2969\n* SAML and SAML2 new model validation: Read Token by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2980\n* SAML2 new model validation: Signature by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2961\n* JsonWebTokenHandler IssuerExtensibility by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2987\n* SAML and SAML2 new model validation: Issuer Signing Key by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2965\n* Ignore AotCompatibilityTests on ADO by @​jmprieur in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2992\n* SAML and SAML2 new model validation: Algorithm by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2984\n* Use SecurityTokenDescriptor when creating tokens by @​msbw2 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2991\n* Prevent inlining to guarantee stack frames in test by @​westin-m in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3002\n* Update to .NET 9 GA. Update some test dependencies. by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2990\n* Add Abstractions.Tests to strong name bypass file. by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3004\n\n## New Contributors\n* @​jeffhandley made their first contribution in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2969\n\n**Full Changelog**: https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.2.0...8.2.1\n\n## 8.2.0\n\n8.2.0\n=====\n### Fundamentals\n- Update System.Text.Json to 8.0.5 CVE-2024-43485. See [2892](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2892).\n- Using FixedTimeEquals in NETCore targets. See [2857](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2857).\n- Updated .NET 9 to RC 2 [2898](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2898).\n- Adds ability to create token without kid [2968](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2968)\n- Enables code coverage in PRs [2946](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2946)\n- Various test improvements:\n- [#​2953](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2953)\n- [#​2955](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2955)\n- [#​2951](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2951)\n- [#​2952](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2952)\n- [#​2947](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2947)\n\n### Work related to redesign of IdentityModel's token validation logic [#​2711](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2711)\n- Validates Audience for SAML2TokenHandler with New Model [2863](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2863)\n- Improvements to AudienceValidation [2902](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2902)\n- Added properties to ValidationResult [2923](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2923)\n- Implements Audience and Lifetime validations in SamlSecurityTokenHandler [2925](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2925)\n- Implements Issuer validation in SamlSecurityTokenHandler [2948](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2948)\n\n## What's Changed\n* update to next version by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2890\n* Use FixedTimeEquals in NETCore targets  by @​westin-m in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2857\n* Update System.Text.Json to 8.0.5 CVE-2024-43485 by @​msbw2 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2892\n* Update .NET 9 to RC 2 by @​msbw2 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2898\n* Validate Audience for SAML2TokenHandler with New Model by @​FuPingFranco in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2863\n* Regression tests: Issuer by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2868\n* Mark Wilson APIs as Shipped by @​westin-m in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2903\n* Add Tests for Lifetime Validation Using New Validation Model For SAML2 by @​FuPingFranco in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2906\n* Suggested changes to AudienceValidation by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2902\n* Extensibility tests: Audience by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2861\n* Added properties to ValidationResult without throwing by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2923\n* Extensibility tests: Lifetime by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2867\n* Regression tests: Issuer signing key by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2927\n* Do not serialize CaseSensitiveClaimsIdentity.SecurityToken. by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2896\n* Fix typo by @​westin-m in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2894\n* Implement and Test Audience and Lifetime validations in SamlSecurityTokenHandler with New Validation Model by @​FuPingFranco in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2925\n* Fix Flaky Tests: NameAndRoleClaimDelegates and RoleClaims by @​kellyyangsong in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2873\n* Regression tests: Signature by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2930\n* Validate Issuer Using New Validation Model in Saml2SecurityTokenHandler by @​FuPingFranco in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2929\n* Fix builds on macOS / Linux using the build.sh script by @​filipnavara in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2937\n* Regression tests: Algorithm by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2934\n* Regression tests: Token Type by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2932\n* Regression tests: Token Replay by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2931\n* Fix DevEx and IDDP builds such that when building internally, use an internal Nuget feed instead of nuget.org by @​kellyyangsong in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2936\n* Restore PopKeyResolvingTests.GetPopKeysFromJkuAsync by @​kellyyangsong in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2947\n* Restore skipped test: ReferenceCountingTest_MultiThreaded by @​kellyyangsong in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2952\n* Restore EnsureAotCompatibility test by @​kellyyangsong in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2951\n ... (truncated)\n\n## 8.1.2\n\n## What's Changed\n\n### Bug fixes\n\n* CaseSensitiveClaimsIdentity.Clone() now returns a `CaseSensitiveClaimsIdentity` as expected, by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2879\n* Multiple unused and unusable (for the moment) public APIs were removed. These were introduced by mistake leaking from the work done on logging and exception handling, by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2888\n\n### Fundamentals\n* Enabled PublicApiAnalyzers to better understand and trace changes to the public API, by @​keegan-caruso in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2782\n\n\n**Full Changelog**: https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.1.1...8.1.2\n\n## 8.1.1\n\n8.1.1\n=====\n### Bug fixes\n- Fix bug where ConfigurationManager was updating keys too frequently. See [2866](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2866) for details.\n\n## What's Changed\n* Rename validation delegates by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2847\n* Remove TransformBeforeSignatureValidationDelegate from ValidationParameters by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2848\n* Add disable discovery enumeration = true to all theory tests by @​kellyyangsong in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2849\n* Make CaseSensitiveClaimIdentity serializable by @​kellyyangsong in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2850\n* Remove Obsolete BinaryFormatter  by @​kellyyangsong in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2851\n* Refactor ValidateConditions in Saml2SecurityTokenHandler by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2855\n* Set custom BenchmarkDotNetconfig as default by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2852\n* Regression tests: Audience by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2838\n* Fix ValidateJsonWebTokenClaimMapping Flaky Test 🐞 by @​kellyyangsong in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2859\n* update current version by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2862\n* Regression tests: Lifetime by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2839\n* Rename ResolveTokenDecryptionKeyDelegate to DecryptionKeyResolverDelegate by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2869\n* Set internal _syncAfter using only AutomaticRefreshInterval. by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2865\n* 8.1.1 Changelog by @​kellyyangsong in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2864\n* Adjust for RefreshInterval not influencing AutomaticRefreshInterval. by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2870\n\n\n**Full Changelog**: https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.1.0...8.1.1\n\n## 8.1.0\n\n8.1.0\n=====\n### Performance improvements\n- Improves performance during issuer validation by replacing string comparison with span comparison. See PR [#​2826](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2826).\n\n### New features\n- Add optional check to prevent using keys that are shared across multiple clouds. See issue [#​2832](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2832) for details.\n\n### Bug fixes\n- JsonWebTokenHandler would only return unwrapped keys if there was no errors. This change is to align with the behavior in JwtSecurityTokenHandler, that is it returns the keys that were able to be unwrapped, and only throw if no keys were able to be unwrapped. See issue [#​2695](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2695) for details.\n\n### Fundamentals\n- Fix flaky tests. See [#​2793](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2793) for details.\n- Update XUnit versoin and fix test warnings due to new XUnit analyzers. See PR [#​2796](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2796) for details.\n- Onhboard to code coverage in ADO. See PR [#​2798](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2798).\n- Use `IsTargetFrameworkCompatible(*)` so AOT is forward-compatible with .NET 9 and beyond. See PR [#​2790](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2790) for details.\n- Fix a merge conflict impacting dev. See PR [#​2819](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2819).\n- Defining the following attribute in multiple assemblies (.Tokens, .Logging) causes an internal error.\n[DynamicallyAccessedMembers(DynamicallyAccessedMemberTypes.PublicConstructors)]. See PR [#​2820](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2820).\n- Remove perl dependency. See PR [#​2830](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2830).\n\n### Work related to redesign of IdentityModel's token validation logic [#​2711](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2711)\n- [#​2794](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2794)\n- [#​2800](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2800)\n- [#​2810](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2810)\n- [#​2811](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2811)\n- [#​2816](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2816)\n- [#​2822](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2822)\n- [#​2815](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2815)\n- [#​2818](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2818)\n- [#​2813](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2813)\n- [#​2827](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2827)\n\n## What's Changed\n* changelog 8.0.2 by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2792\n* Update version.props to 8.0.2 by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2791\n* Fix Async Issue in Extensibility Tests by @​FuPingFranco in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2795\n* Update xUnit version and fix test warnings by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2796\n* ValidateTokenAsync - New Path: Refactor result types by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2794\n* Onboard to code coverage in ADO by @​keegan-caruso in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2798\n* Exception refinement: Adding additional information by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2800\n* Add initial regression tests for the new validation path by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2810\n* Use IsTargetFrameworkCompatible() by @​martincostello in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2790\n* Regression tests: Added inner exception detail and invalid signature failure due to invalid algorithm used by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2811\n* Return unwrapped keys if able by @​keegan-caruso in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2812\n* New token validation path: Renamed result types by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2816\n* Fix merge conflict by @​msbw2 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2819\n* Removed attribute that causes issues with internal builds. by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2820\n* Add missing exception type to ValidationError -\u003e GetException() by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2822\n* Regression testing: Add JWE use cases by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2815\n ... (truncated)\n\n## 8.0.2\n\n8.0.2\n=====\n\n### Security fundamentals\n- Add `BannedApiAnalyzers` to prevent use of `ClaimsIdentity` constructors. See PR [#​2778](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2778) for details.\n\n### Bug fixes\n- IdentityModel now allows the JWT payload to be an empty string. See issue [#​2656](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2656) for details.\n- Cache `UseRfcDefinitionOfEpkAndKid` switch. See PR [#​2747](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2747) for details.\n- Method was named `DoNotFailOnMissingTid` in 7x and `DontFailOnMissingTid` in 8x, adding the method for back compat. See issue [#​2750](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2750) for details.\n- Metadata is now updated on a background thread. See [#​2780](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2780) for details.\n- `JsonWebKeySet` stores the original string it was created with. See PR [#​2755](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2755) for details.\n- Restore AOT compatibility. See [#​2711](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2711).\n- Fix OpenIdConnect parsing bug. See [#​2772](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2772) for details.\n- Remove the lock on creating a `SignatureProvider`. See [#​2788](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2788) for details.\n\n### Fundamentals\n- Test clean up [#​2742](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2742).\n- Use only FxCop in .NET framework targets [#​2693](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2693).\n- Add rule to add file headers automatically [#​2748](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2748).\n- Code analysis updates [#​2746](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2746).\n- Include README packages in NuGet [#​2752](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2752).\n- Update projects inside WilsonUnix solution [#​2768](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2768).\n- Code style enforced in build [#​2603](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2603).\n- CodeQL update [#​2767](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2767).\n- Update build pipeline to new one release build format [#​2777](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2777).\n- Update GitHub actions to `9.0.100-preview.7.24407.12` and add `\u003cNoWarn\u003e$(NoWarn);SYSLIB0057\u003c/NoWarn\u003e` due to breaking changes in preview7. [#​2786](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2786).\n\n### Work relating to [#​2711](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2711)\n- [#​2725](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2725), [#​2729](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2729), [#​2753](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2753), [#​2758](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2758), [#​2759](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2759), [#​2757](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2758), [#​2759](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2757), [#​2764](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2758), [#​2759](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2764), [#​2771](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2758), [#​2759](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2759), and [#​2779](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2779).\n\n\n## What's Changed\n* Remove old 6x tests used that are not needed anymore by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2742\n* Only use fxcop in netfw by @​keegan-caruso in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2693\n* Allow Jwt payload to be the empty string. by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2745\n* Add rule to add file headers automatically. by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2748\n* Remove Delegate Checks in Multiple Validators and Prevents Null Setting of Delegates by @​FuPingFranco in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2725\n* Fix CodeQL by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2746\n* Cache UseRfcDefinitionOfEpkAndKid switch. by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2747\n* Decrypt token: Remove exceptions + use new ValidationParameters by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2729\n* Include README packages in NuGet by @​localden in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2752\n* Remove internals for new work. by @​brentschmaltz in https://github.com/AzureAD/azure-active...\n\n_Description has been truncated_","html_url":"https://github.com/dever-labs/dotnet10-service-template/pull/47","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/dever-labs%2Fdotnet10-service-template/issues/47","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/47/packages"}},{"old_version":"8.16.0","new_version":"8.17.0","update_type":"minor","path":null,"pr_created_at":"2026-03-30T03:55:13.000Z","version_change":"8.16.0 → 8.17.0","issue":{"uuid":"4167020284","node_id":"PR_kwDOMHViBc7OeVMq","number":73,"state":"closed","title":"Bump Microsoft.IdentityModel.JsonWebTokens from 8.16.0 to 8.17.0","user":"dependabot[bot]","labels":["dependencies",".NET"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-03-30T03:55:28.000Z","author_association":null,"state_reason":null,"created_at":"2026-03-30T03:55:13.000Z","updated_at":"2026-03-30T03:55:29.000Z","time_to_close":15,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"Microsoft.IdentityModel.JsonWebTokens","old_version":"8.16.0","new_version":"8.17.0","repository_url":"https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet"}],"path":null,"ecosystem":"nuget"},"body":"Updated [Microsoft.IdentityModel.JsonWebTokens](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet) from 8.16.0 to 8.17.0.\n\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\n_Sourced from [Microsoft.IdentityModel.JsonWebTokens's releases](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/releases)._\n\n## 8.17.0\n\n## Dependencies\n* Downgrade MicrosoftExtensionsLoggingAbstractionsVersion to 8.0.0 on .NET 10. See [PR #​3435](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3435).\n\n\nCommits viewable in [compare view](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.16.0...8.17.0).\n\u003c/details\u003e\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=Microsoft.IdentityModel.JsonWebTokens\u0026package-manager=nuget\u0026previous-version=8.16.0\u0026new-version=8.17.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/lookbusy1344/SqlDatabaseDump/pull/73","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/lookbusy1344%2FSqlDatabaseDump/issues/73","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/73/packages"}},{"old_version":"8.16.0","new_version":"8.17.0","update_type":"minor","path":null,"pr_created_at":"2026-03-25T09:25:37.000Z","version_change":"8.16.0 → 8.17.0","issue":{"uuid":"4133916669","node_id":"PR_kwDOMhYNHM7NR7vT","number":236,"state":"open","title":"Bump Microsoft.IdentityModel.JsonWebTokens from 8.16.0 to 8.17.0","user":"dependabot[bot]","labels":["dependencies",".NET"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-03-25T09:25:37.000Z","updated_at":"2026-03-25T09:28:26.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"Microsoft.IdentityModel.JsonWebTokens","old_version":"8.16.0","new_version":"8.17.0","repository_url":"https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet"}],"path":null,"ecosystem":"nuget"},"body":"Updated [Microsoft.IdentityModel.JsonWebTokens](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet) from 8.16.0 to 8.17.0.\n\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\n_Sourced from [Microsoft.IdentityModel.JsonWebTokens's releases](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/releases)._\n\n## 8.17.0\n\n## Dependencies\n* Downgrade MicrosoftExtensionsLoggingAbstractionsVersion to 8.0.0 on .NET 10. See [PR #​3435](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3435).\n\n\nCommits viewable in [compare view](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.16.0...8.17.0).\n\u003c/details\u003e\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=Microsoft.IdentityModel.JsonWebTokens\u0026package-manager=nuget\u0026previous-version=8.16.0\u0026new-version=8.17.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/tndata/CloudDebugger/pull/236","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/tndata%2FCloudDebugger/issues/236","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/236/packages"}},{"old_version":null,"new_version":null,"update_type":null,"path":null,"pr_created_at":"2026-03-25T05:46:46.000Z","version_change":null,"issue":{"uuid":"4132740775","node_id":"PR_kwDOGnKBAc7NOjoR","number":115,"state":"closed","title":"Bump Microsoft.IdentityModel.JsonWebTokens and System.IdentityModel.Tokens.Jwt","user":"dependabot[bot]","labels":["dependencies",".NET"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":"2026-04-21T01:21:54.000Z","author_association":null,"state_reason":null,"created_at":"2026-03-25T05:46:46.000Z","updated_at":"2026-04-21T01:22:02.000Z","time_to_close":2316908,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"Microsoft.IdentityModel.JsonWebTokens","repository_url":"https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet"},{"name":"System.IdentityModel.Tokens.Jwt","repository_url":"https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet"}],"path":null,"ecosystem":"nuget"},"body":"Updated [Microsoft.IdentityModel.JsonWebTokens](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet) from 8.14.0 to 8.17.0.\n\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\n_Sourced from [Microsoft.IdentityModel.JsonWebTokens's releases](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/releases)._\n\n## 8.17.0\n\n## Dependencies\n* Downgrade MicrosoftExtensionsLoggingAbstractionsVersion to 8.0.0 on .NET 10. See [PR #​3435](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3435).\n\n\n## 8.16.0\n\n## New Features\n* Add telemetry around signature validation. See [PR #​3415](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3415) for details.\n\n## Fundamentals\n* Fix FileVersion format to use two-digit year and day of year. See [PR #​3389](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3389) for details.\n\n## 8.15.0\n\n## New Features\n- **Add ECDsa support in `X509SecurityKey` and `JsonWebKeyConverter.ConvertFromX509SecurityKey`**  \n  Extended `X509SecurityKey` and `JsonWebKeyConverter.ConvertFromX509SecurityKey` to support ECDSA keys.  \n  See PR [#​2377](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2377) for details.\n\n## Bug Fixes\n- **Sanitize logs to avoid leaking sensitive data**  \n  Updated logging to sanitize sensitive values, reducing the risk of inadvertently exposing secrets or PII in logs.  \n  See PR [#​3316](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3316) for details.\n- **Optimize log sanitization with `SearchValues`**  \n  Improved the performance of the log sanitization logic introduced earlier by using `SearchValues`, making sanitization more efficient in high-throughput scenarios.  \n  See PR [#​3341](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3341) for details.\n- **Update test for `IDX10400`**  \n  Adjusted the `IDX10400` test to align with the current behavior and error messaging.  \n  See PR [#​3314](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3314) for details.\n\n## Fundamentals\n- **Add supported algorithm tests**  \n  Added new tests to validate the set of supported cryptographic algorithms, increasing confidence in algorithm coverage and compatibility.  \n  See PR [#​3296](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3296) for details.\n- **Migrate repository agent rules from `.clinerules` to `agents.md`**  \n  Moved repository agent/AI-assist rules into markdown documentation to make them more visible and easier to maintain.  \n  See PR [#​3313](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3313) for details.\n- **Migrate `Microsoft.IdentityModel.TestExtensions` from Newtonsoft.Json to System.Text.Json**  \n  Updated `Microsoft.IdentityModel.TestExtensions` to use `System.Text.Json` instead of `Newtonsoft.Json`, aligning tests with the runtime serialization stack.  \n  See PR [#​3356](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3356) for details.\n- **Disable code coverage comments**  \n  Turned off automated code coverage comments on PRs to reduce noise while retaining coverage data elsewhere.  \n  See PR [#​3349](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3349) for details.\n- **Fix CodeQL alerts**  \n  Addressed CodeQL-reported issues to improve security posture and static analysis cleanliness.  \n  See PR [#​3364](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3364) for details.\n\n### .NET 10 / SDK and tooling updates\n- **Building with .NET 10 preview / RC 1**  \n  Updated the repository to build and test against .NET 10.0 preview/RC1, ensuring early compatibility with the upcoming runtime.  \n  See PRs [#​3287](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3287), [#​3357](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3357), and [#​3358](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3358) for details.\n- **Fix .NET 10 test execution consistency**  \n  Ensured consistent use of the `TargetNetNext` parameter across build, test, and pack phases so .NET 10.0 tests execute reliably.  \n  See PR [#​3337](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3337) for details.\n- **Update project files and workflows for .NET 10.0 compatibility**  \n  Adjusted project files and CI workflows to correctly target and run on .NET 10.0, including test and pack scenarios.  \n  See PR [#​3363](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3363) for details.\n- **Update .NET version to meet CG compliance**  \n  Updated the .NET version references to be compliant with corporate governance (CG) requirements.  \n  See PR [#​3353](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3353) for details.\n- **Update Coverlet collector and test SDK**  \n  - Bumped `CoverletCollectorVersion` to 6.0.4.  \n    See PR [#​3333](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3333) for details.  \n  - Upgraded `Microsoft.NET.Test.Sdk` to a newer version for improved test reliability and tooling support.  \n ... (truncated)\n\nCommits viewable in [compare view](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.14.0...8.17.0).\n\u003c/details\u003e\n\nUpdated [System.IdentityModel.Tokens.Jwt](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet) from 8.14.0 to 8.17.0.\n\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\n_Sourced from [System.IdentityModel.Tokens.Jwt's releases](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/releases)._\n\n## 8.17.0\n\n## Dependencies\n* Downgrade MicrosoftExtensionsLoggingAbstractionsVersion to 8.0.0 on .NET 10. See [PR #​3435](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3435).\n\n\n## 8.16.0\n\n## New Features\n* Add telemetry around signature validation. See [PR #​3415](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3415) for details.\n\n## Fundamentals\n* Fix FileVersion format to use two-digit year and day of year. See [PR #​3389](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3389) for details.\n\n## 8.15.0\n\n## New Features\n- **Add ECDsa support in `X509SecurityKey` and `JsonWebKeyConverter.ConvertFromX509SecurityKey`**  \n  Extended `X509SecurityKey` and `JsonWebKeyConverter.ConvertFromX509SecurityKey` to support ECDSA keys.  \n  See PR [#​2377](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2377) for details.\n\n## Bug Fixes\n- **Sanitize logs to avoid leaking sensitive data**  \n  Updated logging to sanitize sensitive values, reducing the risk of inadvertently exposing secrets or PII in logs.  \n  See PR [#​3316](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3316) for details.\n- **Optimize log sanitization with `SearchValues`**  \n  Improved the performance of the log sanitization logic introduced earlier by using `SearchValues`, making sanitization more efficient in high-throughput scenarios.  \n  See PR [#​3341](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3341) for details.\n- **Update test for `IDX10400`**  \n  Adjusted the `IDX10400` test to align with the current behavior and error messaging.  \n  See PR [#​3314](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3314) for details.\n\n## Fundamentals\n- **Add supported algorithm tests**  \n  Added new tests to validate the set of supported cryptographic algorithms, increasing confidence in algorithm coverage and compatibility.  \n  See PR [#​3296](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3296) for details.\n- **Migrate repository agent rules from `.clinerules` to `agents.md`**  \n  Moved repository agent/AI-assist rules into markdown documentation to make them more visible and easier to maintain.  \n  See PR [#​3313](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3313) for details.\n- **Migrate `Microsoft.IdentityModel.TestExtensions` from Newtonsoft.Json to System.Text.Json**  \n  Updated `Microsoft.IdentityModel.TestExtensions` to use `System.Text.Json` instead of `Newtonsoft.Json`, aligning tests with the runtime serialization stack.  \n  See PR [#​3356](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3356) for details.\n- **Disable code coverage comments**  \n  Turned off automated code coverage comments on PRs to reduce noise while retaining coverage data elsewhere.  \n  See PR [#​3349](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3349) for details.\n- **Fix CodeQL alerts**  \n  Addressed CodeQL-reported issues to improve security posture and static analysis cleanliness.  \n  See PR [#​3364](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3364) for details.\n\n### .NET 10 / SDK and tooling updates\n- **Building with .NET 10 preview / RC 1**  \n  Updated the repository to build and test against .NET 10.0 preview/RC1, ensuring early compatibility with the upcoming runtime.  \n  See PRs [#​3287](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3287), [#​3357](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3357), and [#​3358](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3358) for details.\n- **Fix .NET 10 test execution consistency**  \n  Ensured consistent use of the `TargetNetNext` parameter across build, test, and pack phases so .NET 10.0 tests execute reliably.  \n  See PR [#​3337](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3337) for details.\n- **Update project files and workflows for .NET 10.0 compatibility**  \n  Adjusted project files and CI workflows to correctly target and run on .NET 10.0, including test and pack scenarios.  \n  See PR [#​3363](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3363) for details.\n- **Update .NET version to meet CG compliance**  \n  Updated the .NET version references to be compliant with corporate governance (CG) requirements.  \n  See PR [#​3353](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3353) for details.\n- **Update Coverlet collector and test SDK**  \n  - Bumped `CoverletCollectorVersion` to 6.0.4.  \n    See PR [#​3333](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3333) for details.  \n  - Upgraded `Microsoft.NET.Test.Sdk` to a newer version for improved test reliability and tooling support.  \n ... (truncated)\n\nCommits viewable in [compare view](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.14.0...8.17.0).\n\u003c/details\u003e\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/NosCoreIO/NosCore.Networking/pull/115","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/NosCoreIO%2FNosCore.Networking/issues/115","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/115/packages"}},{"old_version":"8.0.1","new_version":"8.16.0","update_type":"minor","path":null,"pr_created_at":"2026-02-28T05:29:00.000Z","version_change":"8.0.1 → 8.16.0","issue":{"uuid":"4003951009","node_id":"PR_kwDORa3tkc7G-Wmh","number":14,"state":"closed","title":"nuget: Bump Microsoft.IdentityModel.JsonWebTokens from 8.0.1 to 8.16.0","user":"dependabot[bot]","labels":[],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":"2026-03-24T22:38:52.000Z","author_association":null,"state_reason":null,"created_at":"2026-02-28T05:29:00.000Z","updated_at":"2026-03-24T22:38:55.000Z","time_to_close":2135392,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"nuget: Bump","packages":[{"name":"Microsoft.IdentityModel.JsonWebTokens","old_version":"8.0.1","new_version":"8.16.0","repository_url":"https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet"}],"path":null,"ecosystem":"nuget"},"body":"Updated [Microsoft.IdentityModel.JsonWebTokens](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet) from 8.0.1 to 8.16.0.\n\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\n_Sourced from [Microsoft.IdentityModel.JsonWebTokens's releases](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/releases)._\n\n## 8.16.0\n\n## New Features\n* Add telemetry around signature validation. See [PR #​3415](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3415) for details.\n\n## Fundamentals\n* Fix FileVersion format to use two-digit year and day of year. See [PR #​3389](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3389) for details.\n\n## 8.15.0\n\n## New Features\n- **Add ECDsa support in `X509SecurityKey` and `JsonWebKeyConverter.ConvertFromX509SecurityKey`**  \n  Extended `X509SecurityKey` and `JsonWebKeyConverter.ConvertFromX509SecurityKey` to support ECDSA keys.  \n  See PR [#​2377](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2377) for details.\n\n## Bug Fixes\n- **Sanitize logs to avoid leaking sensitive data**  \n  Updated logging to sanitize sensitive values, reducing the risk of inadvertently exposing secrets or PII in logs.  \n  See PR [#​3316](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3316) for details.\n- **Optimize log sanitization with `SearchValues`**  \n  Improved the performance of the log sanitization logic introduced earlier by using `SearchValues`, making sanitization more efficient in high-throughput scenarios.  \n  See PR [#​3341](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3341) for details.\n- **Update test for `IDX10400`**  \n  Adjusted the `IDX10400` test to align with the current behavior and error messaging.  \n  See PR [#​3314](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3314) for details.\n\n## Fundamentals\n- **Add supported algorithm tests**  \n  Added new tests to validate the set of supported cryptographic algorithms, increasing confidence in algorithm coverage and compatibility.  \n  See PR [#​3296](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3296) for details.\n- **Migrate repository agent rules from `.clinerules` to `agents.md`**  \n  Moved repository agent/AI-assist rules into markdown documentation to make them more visible and easier to maintain.  \n  See PR [#​3313](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3313) for details.\n- **Migrate `Microsoft.IdentityModel.TestExtensions` from Newtonsoft.Json to System.Text.Json**  \n  Updated `Microsoft.IdentityModel.TestExtensions` to use `System.Text.Json` instead of `Newtonsoft.Json`, aligning tests with the runtime serialization stack.  \n  See PR [#​3356](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3356) for details.\n- **Disable code coverage comments**  \n  Turned off automated code coverage comments on PRs to reduce noise while retaining coverage data elsewhere.  \n  See PR [#​3349](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3349) for details.\n- **Fix CodeQL alerts**  \n  Addressed CodeQL-reported issues to improve security posture and static analysis cleanliness.  \n  See PR [#​3364](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3364) for details.\n\n### .NET 10 / SDK and tooling updates\n- **Building with .NET 10 preview / RC 1**  \n  Updated the repository to build and test against .NET 10.0 preview/RC1, ensuring early compatibility with the upcoming runtime.  \n  See PRs [#​3287](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3287), [#​3357](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3357), and [#​3358](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3358) for details.\n- **Fix .NET 10 test execution consistency**  \n  Ensured consistent use of the `TargetNetNext` parameter across build, test, and pack phases so .NET 10.0 tests execute reliably.  \n  See PR [#​3337](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3337) for details.\n- **Update project files and workflows for .NET 10.0 compatibility**  \n  Adjusted project files and CI workflows to correctly target and run on .NET 10.0, including test and pack scenarios.  \n  See PR [#​3363](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3363) for details.\n- **Update .NET version to meet CG compliance**  \n  Updated the .NET version references to be compliant with corporate governance (CG) requirements.  \n  See PR [#​3353](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3353) for details.\n- **Update Coverlet collector and test SDK**  \n  - Bumped `CoverletCollectorVersion` to 6.0.4.  \n    See PR [#​3333](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3333) for details.  \n  - Upgraded `Microsoft.NET.Test.Sdk` to a newer version for improved test reliability and tooling support.  \n ... (truncated)\n\n## 8.14.0\n\n8.14.0\n====\n## Bug Fixes\n- Switch back to use `ValidationResult` instead of `OperationResult` when validating a token in a new experimental validation flow. Additionally removed the dependency on Microsoft.IdentityModel.Abstractions. See [#​3299](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3299) for details.\n\n## 8.13.1\n\n8.13.1\n====\n## Dependencies\nMicrosoft.IdentityModel now depends on Microsoft.Identity.Abstractions 9.3.0\n\n## Bug Fixes\n- Fixed a decompression failure happening for large JWE payloads. See [#​3286](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3286) for details.\n\n### Work related to redesign of IdentityModel's token validation logic [#​2711](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2711)\n- Update the validation methods to return Microsoft.Identity.Abstractions.OperationResult. See [#​3284](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3284) for details.\n\n8.13.0\n\n## 8.13.0\n\n8.13.0\n====\n### Fundamentals\n- `CaseSensitiveClaimsIdentity.SecurityToken` setter is now protected internal (was internal). See PR [#​3278](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3278) for details.\n- Update .NET SDK version to 9.0.108 used when building or running the code. See PR [#​3274](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3274) for details.\n- Update RsaSecurityKey.cs to replace the Pkcs1 padding by Pss from HasPrivateKey check. See [#​3280](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3280) for details.\n\n## What's Changed\n* Make CaseSensitiveClaimsIdentity.SecurityToken setter protected by @​keegan-caruso in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3278\n* Update .NET SDK version in global.json from 9.0.107 to 9.0.108 by @​Copilot in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3274\n* Update RsaSecurityKey.cs to remove Pkcs 1 by @​keegan-caruso in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3280\n* changelog for 8.13 by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3282\n\n## New Contributors\n* @​Copilot made their first contribution in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3274\n\n**Full Changelog**: https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.12.1...8.13.0\n\n## 8.12.1\n\n8.12.1\n====\n### Fundamentals\n- Update .NET SDK version to 9.0.107 used when building or running the code. See [#​3263](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3263) for details.\n- To keep our experimental code separate from production code, all files associated with experimental features have been moved to the Experimental folders. See PR [#​3261](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3261) for details.\n- Experimental code leaked into TokenValidationResult from early prototypes. See PR [#​3259](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3259) for details.\n\n## What's Changed\n* Remove experimental code from TokenValidationResult by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3259\n* Moved files to experimental folder by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3261\n* Update global.json to latest by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3263\n\n\n**Full Changelog**: https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.12.0...8.12.1\n\n## 8.12.0\n\n8.12.0\n====\n\n## New Features\n- **Enhance ConfigurationManager with event handling**  \n  Added event handling capabilities to the `ConfigurationManager`, enabling consumers to subscribe to configuration change events. This enhancement improves extensibility and allows more responsive applications. For details see [#​3253](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3253)  \n\n## Bug Fixes\n- **Add expected Base64UrlEncoder.Decode overload for NET6 and 8**  \n  Introduced the expected overload of `Base64UrlEncoder.Decode` for .NET 6 and 8, ensuring compatibility and preventing missing method issues on these frameworks.  \n  For details see [#​3249](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3249)  \n\n## Fundamentals\n- **Add AI assist rules**  \n  Incorporated AI assist rules to enhance AI agents effectiveness.  \n  For details see [#​3255](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3255)  \n- **Update PublicApiAnalyzers and BannedApiAnalyzers to 4.14.0**  \n  Upgraded analyzer packages for improved diagnostics and code consistency (in particular delegates are added).  \n  For details see [#​3256](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3256)  \n- **Move suppression of RS006 to csproj**  \n  Centralized suppression of RS006 warnings in project files for easier management.  \n  For details see [#​3230](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3230)\n\n## What's Changed\n* Move suppression of RS006 to csproj. by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3230\n* Add expected Base64UrlEncoder.Decode overload for NET6 and 8 by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3250\n* add ai assist rules by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3255\n* Enhance ConfigurationManager with event handling by @​GeoK in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3254\n* Update PublicApiAnalyzers and BannedApiAnalyzers to 4.14.0 by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3256\n* Update CHANGELOG.md for 8.12.0 by @​jmprieur in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3258\n\n\n**Full Changelog**: https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.11.0...8.12.0\n\n## 8.11.0\n\n8.11.0\n=====\n## New Features:\n- Microsoft.IdentityModel now exposes the AadIssuerValidator factory method publicly to enable caching functionality for AadIssuerValidator instances. See issue [#​3245](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3245) for details.\n- Added a new public async API: `JsonWebTokenHandler.DecryptTokenWithConfigurationAsync`, which decrypts a JWE token using keys from either `TokenValidationParameters` or, if not present, from configuration (such as via a ConfigurationManager). This enhancement improves developer experience by enabling asynchronous, cancellation-aware JWE decryption scenarios, aligning with modern .NET async patterns and making integration with external key/configuration sources more robust and observable. See PR [#​3243](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3243) for details.\n\n## What's Changed\n* few updates by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3242\n* Changelog for 8.10.0 by @​sruke in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3241\n* Exposes publicly override of AadIssuerValidator factory taking a delegate by @​jmprieur in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3244\n* update current version to 8.10.0 by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3246\n* Add DecryptTokenWithConfiguration API by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3243\n* changelog for 8.11 by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3248\n\n\n**Full Changelog**: https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.10.0...8.11.0\n\n## 8.10.0\n\n8.10.0\n=====\n## Bug Fixes\n- Corrected casing of the Type attribute in SubjectConfirmationData. See [#​3206](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3206).\n- Removed Microsoft.Bcl.Memory dependency for pre-.NET 9.0 targets. See [#​3220](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/commit/33784b8ec0ff4300efad788535f90b3adc5bdfd1).\n- Aligned Microsoft.Extensions.Logging.Abstractions version to 8.0.0 for .NET 9 to match other targets. See [#​3226](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/commit/793bd34e945eb8ba7528cf87c4a29a29c4704a65).\n\n## Fundamentals\n- Introduced Long-Term Support (LTS) policy. See [#​3228](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/commit/946bec18cdeb26b8133a04e8c056dd5f17588f89) and [#​3232](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/commit/14842aedb3d57c32b9ce784061cd9beccbdd1eb1).\n\n## 8.9.0\n\n8.9.0\n=====\n## Bug Fixes\n- syncAfter has been updated to preserve UTC information, addressing a bug where GetConfigurationAsync does not refresh configuration in ConfigurationManager. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3213.\n- Fixed a null reference issue in KeyInfo. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3203.\n\n## New Features\n- Introduced a new delegate for reading custom token payload values on JsonWebToken. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2981.\n- Added an overload for ReadJsonWebToken to take a ReadOnlyMemory. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3205.\n\n## Fundamentals\n- Utilized IList to avoid enumerator allocation during audience validation. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3204.\n\n## 8.8.0\n\n8.8.0\n=====\n## New Features\n- Adds the ability for the metadata refresh to be done as a blocking call, as per 8.0.1 behavior. This is done through the `Switch.Microsoft.IdentityModel.UpdateConfigAsBlocking` switch. If set, configuration calls will be blocking when metadata is updated, otherwise, if token arrive with a new signing keys, validation errors will be returned to the caller. See PR [#​3193](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3193) for details.\n- Identity.Model updates some log and error messages (IDX10214, IDX10215). If the information is needed for debugging purposes, it can be reverted via the `Switch.Microsoft.IdentityModel.DoNotScrubExceptions` AppContextSwitch. See PR [#​3195](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3195) and https://aka.ms/identitymodel/app-context-switches for details.\n- Change all plain object locks to `System.Thread.Lock` objects for .NET 9 or greater. See PRs [#​3185](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3185) and [#​3189](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3189) for details.\n\n\n## 8.7.0\n\n## Bug Fixes\n- Add back internal methods `IsRecoverableException` and `IsRecoverableExceptionType` whose signatures were changed in the previous version. See [#​3181](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3181).\n\n## New Features\n- Make `Cnf` class public and move it to Microsoft.IdentityModel.Tokens package. See [#​3165](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3165).\n\n## What's Changed\n* Post Release 8.6.1 cleanup  by @​mdchennu in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3160\n* Updates CodeQL.yaml to exclude test files by @​sruke in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3163\n* Adds explanation for CodeQL warnings by @​sruke in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3167\n* Fix typo by @​rstm-sf in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3175\n* Need to change the locks by @​JoshLozensky in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3171\n* Move CNF from SHR to M.IM.Tokens by @​keegan-caruso in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3168\n* Add back IsRecoverableException methods. by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3183\n* Revert \"Need to change the locks\" by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3186\n* 8.7.0 changelog by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3184\n\n## New Contributors\n* @​rstm-sf made their first contribution in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3175\n\n**Full Changelog**: https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.6.1...8.7.0\n\n## 8.6.1\n\n8.6.1\n=====\n## Bug fix\n- Microsoft.IdentityModel now triggers a configuration refresh if token decryption fails. See issue [#​3148](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3148) for details.\n- Fix a bug in `JsonWebTokenHandler` where `JwtTokenDecryptionParameters`'s `Alg` and `Enc` were not set during token decryption, causing `IDX10611` and `IDX10619` errors to show null values in the messages. See issue [#​3003](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3003) for details.\n\n## Fundamentals\n- For development, IdentityModel now has a global.json file to specify the .NET SDK version. See issue [#​2995](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2995) for details.\n\n## What's Changed\n* Update version.props to next version by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3145\n* Update the public API shipped files by @​jmprieur in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3146\n* Add global.json file by @​mdchennu in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3153\n* Trigger metadata refresh for token decryption errors by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3149\n* Populate error messages correctly from JwtTokenUtilities.DecryptJwtToken by @​ksaaf in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3152\n* first changelog update by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3156\n\n## New Contributors\n* @​mdchennu made their first contribution in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3153\n* @​ksaaf made their first contribution in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3152\n\n**Full Changelog**: https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.6.0...8.6.1\n\n## 8.6.0\n\n8.6.0\n=====\n## New Features\n- TokenValidationParameters has a new boolean property `TryAllDecryptionKeys` that let you choose whether to try all decrypt keys when no key matches the token decrypt key IDs. By default it's set to **true** (legacy behavior) but you can set it to false to avoid tyring all keys which is more performant. See [#​3128](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3128)\n- Promote KeyInfo.MatchesKey from internal to protected internal virtual to enable SAML extensibility (for CoreWcf). See [#​3140](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3140)\n\n## Fundamentals\n* Update dependency on Microsoft.Extensions.Logging.Abstractions from 9.0.0 to 8.0.2 to avoid package downgrade in apps on .NET 9 using a netstandard2.0 library referencing logging.abstractions. See [3143](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3143)\n* Add more tests for encrypted tokens. See [#​3139](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3139)\n\n## What's Changed\n* Update CHANGELOG.md by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3133\n* Update version.props to next version by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3137\n* Add TryAllDecryptionKeys flag to whether decrypt if no key IDs match by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3128\n* Change KeyInfo.MatchesKey from internal to protected internal virtual. by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3140\n* Fix #​3112 by @​jmprieur in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3143\n* Add more auto-decryption related tests by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3139\n* Update changelog.md for 8.6.0 by @​jmprieur in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3144\n\n\n**Full Changelog**: https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.5.0...8.6.0\n\n## 8.5.0\n\n8.5.0\n=====\n## Reverting previous breaking change\n- The Configuration Manager has been reverted to version 8.3.1. The changes made in 8.4.0 assume the configuration manager is used as a singleton, which is similar to marking the type as disposable. We have since learned that [adding IDisposable is a breaking change](https://learn.microsoft.com/en-us/dotnet/fundamentals/runtime-libraries/system-idisposable), so we are following [semver guidance](https://semver.org/#what-do-i-do-if-i-accidentally-release-a-backward-incompatible-change-as-a-minor-version) and reverting and releasing a minor version (8.5.0).\n- Cherry-picked Changes: Included changes from PR [#​3022](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3022) and [#​3104](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3104).\n\n## What's Changed\n* Update version.props by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3126\n* fix formatting error by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3134\n* Revert configuration manager to 8.3.1 by @​keegan-caruso in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3132\n\n\n**Full Changelog**: https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.4.0...8.5.0\n\n## 8.4.0\n\n8.4.0\n=====\n## New Features\n- App context switch allows blocking or non-blocking calls for configuration. See PR [#​3106](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3106) for details and issue [#​3082](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3082) for details. If you are not using the ConfigurationManager as a singleton and not using the blocking option, you may need to call ShutdownBackgroundTask() to stop the background task to avoid leaking Tasks.\n- IdentityModel now enables symmetric and asymmetric keys to be created publicly with JWK. See [#​3094](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3094) for details.\n- IdentityModel now allows specifying the HTTP protocol version and version policy. See [#​2808](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2808) for details.\n\n## Repair items\n- Add request count and duration telemetry for configuration requests. See [#​3022](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3022) for details.\n- `KeyID` should be present in exception messages and is no longer PII. See [#​3104](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3104) for details.\n\n## Fundamentals\n- Fix spelling issues in xml comments. See [#​3117](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3117) for details.\n- Fix comment coverage in PR builds. See [#​3079](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3079) for details.\n\n### Work related to redesign of IdentityModel's token validation logic [#​2711](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2711)\n- See [#​3056](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3056). [#​3100](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3100), [#​3017](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3107), and [#​3111](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3111).\n- Add internal virtual on TokenHandler. See [#​3084](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3084) for details.\n\n* @​prochnowc made their first contribution in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2809\n\n## 8.3.1\n\n8.3.1\n=====\n## Bug Fixes\n* Respect TVP.RequireAudience when set to false. See [#​3055](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3055)\n* For net4.6.2 select RSACng for PSS support. See [#​3097](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3097)\n* Fix package downgrade in consuming libraries. See[#​3062](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3062)\n* Fix integer overflow in `AuthenticationEncryptionProvider.cs`. See [#​3063](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3063)\n\n## Fundamentals\n* Removed unused property on JsonWebToken ClaimsIdentity. See [#​3071](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3071) for details.\n* Upgrade to C# 13. See [#​2998](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2998)\n* Use new Base64Url API. See [#​22817](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2817)\n* Add warning quality check. See [#​3067](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3067)\n* Update dotnet actions. see [#​3074](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3074)\n* Fix warnings. See [#​3081](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3081)\n* Test updates in JsonWebToken. See [#​3080](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3080).\n\n### Work related to redesign of IdentityModel's token validation logic [#​2711](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2711)\n- [#​3027](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3027), [#​3028](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3028), [#​3051](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3051), [#​3054](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3054)\n\n## What's Changed\n* Update CHANGELOG.md by @​jmprieur in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3053\n* Extensibility tests: Audience - JWT, SAML and SAML2 by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3027\n* Extensibility tests: Lifetime - JWT, SAML and SAML2 by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3028\n* Implement lazy ClaimsIdentity creation from ValidatedToken on SAML and SAML2 on the new validation model by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3051\n* Add logging to the new validation model by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3054\n* update version by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3057\n* lower version to avoid downgrades. by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3058\n* Respect TVP.RequireAudience when set to false by @​kllysng in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3055\n* Fix package downgrade in consuming libraries by @​jmprieur in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3062\n* Add slnf for running perf and stress tests by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3066\n* Add Warning Quality Check Build Task 🔨 by @​kllysng in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3067\n* Update template-Build-run-tests-sign.yml by @​ciaozhang in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3069\n* Removed unused property on JsonWebToken by @​keegan-caruso in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3072\n* Update setup dotnet actions by @​keegan-caruso in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3074\n* fixed #​2983 and re-add code coverage comments to PRs by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3076\n* Remove duplicate keyid into var keysAttempted by @​bdapoigny in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2899\n* Upgrade to C# 13 by @​westin-m in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2998\n* Use new Base64Url API by @​msbw2 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2817\n* Update common.props by @​ciaozhang in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3078\n* fix warnings by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3081\n* Fixed integer overflow in AuthenticatedEncryptionProvider.cs by @​gparametr in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3063\n* Test updates by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3080\n* For net4.6.2 select RSACng for PSS support. by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3085\n* changelog for 8.3.1 by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3098\n\n## New Contributors\n* @​bdapoigny made their first contribution in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2899\n* @​gparametr made their first contribution in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3063\n\n ... (truncated)\n\n## 8.3.0\n\n## New features\n\n### Work related to redesign of IdentityModel's token validation logic [#​2711](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2711)\n* SAML and SAML2 new model validation: Token Replay. See [#​2994](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2994)\n* Extensibility tests: Token Type - JWT ([#​3030](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3030)), Issuer - SAML and SAML2 ([#​3026](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3026)), Algorithm and Signature - JWT, SAML and SAML2 ([#​3034](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3034)), Token Replay - JWT, SAML and SAML2 ([#​3032](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3032)),  Issuer signing key - JWT, SAML and SAML2 ([#​3029](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/302))\n* Avoid code duplication in extensibility testing. See [#​3041](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3041)\n* Extensibility Testing: Refactor. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3011\n* Remove duplicate code in extensibility tests. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3044\n\n## Bug fixes\n* Fix bug with AadIssuerValidator. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3042\n* Fixed SignedHttpRequest flaky test. See [#​3037](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3037)\n \n## Fundamentals\n* Install all .NET versions in pipeline to fix run tests task. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3018\n* Changelog for 8.2.1. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3009\n* Remove unnecessary AoT test project. See in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3045\n* Fix powershell script for nuget update. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3046\n* Update to next version. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3010\n* Disable Coverage PR comments. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3048\n* Updates GitHub Action to support long paths, See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3049\n* Stack parameters to improve reading of code. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3031\n\n## New Contributors\n* @​ssmelov made their first contribution in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3042\n\n**Full Changelog**: https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.2.1...8.3.0\n\n## 8.2.1\n\n8.2.1\n=====\n### New features\n- Update to use .NET 9 GA. See [2990](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2990).\n\n### Bug fixes\n- Remove dependency on Microsoft.Bcl.TimeProvider for .NET 8+ targets. See [2935](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2935).\n- Update cgmanifest to align with the JSON schema. See [2969](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2969).\n\n### Fundamentals\n- Streamline token creation in `SecurityTokenDescriptor`. See [2993](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2993).\n- Prevent inlining to guarantee stack frames in test. See [2999](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2999).\n\n### Work related to redesign of IdentityModel's token validation logic [#​2711](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2711)\n- Simplify stack frame caching. See [2976](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2976).\n- Implement reading SAML and SAML2 tokens. See [2980](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2980).\n- Implement validating SAML signature. See [2950](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2950).\n- Add tests for `IssuerExtensibility`. See [2987](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2987).\n- Add validation for SAML and SAML2 issuer signing key. See [2965](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2965).\n- Add validation for SAML and SAML2 algorithm. See [2984](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2984).\n\n## What's Changed\n* Microsoft.Rest.ClientRuntime has been deprecated, which results in so… by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2970\n* Update to next version after 8.2.0 release by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2975\n* Consolidating test statics by @​trwalke in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2956\n* New token validation model: Simplify stack frame caching by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2976\n* Remove dependency on Microsoft.Bcl.TimeProvider for .NET 8+ targets by @​filipnavara in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2935\n* Update cgmanifest to align with the JSON schema by @​jeffhandley in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2969\n* SAML and SAML2 new model validation: Read Token by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2980\n* SAML2 new model validation: Signature by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2961\n* JsonWebTokenHandler IssuerExtensibility by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2987\n* SAML and SAML2 new model validation: Issuer Signing Key by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2965\n* Ignore AotCompatibilityTests on ADO by @​jmprieur in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2992\n* SAML and SAML2 new model validation: Algorithm by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2984\n* Use SecurityTokenDescriptor when creating tokens by @​msbw2 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2991\n* Prevent inlining to guarantee stack frames in test by @​westin-m in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3002\n* Update to .NET 9 GA. Update some test dependencies. by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2990\n* Add Abstractions.Tests to strong name bypass file. by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3004\n\n## New Contributors\n* @​jeffhandley made their first contribution in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2969\n\n**Full Changelog**: https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.2.0...8.2.1\n\n## 8.2.0\n\n8.2.0\n=====\n### Fundamentals\n- Update System.Text.Json to 8.0.5 CVE-2024-43485. See [2892](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2892).\n- Using FixedTimeEquals in NETCore targets. See [2857](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2857).\n- Updated .NET 9 to RC 2 [2898](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2898).\n- Adds ability to create token without kid [2968](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2968)\n- Enables code coverage in PRs [2946](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2946)\n- Various test improvements:\n- [#​2953](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2953)\n- [#​2955](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2955)\n- [#​2951](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2951)\n- [#​2952](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2952)\n- [#​2947](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2947)\n\n### Work related to redesign of IdentityModel's token validation logic [#​2711](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2711)\n- Validates Audience for SAML2TokenHandler with New Model [2863](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2863)\n- Improvements to AudienceValidation [2902](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2902)\n- Added properties to ValidationResult [2923](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2923)\n- Implements Audience and Lifetime validations in SamlSecurityTokenHandler [2925](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2925)\n- Implements Issuer validation in SamlSecurityTokenHandler [2948](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2948)\n\n## What's Changed\n* update to next version by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2890\n* Use FixedTimeEquals in NETCore targets  by @​westin-m in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2857\n* Update System.Text.Json to 8.0.5 CVE-2024-43485 by @​msbw2 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2892\n* Update .NET 9 to RC 2 by @​msbw2 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2898\n* Validate Audience for SAML2TokenHandler with New Model by @​FuPingFranco in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2863\n* Regression tests: Issuer by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2868\n* Mark Wilson APIs as Shipped by @​westin-m in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2903\n* Add Tests for Lifetime Validation Using New Validation Model For SAML2 by @​FuPingFranco in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2906\n* Suggested changes to AudienceValidation by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2902\n* Extensibility tests: Audience by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2861\n* Added properties to ValidationResult without throwing by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2923\n* Extensibility tests: Lifetime by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2867\n* Regression tests: Issuer signing key by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2927\n* Do not serialize CaseSensitiveClaimsIdentity.SecurityToken. by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2896\n* Fix typo by @​westin-m in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2894\n* Implement and Test Audience and Lifetime validations in SamlSecurityTokenHandler with New Validation Model by @​FuPingFranco in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2925\n* Fix Flaky Tests: NameAndRoleClaimDelegates and RoleClaims by @​kellyyangsong in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2873\n* Regression tests: Signature by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2930\n* Validate Issuer Using New Validation Model in Saml2SecurityTokenHandler by @​FuPingFranco in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2929\n* Fix builds on macOS / Linux using the build.sh script by @​filipnavara in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2937\n* Regression tests: Algorithm by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2934\n* Regression tests: Token Type by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2932\n* Regression tests: Token Replay by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2931\n* Fix DevEx and IDDP builds such that when building internally, use an internal Nuget feed instead of nuget.org by @​kellyyangsong in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2936\n* Restore PopKeyResolvingTests.GetPopKeysFromJkuAsync by @​kellyyangsong in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2947\n* Restore skipped test: ReferenceCountingTest_MultiThreaded by @​kellyyangsong in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2952\n* Restore EnsureAotCompatibility test by @​kellyyangsong in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2951\n ... (truncated)\n\n## 8.1.2\n\n## What's Changed\n\n### Bug fixes\n\n* CaseSensitiveClaimsIdentity.Clone() now returns a `CaseSensitiveClaimsIdentity` as expected, by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2879\n* Multiple unused and unusable (for the moment) public APIs were removed. These were introduced by mistake leaking from the work done on logging and exception handling, by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2888\n\n### Fundamentals\n* Enabled PublicApiAnalyzers to better understand and trace changes to the public API, by @​keegan-caruso in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2782\n\n\n**Full Changelog**: https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.1.1...8.1.2\n\n## 8.1.1\n\n8.1.1\n=====\n### Bug fixes\n- Fix bug where ConfigurationManager was updating keys too frequently. See [2866](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2866) for details.\n\n## What's Changed\n* Rename validation delegates by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2847\n* Remove TransformBeforeSignatureValidationDelegate from ValidationParameters by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2848\n* Add disable discovery enumeration = true to all theory tests by @​kellyyangsong in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2849\n* Make CaseSensitiveClaimIdentity serializable by @​kellyyangsong in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2850\n* Remove Obsolete BinaryFormatter  by @​kellyyangsong in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2851\n* Refactor ValidateConditions in Saml2SecurityTokenHandler by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2855\n* Set custom BenchmarkDotNetconfig as default by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2852\n* Regression tests: Audience by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2838\n* Fix ValidateJsonWebTokenClaimMapping Flaky Test 🐞 by @​kellyyangsong in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2859\n* update current version by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2862\n* Regression tests: Lifetime by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2839\n* Rename ResolveTokenDecryptionKeyDelegate to DecryptionKeyResolverDelegate by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2869\n* Set internal _syncAfter using only AutomaticRefreshInterval. by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2865\n* 8.1.1 Changelog by @​kellyyangsong in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2864\n* Adjust for RefreshInterval not influencing AutomaticRefreshInterval. by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2870\n\n\n**Full Changelog**: https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.1.0...8.1.1\n\n## 8.1.0\n\n8.1.0\n=====\n### Performance improvements\n- Improves performance during issuer validation by replacing string comparison with span comparison. See PR [#​2826](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2826).\n\n### New features\n- Add optional check to prevent using keys that are shared across multiple clouds. See issue [#​2832](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2832) for details.\n\n### Bug fixes\n- JsonWebTokenHandler would only return unwrapped keys if there was no errors. This change is to align with the behavior in JwtSecurityTokenHandler, that is it returns the keys that were able to be unwrapped, and only throw if no keys were able to be unwrapped. See issue [#​2695](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2695) for details.\n\n### Fundamentals\n- Fix flaky tests. See [#​2793](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2793) for details.\n- Update XUnit versoin and fix test warnings due to new XUnit analyzers. See PR [#​2796](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2796) for details.\n- Onhboard to code coverage in ADO. See PR [#​2798](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2798).\n- Use `IsTargetFrameworkCompatible(*)` so AOT is forward-compatible with .NET 9 and beyond. See PR [#​2790](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2790) for details.\n- Fix a merge conflict impacting dev. See PR [#​2819](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2819).\n- Defining the following attribute in multiple assemblies (.Tokens, .Logging) causes an internal error.\n[DynamicallyAccessedMembers(DynamicallyAccessedMemberTypes.PublicConstructors)]. See PR [#​2820](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2820).\n- Remove perl dependency. See PR [#​2830](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2830).\n\n### Work related to redesign of IdentityModel's token validation logic [#​2711](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2711)\n- [#​2794](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2794)\n- [#​2800](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2800)\n- [#​2810](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2810)\n- [#​2811](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2811)\n- [#​2816](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2816)\n- [#​2822](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2822)\n- [#​2815](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2815)\n- [#​2818](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2818)\n- [#​2813](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2813)\n- [#​2827](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2827)\n\n## What's Changed\n* changelog 8.0.2 by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2792\n* Update version.props to 8.0.2 by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2791\n* Fix Async Issue in Extensibility Tests by @​FuPingFranco in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2795\n* Update xUnit version and fix test warnings by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2796\n* ValidateTokenAsync - New Path: Refactor result types by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2794\n* Onboard to code coverage in ADO by @​keegan-caruso in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2798\n* Exception refinement: Adding additional information by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2800\n* Add initial regression tests for the new validation path by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2810\n* Use IsTargetFrameworkCompatible() by @​martincostello in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2790\n* Regression tests: Added inner exception detail and invalid signature failure due to invalid algorithm used by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2811\n* Return unwrapped keys if able by @​keegan-caruso in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2812\n* New token validation path: Renamed result types by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2816\n* Fix merge conflict by @​msbw2 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2819\n* Removed attribute that causes issues with internal builds. by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2820\n* Add missing exception type to ValidationError -\u003e GetException() by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2822\n* Regression testing: Add JWE use cases by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2815\n ... (truncated)\n\n## 8.0.2\n\n8.0.2\n=====\n\n### Security fundamentals\n- Add `BannedApiAnalyzers` to prevent use of `ClaimsIdentity` constructors. See PR [#​2778](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2778) for details.\n\n### Bug fixes\n- IdentityModel now allows the JWT payload to be an empty string. See issue [#​2656](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2656) for details.\n- Cache `UseRfcDefinitionOfEpkAndKid` switch. See PR [#​2747](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2747) for details.\n- Method was named `DoNotFailOnMissingTid` in 7x and `DontFailOnMissingTid` in 8x, adding the method for back compat. See issue [#​2750](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2750) for details.\n- Metadata is now updated on a background thread. See [#​2780](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2780) for details.\n- `JsonWebKeySet` stores the original string it was created with. See PR [#​2755](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2755) for details.\n- Restore AOT compatibility. See [#​2711](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2711).\n- Fix OpenIdConnect parsing bug. See [#​2772](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2772) for details.\n- Remove the lock on creating a `SignatureProvider`. See [#​2788](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2788) for details.\n\n### Fundamentals\n- Test clean up [#​2742](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2742).\n- Use only FxCop in .NET framework targets [#​2693](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2693).\n- Add rule to add file headers automatically [#​2748](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2748).\n- Code analysis updates [#​2746](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2746).\n- Include README packages in NuGet [#​2752](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2752).\n- Update projects inside WilsonUnix solution [#​2768](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2768).\n- Code style enforced in build [#​2603](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2603).\n- CodeQL update [#​2767](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2767).\n- Update build pipeline to new one release build format [#​2777](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2777).\n- Update GitHub actions to `9.0.100-preview.7.24407.12` and add `\u003cNoWarn\u003e$(NoWarn);SYSLIB0057\u003c/NoWarn\u003e` due to breaking changes in preview7. [#​2786](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2786).\n\n### Work relating to [#​2711](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2711)\n- [#​2725](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2725), [#​2729](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2729), [#​2753](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2753), [#​2758](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2758), [#​2759](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2759), [#​2757](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2758), [#​2759](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2757), [#​2764](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2758), [#​2759](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2764), [#​2771](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2758), [#​2759](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2759), and [#​2779](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2779).\n\n\n## What's Changed\n* Remove old 6x tests used that are not needed anymore by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2742\n* Only use fxcop in netfw by @​keegan-caruso in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2693\n* Allow Jwt payload to be the empty string. by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2745\n* Add rule to add file headers automatically. by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2748\n* Remove Delegate Checks in Multiple Validators and Prevents Null Setting of Delegates by @​FuPingFranco in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2725\n* Fix CodeQL by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2746\n* Cache UseRfcDefinitionOfEpkAndKid switch. by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2747\n* Decrypt token: Remove exceptions + use new ValidationParameters by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2729\n* Include README packages in NuGet by @​localden in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2752\n* Remove internals for new work. by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2753\n* Add property named differently in 7x. by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2756\n* Remove .....\n\n_Description has been truncated_","html_url":"https://github.com/yongshuai1013/emu/pull/14","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/yongshuai1013%2Femu/issues/14","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/14/packages"}},{"old_version":"8.14.0","new_version":"8.15.0","update_type":"minor","path":null,"pr_created_at":"2026-01-28T12:45:41.000Z","version_change":"8.14.0 → 8.15.0","issue":{"uuid":"3865283178","node_id":"PR_kwDOK6sRJM6_2RD7","number":404,"state":"open","title":"Bump Microsoft.IdentityModel.JsonWebTokens from 8.14.0 to 8.15.0","user":"dependabot[bot]","labels":["dependencies",".NET"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-01-28T12:45:41.000Z","updated_at":"2026-01-28T12:46:38.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"Microsoft.IdentityModel.JsonWebTokens","old_version":"8.14.0","new_version":"8.15.0","repository_url":"https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet"}],"path":null,"ecosystem":"nuget"},"body":"Updated [Microsoft.IdentityModel.JsonWebTokens](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet) from 8.14.0 to 8.15.0.\n\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\n_Sourced from [Microsoft.IdentityModel.JsonWebTokens's releases](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/releases)._\n\n## 8.15.0\n\n## New Features\n- **Add ECDsa support in `X509SecurityKey` and `JsonWebKeyConverter.ConvertFromX509SecurityKey`**  \n  Extended `X509SecurityKey` and `JsonWebKeyConverter.ConvertFromX509SecurityKey` to support ECDSA keys.  \n  See PR [#​2377](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2377) for details.\n\n## Bug Fixes\n- **Sanitize logs to avoid leaking sensitive data**  \n  Updated logging to sanitize sensitive values, reducing the risk of inadvertently exposing secrets or PII in logs.  \n  See PR [#​3316](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3316) for details.\n- **Optimize log sanitization with `SearchValues`**  \n  Improved the performance of the log sanitization logic introduced earlier by using `SearchValues`, making sanitization more efficient in high-throughput scenarios.  \n  See PR [#​3341](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3341) for details.\n- **Update test for `IDX10400`**  \n  Adjusted the `IDX10400` test to align with the current behavior and error messaging.  \n  See PR [#​3314](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3314) for details.\n\n## Fundamentals\n- **Add supported algorithm tests**  \n  Added new tests to validate the set of supported cryptographic algorithms, increasing confidence in algorithm coverage and compatibility.  \n  See PR [#​3296](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3296) for details.\n- **Migrate repository agent rules from `.clinerules` to `agents.md`**  \n  Moved repository agent/AI-assist rules into markdown documentation to make them more visible and easier to maintain.  \n  See PR [#​3313](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3313) for details.\n- **Migrate `Microsoft.IdentityModel.TestExtensions` from Newtonsoft.Json to System.Text.Json**  \n  Updated `Microsoft.IdentityModel.TestExtensions` to use `System.Text.Json` instead of `Newtonsoft.Json`, aligning tests with the runtime serialization stack.  \n  See PR [#​3356](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3356) for details.\n- **Disable code coverage comments**  \n  Turned off automated code coverage comments on PRs to reduce noise while retaining coverage data elsewhere.  \n  See PR [#​3349](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3349) for details.\n- **Fix CodeQL alerts**  \n  Addressed CodeQL-reported issues to improve security posture and static analysis cleanliness.  \n  See PR [#​3364](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3364) for details.\n\n### .NET 10 / SDK and tooling updates\n- **Building with .NET 10 preview / RC 1**  \n  Updated the repository to build and test against .NET 10.0 preview/RC1, ensuring early compatibility with the upcoming runtime.  \n  See PRs [#​3287](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3287), [#​3357](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3357), and [#​3358](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3358) for details.\n- **Fix .NET 10 test execution consistency**  \n  Ensured consistent use of the `TargetNetNext` parameter across build, test, and pack phases so .NET 10.0 tests execute reliably.  \n  See PR [#​3337](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3337) for details.\n- **Update project files and workflows for .NET 10.0 compatibility**  \n  Adjusted project files and CI workflows to correctly target and run on .NET 10.0, including test and pack scenarios.  \n  See PR [#​3363](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3363) for details.\n- **Update .NET version to meet CG compliance**  \n  Updated the .NET version references to be compliant with corporate governance (CG) requirements.  \n  See PR [#​3353](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3353) for details.\n- **Update Coverlet collector and test SDK**  \n  - Bumped `CoverletCollectorVersion` to 6.0.4.  \n    See PR [#​3333](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3333) for details.  \n  - Upgraded `Microsoft.NET.Test.Sdk` to a newer version for improved test reliability and tooling support.  \n ... (truncated)\n\nCommits viewable in [compare view](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.14.0...8.15.0).\n\u003c/details\u003e\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=Microsoft.IdentityModel.JsonWebTokens\u0026package-manager=nuget\u0026previous-version=8.14.0\u0026new-version=8.15.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge and block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/vurhanau/csharp-spiffe/pull/404","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/vurhanau%2Fcsharp-spiffe/issues/404","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/404/packages"}},{"old_version":"8.14.0","new_version":"8.15.0","update_type":"minor","path":null,"pr_created_at":"2025-12-29T07:51:04.000Z","version_change":"8.14.0 → 8.15.0","issue":{"uuid":"3766702491","node_id":"PR_kwDOGgv1K866ygAu","number":62,"state":"open","title":"Bump Microsoft.IdentityModel.JsonWebTokens from 8.14.0 to 8.15.0","user":"dependabot[bot]","labels":["dependencies",".NET"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2025-12-29T07:51:04.000Z","updated_at":"2025-12-29T07:51:19.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"Microsoft.IdentityModel.JsonWebTokens","old_version":"8.14.0","new_version":"8.15.0","repository_url":"https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet"}],"path":null,"ecosystem":"nuget"},"body":"Updated [Microsoft.IdentityModel.JsonWebTokens](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet) from 8.14.0 to 8.15.0.\n\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\n_Sourced from [Microsoft.IdentityModel.JsonWebTokens's releases](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/releases)._\n\n## 8.15.0\n\n## New Features\n- **Add ECDsa support in `X509SecurityKey` and `JsonWebKeyConverter.ConvertFromX509SecurityKey`**  \n  Extended `X509SecurityKey` and `JsonWebKeyConverter.ConvertFromX509SecurityKey` to support ECDSA keys.  \n  See PR [#​2377](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2377) for details.\n\n## Bug Fixes\n- **Sanitize logs to avoid leaking sensitive data**  \n  Updated logging to sanitize sensitive values, reducing the risk of inadvertently exposing secrets or PII in logs.  \n  See PR [#​3316](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3316) for details.\n- **Optimize log sanitization with `SearchValues`**  \n  Improved the performance of the log sanitization logic introduced earlier by using `SearchValues`, making sanitization more efficient in high-throughput scenarios.  \n  See PR [#​3341](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3341) for details.\n- **Update test for `IDX10400`**  \n  Adjusted the `IDX10400` test to align with the current behavior and error messaging.  \n  See PR [#​3314](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3314) for details.\n\n## Fundamentals\n- **Add supported algorithm tests**  \n  Added new tests to validate the set of supported cryptographic algorithms, increasing confidence in algorithm coverage and compatibility.  \n  See PR [#​3296](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3296) for details.\n- **Migrate repository agent rules from `.clinerules` to `agents.md`**  \n  Moved repository agent/AI-assist rules into markdown documentation to make them more visible and easier to maintain.  \n  See PR [#​3313](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3313) for details.\n- **Migrate `Microsoft.IdentityModel.TestExtensions` from Newtonsoft.Json to System.Text.Json**  \n  Updated `Microsoft.IdentityModel.TestExtensions` to use `System.Text.Json` instead of `Newtonsoft.Json`, aligning tests with the runtime serialization stack.  \n  See PR [#​3356](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3356) for details.\n- **Disable code coverage comments**  \n  Turned off automated code coverage comments on PRs to reduce noise while retaining coverage data elsewhere.  \n  See PR [#​3349](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3349) for details.\n- **Fix CodeQL alerts**  \n  Addressed CodeQL-reported issues to improve security posture and static analysis cleanliness.  \n  See PR [#​3364](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3364) for details.\n\n### .NET 10 / SDK and tooling updates\n- **Building with .NET 10 preview / RC 1**  \n  Updated the repository to build and test against .NET 10.0 preview/RC1, ensuring early compatibility with the upcoming runtime.  \n  See PRs [#​3287](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3287), [#​3357](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3357), and [#​3358](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3358) for details.\n- **Fix .NET 10 test execution consistency**  \n  Ensured consistent use of the `TargetNetNext` parameter across build, test, and pack phases so .NET 10.0 tests execute reliably.  \n  See PR [#​3337](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3337) for details.\n- **Update project files and workflows for .NET 10.0 compatibility**  \n  Adjusted project files and CI workflows to correctly target and run on .NET 10.0, including test and pack scenarios.  \n  See PR [#​3363](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3363) for details.\n- **Update .NET version to meet CG compliance**  \n  Updated the .NET version references to be compliant with corporate governance (CG) requirements.  \n  See PR [#​3353](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3353) for details.\n- **Update Coverlet collector and test SDK**  \n  - Bumped `CoverletCollectorVersion` to 6.0.4.  \n    See PR [#​3333](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3333) for details.  \n  - Upgraded `Microsoft.NET.Test.Sdk` to a newer version for improved test reliability and tooling support.  \n ... (truncated)\n\nCommits viewable in [compare view](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.14.0...8.15.0).\n\u003c/details\u003e\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge and block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/data-altinn-no/plugin-banking/pull/62","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/data-altinn-no%2Fplugin-banking/issues/62","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/62/packages"}},{"old_version":"8.2.1","new_version":"8.15.0","update_type":"minor","path":null,"pr_created_at":"2025-12-03T02:02:16.000Z","version_change":"8.2.1 → 8.15.0","issue":{"uuid":"3688163963","node_id":"PR_kwDOECDtAs62uYdK","number":98,"state":"closed","title":"Bump Microsoft.IdentityModel.JsonWebTokens from 8.2.1 to 8.15.0","user":"dependabot[bot]","labels":["dependencies",".NET"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-02-16T02:25:24.000Z","author_association":null,"state_reason":null,"created_at":"2025-12-03T02:02:16.000Z","updated_at":"2026-02-16T02:25:25.000Z","time_to_close":6481388,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"Microsoft.IdentityModel.JsonWebTokens","old_version":"8.2.1","new_version":"8.15.0","repository_url":"https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet"}],"path":null,"ecosystem":"nuget"},"body":"Updated [Microsoft.IdentityModel.JsonWebTokens](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet) from 8.2.1 to 8.15.0.\n\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\n_Sourced from [Microsoft.IdentityModel.JsonWebTokens's releases](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/releases)._\n\n## 8.15.0\n\n## New Features\n- **Add ECDsa support in `X509SecurityKey` and `JsonWebKeyConverter.ConvertFromX509SecurityKey`**  \n  Extended `X509SecurityKey` and `JsonWebKeyConverter.ConvertFromX509SecurityKey` to support ECDSA keys.  \n  See PR [#​2377](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2377) for details.\n\n## Bug Fixes\n- **Sanitize logs to avoid leaking sensitive data**  \n  Updated logging to sanitize sensitive values, reducing the risk of inadvertently exposing secrets or PII in logs.  \n  See PR [#​3316](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3316) for details.\n- **Optimize log sanitization with `SearchValues`**  \n  Improved the performance of the log sanitization logic introduced earlier by using `SearchValues`, making sanitization more efficient in high-throughput scenarios.  \n  See PR [#​3341](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3341) for details.\n- **Update test for `IDX10400`**  \n  Adjusted the `IDX10400` test to align with the current behavior and error messaging.  \n  See PR [#​3314](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3314) for details.\n\n## Fundamentals\n- **Add supported algorithm tests**  \n  Added new tests to validate the set of supported cryptographic algorithms, increasing confidence in algorithm coverage and compatibility.  \n  See PR [#​3296](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3296) for details.\n- **Migrate repository agent rules from `.clinerules` to `agents.md`**  \n  Moved repository agent/AI-assist rules into markdown documentation to make them more visible and easier to maintain.  \n  See PR [#​3313](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3313) for details.\n- **Migrate `Microsoft.IdentityModel.TestExtensions` from Newtonsoft.Json to System.Text.Json**  \n  Updated `Microsoft.IdentityModel.TestExtensions` to use `System.Text.Json` instead of `Newtonsoft.Json`, aligning tests with the runtime serialization stack.  \n  See PR [#​3356](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3356) for details.\n- **Disable code coverage comments**  \n  Turned off automated code coverage comments on PRs to reduce noise while retaining coverage data elsewhere.  \n  See PR [#​3349](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3349) for details.\n- **Fix CodeQL alerts**  \n  Addressed CodeQL-reported issues to improve security posture and static analysis cleanliness.  \n  See PR [#​3364](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3364) for details.\n\n### .NET 10 / SDK and tooling updates\n- **Building with .NET 10 preview / RC 1**  \n  Updated the repository to build and test against .NET 10.0 preview/RC1, ensuring early compatibility with the upcoming runtime.  \n  See PRs [#​3287](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3287), [#​3357](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3357), and [#​3358](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3358) for details.\n- **Fix .NET 10 test execution consistency**  \n  Ensured consistent use of the `TargetNetNext` parameter across build, test, and pack phases so .NET 10.0 tests execute reliably.  \n  See PR [#​3337](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3337) for details.\n- **Update project files and workflows for .NET 10.0 compatibility**  \n  Adjusted project files and CI workflows to correctly target and run on .NET 10.0, including test and pack scenarios.  \n  See PR [#​3363](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3363) for details.\n- **Update .NET version to meet CG compliance**  \n  Updated the .NET version references to be compliant with corporate governance (CG) requirements.  \n  See PR [#​3353](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3353) for details.\n- **Update Coverlet collector and test SDK**  \n  - Bumped `CoverletCollectorVersion` to 6.0.4.  \n    See PR [#​3333](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3333) for details.  \n  - Upgraded `Microsoft.NET.Test.Sdk` to a newer version for improved test reliability and tooling support.  \n ... (truncated)\n\n## 8.14.0\n\n8.14.0\n====\n## Bug Fixes\n- Switch back to use `ValidationResult` instead of `OperationResult` when validating a token in a new experimental validation flow. Additionally removed the dependency on Microsoft.IdentityModel.Abstractions. See [#​3299](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3299) for details.\n\n## 8.13.1\n\n8.13.1\n====\n## Dependencies\nMicrosoft.IdentityModel now depends on Microsoft.Identity.Abstractions 9.3.0\n\n## Bug Fixes\n- Fixed a decompression failure happening for large JWE payloads. See [#​3286](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3286) for details.\n\n### Work related to redesign of IdentityModel's token validation logic [#​2711](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2711)\n- Update the validation methods to return Microsoft.Identity.Abstractions.OperationResult. See [#​3284](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3284) for details.\n\n8.13.0\n\n## 8.13.0\n\n8.13.0\n====\n### Fundamentals\n- `CaseSensitiveClaimsIdentity.SecurityToken` setter is now protected internal (was internal). See PR [#​3278](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3278) for details.\n- Update .NET SDK version to 9.0.108 used when building or running the code. See PR [#​3274](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3274) for details.\n- Update RsaSecurityKey.cs to replace the Pkcs1 padding by Pss from HasPrivateKey check. See [#​3280](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3280) for details.\n\n## What's Changed\n* Make CaseSensitiveClaimsIdentity.SecurityToken setter protected by @​keegan-caruso in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3278\n* Update .NET SDK version in global.json from 9.0.107 to 9.0.108 by @​Copilot in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3274\n* Update RsaSecurityKey.cs to remove Pkcs 1 by @​keegan-caruso in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3280\n* changelog for 8.13 by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3282\n\n## New Contributors\n* @​Copilot made their first contribution in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3274\n\n**Full Changelog**: https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.12.1...8.13.0\n\n## 8.12.1\n\n8.12.1\n====\n### Fundamentals\n- Update .NET SDK version to 9.0.107 used when building or running the code. See [#​3263](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3263) for details.\n- To keep our experimental code separate from production code, all files associated with experimental features have been moved to the Experimental folders. See PR [#​3261](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3261) for details.\n- Experimental code leaked into TokenValidationResult from early prototypes. See PR [#​3259](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3259) for details.\n\n## What's Changed\n* Remove experimental code from TokenValidationResult by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3259\n* Moved files to experimental folder by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3261\n* Update global.json to latest by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3263\n\n\n**Full Changelog**: https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.12.0...8.12.1\n\n## 8.12.0\n\n8.12.0\n====\n\n## New Features\n- **Enhance ConfigurationManager with event handling**  \n  Added event handling capabilities to the `ConfigurationManager`, enabling consumers to subscribe to configuration change events. This enhancement improves extensibility and allows more responsive applications. For details see [#​3253](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3253)  \n\n## Bug Fixes\n- **Add expected Base64UrlEncoder.Decode overload for NET6 and 8**  \n  Introduced the expected overload of `Base64UrlEncoder.Decode` for .NET 6 and 8, ensuring compatibility and preventing missing method issues on these frameworks.  \n  For details see [#​3249](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3249)  \n\n## Fundamentals\n- **Add AI assist rules**  \n  Incorporated AI assist rules to enhance AI agents effectiveness.  \n  For details see [#​3255](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3255)  \n- **Update PublicApiAnalyzers and BannedApiAnalyzers to 4.14.0**  \n  Upgraded analyzer packages for improved diagnostics and code consistency (in particular delegates are added).  \n  For details see [#​3256](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3256)  \n- **Move suppression of RS006 to csproj**  \n  Centralized suppression of RS006 warnings in project files for easier management.  \n  For details see [#​3230](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3230)\n\n## What's Changed\n* Move suppression of RS006 to csproj. by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3230\n* Add expected Base64UrlEncoder.Decode overload for NET6 and 8 by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3250\n* add ai assist rules by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3255\n* Enhance ConfigurationManager with event handling by @​GeoK in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3254\n* Update PublicApiAnalyzers and BannedApiAnalyzers to 4.14.0 by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3256\n* Update CHANGELOG.md for 8.12.0 by @​jmprieur in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3258\n\n\n**Full Changelog**: https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.11.0...8.12.0\n\n## 8.11.0\n\n8.11.0\n=====\n## New Features:\n- Microsoft.IdentityModel now exposes the AadIssuerValidator factory method publicly to enable caching functionality for AadIssuerValidator instances. See issue [#​3245](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3245) for details.\n- Added a new public async API: `JsonWebTokenHandler.DecryptTokenWithConfigurationAsync`, which decrypts a JWE token using keys from either `TokenValidationParameters` or, if not present, from configuration (such as via a ConfigurationManager). This enhancement improves developer experience by enabling asynchronous, cancellation-aware JWE decryption scenarios, aligning with modern .NET async patterns and making integration with external key/configuration sources more robust and observable. See PR [#​3243](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3243) for details.\n\n## What's Changed\n* few updates by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3242\n* Changelog for 8.10.0 by @​sruke in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3241\n* Exposes publicly override of AadIssuerValidator factory taking a delegate by @​jmprieur in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3244\n* update current version to 8.10.0 by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3246\n* Add DecryptTokenWithConfiguration API by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3243\n* changelog for 8.11 by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3248\n\n\n**Full Changelog**: https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.10.0...8.11.0\n\n## 8.10.0\n\n8.10.0\n=====\n## Bug Fixes\n- Corrected casing of the Type attribute in SubjectConfirmationData. See [#​3206](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3206).\n- Removed Microsoft.Bcl.Memory dependency for pre-.NET 9.0 targets. See [#​3220](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/commit/33784b8ec0ff4300efad788535f90b3adc5bdfd1).\n- Aligned Microsoft.Extensions.Logging.Abstractions version to 8.0.0 for .NET 9 to match other targets. See [#​3226](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/commit/793bd34e945eb8ba7528cf87c4a29a29c4704a65).\n\n## Fundamentals\n- Introduced Long-Term Support (LTS) policy. See [#​3228](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/commit/946bec18cdeb26b8133a04e8c056dd5f17588f89) and [#​3232](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/commit/14842aedb3d57c32b9ce784061cd9beccbdd1eb1).\n\n## 8.9.0\n\n8.9.0\n=====\n## Bug Fixes\n- syncAfter has been updated to preserve UTC information, addressing a bug where GetConfigurationAsync does not refresh configuration in ConfigurationManager. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3213.\n- Fixed a null reference issue in KeyInfo. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3203.\n\n## New Features\n- Introduced a new delegate for reading custom token payload values on JsonWebToken. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2981.\n- Added an overload for ReadJsonWebToken to take a ReadOnlyMemory. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3205.\n\n## Fundamentals\n- Utilized IList to avoid enumerator allocation during audience validation. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3204.\n\n## 8.8.0\n\n8.8.0\n=====\n## New Features\n- Adds the ability for the metadata refresh to be done as a blocking call, as per 8.0.1 behavior. This is done through the `Switch.Microsoft.IdentityModel.UpdateConfigAsBlocking` switch. If set, configuration calls will be blocking when metadata is updated, otherwise, if token arrive with a new signing keys, validation errors will be returned to the caller. See PR [#​3193](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3193) for details.\n- Identity.Model updates some log and error messages (IDX10214, IDX10215). If the information is needed for debugging purposes, it can be reverted via the `Switch.Microsoft.IdentityModel.DoNotScrubExceptions` AppContextSwitch. See PR [#​3195](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3195) and https://aka.ms/identitymodel/app-context-switches for details.\n- Change all plain object locks to `System.Thread.Lock` objects for .NET 9 or greater. See PRs [#​3185](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3185) and [#​3189](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3189) for details.\n\n\n## 8.7.0\n\n## Bug Fixes\n- Add back internal methods `IsRecoverableException` and `IsRecoverableExceptionType` whose signatures were changed in the previous version. See [#​3181](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3181).\n\n## New Features\n- Make `Cnf` class public and move it to Microsoft.IdentityModel.Tokens package. See [#​3165](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3165).\n\n## What's Changed\n* Post Release 8.6.1 cleanup  by @​mdchennu in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3160\n* Updates CodeQL.yaml to exclude test files by @​sruke in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3163\n* Adds explanation for CodeQL warnings by @​sruke in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3167\n* Fix typo by @​rstm-sf in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3175\n* Need to change the locks by @​JoshLozensky in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3171\n* Move CNF from SHR to M.IM.Tokens by @​keegan-caruso in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3168\n* Add back IsRecoverableException methods. by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3183\n* Revert \"Need to change the locks\" by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3186\n* 8.7.0 changelog by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3184\n\n## New Contributors\n* @​rstm-sf made their first contribution in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3175\n\n**Full Changelog**: https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.6.1...8.7.0\n\n## 8.6.1\n\n8.6.1\n=====\n## Bug fix\n- Microsoft.IdentityModel now triggers a configuration refresh if token decryption fails. See issue [#​3148](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3148) for details.\n- Fix a bug in `JsonWebTokenHandler` where `JwtTokenDecryptionParameters`'s `Alg` and `Enc` were not set during token decryption, causing `IDX10611` and `IDX10619` errors to show null values in the messages. See issue [#​3003](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3003) for details.\n\n## Fundamentals\n- For development, IdentityModel now has a global.json file to specify the .NET SDK version. See issue [#​2995](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2995) for details.\n\n## What's Changed\n* Update version.props to next version by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3145\n* Update the public API shipped files by @​jmprieur in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3146\n* Add global.json file by @​mdchennu in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3153\n* Trigger metadata refresh for token decryption errors by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3149\n* Populate error messages correctly from JwtTokenUtilities.DecryptJwtToken by @​ksaaf in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3152\n* first changelog update by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3156\n\n## New Contributors\n* @​mdchennu made their first contribution in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3153\n* @​ksaaf made their first contribution in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3152\n\n**Full Changelog**: https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.6.0...8.6.1\n\n## 8.6.0\n\n8.6.0\n=====\n## New Features\n- TokenValidationParameters has a new boolean property `TryAllDecryptionKeys` that let you choose whether to try all decrypt keys when no key matches the token decrypt key IDs. By default it's set to **true** (legacy behavior) but you can set it to false to avoid tyring all keys which is more performant. See [#​3128](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3128)\n- Promote KeyInfo.MatchesKey from internal to protected internal virtual to enable SAML extensibility (for CoreWcf). See [#​3140](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3140)\n\n## Fundamentals\n* Update dependency on Microsoft.Extensions.Logging.Abstractions from 9.0.0 to 8.0.2 to avoid package downgrade in apps on .NET 9 using a netstandard2.0 library referencing logging.abstractions. See [3143](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3143)\n* Add more tests for encrypted tokens. See [#​3139](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3139)\n\n## What's Changed\n* Update CHANGELOG.md by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3133\n* Update version.props to next version by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3137\n* Add TryAllDecryptionKeys flag to whether decrypt if no key IDs match by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3128\n* Change KeyInfo.MatchesKey from internal to protected internal virtual. by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3140\n* Fix #​3112 by @​jmprieur in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3143\n* Add more auto-decryption related tests by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3139\n* Update changelog.md for 8.6.0 by @​jmprieur in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3144\n\n\n**Full Changelog**: https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.5.0...8.6.0\n\n## 8.5.0\n\n8.5.0\n=====\n## Reverting previous breaking change\n- The Configuration Manager has been reverted to version 8.3.1. The changes made in 8.4.0 assume the configuration manager is used as a singleton, which is similar to marking the type as disposable. We have since learned that [adding IDisposable is a breaking change](https://learn.microsoft.com/en-us/dotnet/fundamentals/runtime-libraries/system-idisposable), so we are following [semver guidance](https://semver.org/#what-do-i-do-if-i-accidentally-release-a-backward-incompatible-change-as-a-minor-version) and reverting and releasing a minor version (8.5.0).\n- Cherry-picked Changes: Included changes from PR [#​3022](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3022) and [#​3104](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3104).\n\n## What's Changed\n* Update version.props by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3126\n* fix formatting error by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3134\n* Revert configuration manager to 8.3.1 by @​keegan-caruso in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3132\n\n\n**Full Changelog**: https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.4.0...8.5.0\n\n## 8.4.0\n\n8.4.0\n=====\n## New Features\n- App context switch allows blocking or non-blocking calls for configuration. See PR [#​3106](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3106) for details and issue [#​3082](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3082) for details. If you are not using the ConfigurationManager as a singleton and not using the blocking option, you may need to call ShutdownBackgroundTask() to stop the background task to avoid leaking Tasks.\n- IdentityModel now enables symmetric and asymmetric keys to be created publicly with JWK. See [#​3094](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3094) for details.\n- IdentityModel now allows specifying the HTTP protocol version and version policy. See [#​2808](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2808) for details.\n\n## Repair items\n- Add request count and duration telemetry for configuration requests. See [#​3022](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3022) for details.\n- `KeyID` should be present in exception messages and is no longer PII. See [#​3104](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3104) for details.\n\n## Fundamentals\n- Fix spelling issues in xml comments. See [#​3117](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3117) for details.\n- Fix comment coverage in PR builds. See [#​3079](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3079) for details.\n\n### Work related to redesign of IdentityModel's token validation logic [#​2711](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2711)\n- See [#​3056](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3056). [#​3100](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3100), [#​3017](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3107), and [#​3111](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3111).\n- Add internal virtual on TokenHandler. See [#​3084](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3084) for details.\n\n* @​prochnowc made their first contribution in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2809\n\n## 8.3.1\n\n8.3.1\n=====\n## Bug Fixes\n* Respect TVP.RequireAudience when set to false. See [#​3055](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3055)\n* For net4.6.2 select RSACng for PSS support. See [#​3097](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3097)\n* Fix package downgrade in consuming libraries. See[#​3062](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3062)\n* Fix integer overflow in `AuthenticationEncryptionProvider.cs`. See [#​3063](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3063)\n\n## Fundamentals\n* Removed unused property on JsonWebToken ClaimsIdentity. See [#​3071](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3071) for details.\n* Upgrade to C# 13. See [#​2998](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2998)\n* Use new Base64Url API. See [#​22817](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2817)\n* Add warning quality check. See [#​3067](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3067)\n* Update dotnet actions. see [#​3074](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3074)\n* Fix warnings. See [#​3081](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3081)\n* Test updates in JsonWebToken. See [#​3080](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3080).\n\n### Work related to redesign of IdentityModel's token validation logic [#​2711](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2711)\n- [#​3027](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3027), [#​3028](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3028), [#​3051](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3051), [#​3054](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3054)\n\n## What's Changed\n* Update CHANGELOG.md by @​jmprieur in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3053\n* Extensibility tests: Audience - JWT, SAML and SAML2 by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3027\n* Extensibility tests: Lifetime - JWT, SAML and SAML2 by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3028\n* Implement lazy ClaimsIdentity creation from ValidatedToken on SAML and SAML2 on the new validation model by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3051\n* Add logging to the new validation model by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3054\n* update version by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3057\n* lower version to avoid downgrades. by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3058\n* Respect TVP.RequireAudience when set to false by @​kllysng in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3055\n* Fix package downgrade in consuming libraries by @​jmprieur in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3062\n* Add slnf for running perf and stress tests by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3066\n* Add Warning Quality Check Build Task 🔨 by @​kllysng in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3067\n* Update template-Build-run-tests-sign.yml by @​ciaozhang in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3069\n* Removed unused property on JsonWebToken by @​keegan-caruso in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3072\n* Update setup dotnet actions by @​keegan-caruso in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3074\n* fixed #​2983 and re-add code coverage comments to PRs by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3076\n* Remove duplicate keyid into var keysAttempted by @​bdapoigny in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2899\n* Upgrade to C# 13 by @​westin-m in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2998\n* Use new Base64Url API by @​msbw2 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2817\n* Update common.props by @​ciaozhang in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3078\n* fix warnings by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3081\n* Fixed integer overflow in AuthenticatedEncryptionProvider.cs by @​gparametr in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3063\n* Test updates by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3080\n* For net4.6.2 select RSACng for PSS support. by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3085\n* changelog for 8.3.1 by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3098\n\n## New Contributors\n* @​bdapoigny made their first contribution in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2899\n* @​gparametr made their first contribution in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3063\n\n ... (truncated)\n\n## 8.3.0\n\n## New features\n\n### Work related to redesign of IdentityModel's token validation logic [#​2711](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2711)\n* SAML and SAML2 new model validation: Token Replay. See [#​2994](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2994)\n* Extensibility tests: Token Type - JWT ([#​3030](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3030)), Issuer - SAML and SAML2 ([#​3026](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3026)), Algorithm and Signature - JWT, SAML and SAML2 ([#​3034](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3034)), Token Replay - JWT, SAML and SAML2 ([#​3032](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3032)),  Issuer signing key - JWT, SAML and SAML2 ([#​3029](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/302))\n* Avoid code duplication in extensibility testing. See [#​3041](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3041)\n* Extensibility Testing: Refactor. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3011\n* Remove duplicate code in extensibility tests. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3044\n\n## Bug fixes\n* Fix bug with AadIssuerValidator. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3042\n* Fixed SignedHttpRequest flaky test. See [#​3037](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3037)\n \n## Fundamentals\n* Install all .NET versions in pipeline to fix run tests task. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3018\n* Changelog for 8.2.1. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3009\n* Remove unnecessary AoT test project. See in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3045\n* Fix powershell script for nuget update. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3046\n* Update to next version. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3010\n* Disable Coverage PR comments. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3048\n* Updates GitHub Action to support long paths, See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3049\n* Stack parameters to improve reading of code. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3031\n\n## New Contributors\n* @​ssmelov made their first contribution in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3042\n\n**Full Changelog**: https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.2.1...8.3.0\n\nCommits viewable in [compare view](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.2.1...8.15.0).\n\u003c/details\u003e\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=Microsoft.IdentityModel.JsonWebTokens\u0026package-manager=nuget\u0026previous-version=8.2.1\u0026new-version=8.15.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge and block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/NosCoreIO/NosCore.ParserInputGenerator/pull/98","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/NosCoreIO%2FNosCore.ParserInputGenerator/issues/98","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/98/packages"}},{"old_version":"8.14.0","new_version":"8.15.0","update_type":"minor","path":null,"pr_created_at":"2025-12-01T05:54:22.000Z","version_change":"8.14.0 → 8.15.0","issue":{"uuid":"3679366705","node_id":"PR_kwDOJK_jZs62Qm5m","number":211,"state":"closed","title":"Bump Microsoft.IdentityModel.JsonWebTokens from 8.14.0 to 8.15.0","user":"dependabot[bot]","labels":["dependencies",".NET"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2025-12-01T05:57:44.000Z","author_association":null,"state_reason":null,"created_at":"2025-12-01T05:54:22.000Z","updated_at":"2025-12-01T05:57:46.000Z","time_to_close":202,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"Microsoft.IdentityModel.JsonWebTokens","old_version":"8.14.0","new_version":"8.15.0","repository_url":"https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet"}],"path":null,"ecosystem":"nuget"},"body":"Updated [Microsoft.IdentityModel.JsonWebTokens](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet) from 8.14.0 to 8.15.0.\n\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\n_Sourced from [Microsoft.IdentityModel.JsonWebTokens's releases](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/releases)._\n\n## 8.15.0\n\n## New Features\n- **Add ECDsa support in `X509SecurityKey` and `JsonWebKeyConverter.ConvertFromX509SecurityKey`**  \n  Extended `X509SecurityKey` and `JsonWebKeyConverter.ConvertFromX509SecurityKey` to support ECDSA keys.  \n  See PR [#​2377](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2377) for details.\n\n## Bug Fixes\n- **Sanitize logs to avoid leaking sensitive data**  \n  Updated logging to sanitize sensitive values, reducing the risk of inadvertently exposing secrets or PII in logs.  \n  See PR [#​3316](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3316) for details.\n- **Optimize log sanitization with `SearchValues`**  \n  Improved the performance of the log sanitization logic introduced earlier by using `SearchValues`, making sanitization more efficient in high-throughput scenarios.  \n  See PR [#​3341](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3341) for details.\n- **Update test for `IDX10400`**  \n  Adjusted the `IDX10400` test to align with the current behavior and error messaging.  \n  See PR [#​3314](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3314) for details.\n\n## Fundamentals\n- **Add supported algorithm tests**  \n  Added new tests to validate the set of supported cryptographic algorithms, increasing confidence in algorithm coverage and compatibility.  \n  See PR [#​3296](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3296) for details.\n- **Migrate repository agent rules from `.clinerules` to `agents.md`**  \n  Moved repository agent/AI-assist rules into markdown documentation to make them more visible and easier to maintain.  \n  See PR [#​3313](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3313) for details.\n- **Migrate `Microsoft.IdentityModel.TestExtensions` from Newtonsoft.Json to System.Text.Json**  \n  Updated `Microsoft.IdentityModel.TestExtensions` to use `System.Text.Json` instead of `Newtonsoft.Json`, aligning tests with the runtime serialization stack.  \n  See PR [#​3356](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3356) for details.\n- **Disable code coverage comments**  \n  Turned off automated code coverage comments on PRs to reduce noise while retaining coverage data elsewhere.  \n  See PR [#​3349](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3349) for details.\n- **Fix CodeQL alerts**  \n  Addressed CodeQL-reported issues to improve security posture and static analysis cleanliness.  \n  See PR [#​3364](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3364) for details.\n\n### .NET 10 / SDK and tooling updates\n- **Building with .NET 10 preview / RC 1**  \n  Updated the repository to build and test against .NET 10.0 preview/RC1, ensuring early compatibility with the upcoming runtime.  \n  See PRs [#​3287](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3287), [#​3357](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3357), and [#​3358](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3358) for details.\n- **Fix .NET 10 test execution consistency**  \n  Ensured consistent use of the `TargetNetNext` parameter across build, test, and pack phases so .NET 10.0 tests execute reliably.  \n  See PR [#​3337](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3337) for details.\n- **Update project files and workflows for .NET 10.0 compatibility**  \n  Adjusted project files and CI workflows to correctly target and run on .NET 10.0, including test and pack scenarios.  \n  See PR [#​3363](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3363) for details.\n- **Update .NET version to meet CG compliance**  \n  Updated the .NET version references to be compliant with corporate governance (CG) requirements.  \n  See PR [#​3353](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3353) for details.\n- **Update Coverlet collector and test SDK**  \n  - Bumped `CoverletCollectorVersion` to 6.0.4.  \n    See PR [#​3333](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3333) for details.  \n  - Upgraded `Microsoft.NET.Test.Sdk` to a newer version for improved test reliability and tooling support.  \n ... (truncated)\n\nCommits viewable in [compare view](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.14.0...8.15.0).\n\u003c/details\u003e\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=Microsoft.IdentityModel.JsonWebTokens\u0026package-manager=nuget\u0026previous-version=8.14.0\u0026new-version=8.15.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge and block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/iigo-panel/iigo-panel/pull/211","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/iigo-panel%2Fiigo-panel/issues/211","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/211/packages"}},{"old_version":"8.0.1","new_version":"8.14.0","update_type":"minor","path":null,"pr_created_at":"2025-11-27T12:09:53.000Z","version_change":"8.0.1 → 8.14.0","issue":{"uuid":"3671187299","node_id":"PR_kwDOFSoY7M6113oS","number":465,"state":"closed","title":"Bump Microsoft.IdentityModel.JsonWebTokens from 8.0.1 to 8.14.0","user":"dependabot[bot]","labels":["dependencies",".NET"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2025-11-28T02:13:33.000Z","author_association":null,"state_reason":null,"created_at":"2025-11-27T12:09:53.000Z","updated_at":"2025-11-28T02:13:35.000Z","time_to_close":50620,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"Microsoft.IdentityModel.JsonWebTokens","old_version":"8.0.1","new_version":"8.14.0","repository_url":"https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet"}],"path":null,"ecosystem":"nuget"},"body":"Updated [Microsoft.IdentityModel.JsonWebTokens](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet) from 8.0.1 to 8.14.0.\n\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\n_Sourced from [Microsoft.IdentityModel.JsonWebTokens's releases](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/releases)._\n\n## 8.14.0\n\n8.14.0\n====\n## Bug Fixes\n- Switch back to use `ValidationResult` instead of `OperationResult` when validating a token in a new experimental validation flow. Additionally removed the dependency on Microsoft.IdentityModel.Abstractions. See [#​3299](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3299) for details.\n\n## 8.13.1\n\n8.13.1\n====\n## Dependencies\nMicrosoft.IdentityModel now depends on Microsoft.Identity.Abstractions 9.3.0\n\n## Bug Fixes\n- Fixed a decompression failure happening for large JWE payloads. See [#​3286](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3286) for details.\n\n### Work related to redesign of IdentityModel's token validation logic [#​2711](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2711)\n- Update the validation methods to return Microsoft.Identity.Abstractions.OperationResult. See [#​3284](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3284) for details.\n\n8.13.0\n\n## 8.13.0\n\n8.13.0\n====\n### Fundamentals\n- `CaseSensitiveClaimsIdentity.SecurityToken` setter is now protected internal (was internal). See PR [#​3278](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3278) for details.\n- Update .NET SDK version to 9.0.108 used when building or running the code. See PR [#​3274](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3274) for details.\n- Update RsaSecurityKey.cs to replace the Pkcs1 padding by Pss from HasPrivateKey check. See [#​3280](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3280) for details.\n\n## What's Changed\n* Make CaseSensitiveClaimsIdentity.SecurityToken setter protected by @​keegan-caruso in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3278\n* Update .NET SDK version in global.json from 9.0.107 to 9.0.108 by @​Copilot in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3274\n* Update RsaSecurityKey.cs to remove Pkcs 1 by @​keegan-caruso in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3280\n* changelog for 8.13 by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3282\n\n## New Contributors\n* @​Copilot made their first contribution in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3274\n\n**Full Changelog**: https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.12.1...8.13.0\n\n## 8.12.1\n\n8.12.1\n====\n### Fundamentals\n- Update .NET SDK version to 9.0.107 used when building or running the code. See [#​3263](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3263) for details.\n- To keep our experimental code separate from production code, all files associated with experimental features have been moved to the Experimental folders. See PR [#​3261](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3261) for details.\n- Experimental code leaked into TokenValidationResult from early prototypes. See PR [#​3259](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3259) for details.\n\n## What's Changed\n* Remove experimental code from TokenValidationResult by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3259\n* Moved files to experimental folder by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3261\n* Update global.json to latest by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3263\n\n\n**Full Changelog**: https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.12.0...8.12.1\n\n## 8.12.0\n\n8.12.0\n====\n\n## New Features\n- **Enhance ConfigurationManager with event handling**  \n  Added event handling capabilities to the `ConfigurationManager`, enabling consumers to subscribe to configuration change events. This enhancement improves extensibility and allows more responsive applications. For details see [#​3253](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3253)  \n\n## Bug Fixes\n- **Add expected Base64UrlEncoder.Decode overload for NET6 and 8**  \n  Introduced the expected overload of `Base64UrlEncoder.Decode` for .NET 6 and 8, ensuring compatibility and preventing missing method issues on these frameworks.  \n  For details see [#​3249](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3249)  \n\n## Fundamentals\n- **Add AI assist rules**  \n  Incorporated AI assist rules to enhance AI agents effectiveness.  \n  For details see [#​3255](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3255)  \n- **Update PublicApiAnalyzers and BannedApiAnalyzers to 4.14.0**  \n  Upgraded analyzer packages for improved diagnostics and code consistency (in particular delegates are added).  \n  For details see [#​3256](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3256)  \n- **Move suppression of RS006 to csproj**  \n  Centralized suppression of RS006 warnings in project files for easier management.  \n  For details see [#​3230](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3230)\n\n## What's Changed\n* Move suppression of RS006 to csproj. by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3230\n* Add expected Base64UrlEncoder.Decode overload for NET6 and 8 by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3250\n* add ai assist rules by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3255\n* Enhance ConfigurationManager with event handling by @​GeoK in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3254\n* Update PublicApiAnalyzers and BannedApiAnalyzers to 4.14.0 by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3256\n* Update CHANGELOG.md for 8.12.0 by @​jmprieur in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3258\n\n\n**Full Changelog**: https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.11.0...8.12.0\n\n## 8.11.0\n\n8.11.0\n=====\n## New Features:\n- Microsoft.IdentityModel now exposes the AadIssuerValidator factory method publicly to enable caching functionality for AadIssuerValidator instances. See issue [#​3245](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3245) for details.\n- Added a new public async API: `JsonWebTokenHandler.DecryptTokenWithConfigurationAsync`, which decrypts a JWE token using keys from either `TokenValidationParameters` or, if not present, from configuration (such as via a ConfigurationManager). This enhancement improves developer experience by enabling asynchronous, cancellation-aware JWE decryption scenarios, aligning with modern .NET async patterns and making integration with external key/configuration sources more robust and observable. See PR [#​3243](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3243) for details.\n\n## What's Changed\n* few updates by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3242\n* Changelog for 8.10.0 by @​sruke in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3241\n* Exposes publicly override of AadIssuerValidator factory taking a delegate by @​jmprieur in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3244\n* update current version to 8.10.0 by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3246\n* Add DecryptTokenWithConfiguration API by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3243\n* changelog for 8.11 by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3248\n\n\n**Full Changelog**: https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.10.0...8.11.0\n\n## 8.10.0\n\n8.10.0\n=====\n## Bug Fixes\n- Corrected casing of the Type attribute in SubjectConfirmationData. See [#​3206](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3206).\n- Removed Microsoft.Bcl.Memory dependency for pre-.NET 9.0 targets. See [#​3220](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/commit/33784b8ec0ff4300efad788535f90b3adc5bdfd1).\n- Aligned Microsoft.Extensions.Logging.Abstractions version to 8.0.0 for .NET 9 to match other targets. See [#​3226](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/commit/793bd34e945eb8ba7528cf87c4a29a29c4704a65).\n\n## Fundamentals\n- Introduced Long-Term Support (LTS) policy. See [#​3228](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/commit/946bec18cdeb26b8133a04e8c056dd5f17588f89) and [#​3232](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/commit/14842aedb3d57c32b9ce784061cd9beccbdd1eb1).\n\n## 8.9.0\n\n8.9.0\n=====\n## Bug Fixes\n- syncAfter has been updated to preserve UTC information, addressing a bug where GetConfigurationAsync does not refresh configuration in ConfigurationManager. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3213.\n- Fixed a null reference issue in KeyInfo. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3203.\n\n## New Features\n- Introduced a new delegate for reading custom token payload values on JsonWebToken. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2981.\n- Added an overload for ReadJsonWebToken to take a ReadOnlyMemory. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3205.\n\n## Fundamentals\n- Utilized IList to avoid enumerator allocation during audience validation. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3204.\n\n## 8.8.0\n\n8.8.0\n=====\n## New Features\n- Adds the ability for the metadata refresh to be done as a blocking call, as per 8.0.1 behavior. This is done through the `Switch.Microsoft.IdentityModel.UpdateConfigAsBlocking` switch. If set, configuration calls will be blocking when metadata is updated, otherwise, if token arrive with a new signing keys, validation errors will be returned to the caller. See PR [#​3193](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3193) for details.\n- Identity.Model updates some log and error messages (IDX10214, IDX10215). If the information is needed for debugging purposes, it can be reverted via the `Switch.Microsoft.IdentityModel.DoNotScrubExceptions` AppContextSwitch. See PR [#​3195](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3195) and https://aka.ms/identitymodel/app-context-switches for details.\n- Change all plain object locks to `System.Thread.Lock` objects for .NET 9 or greater. See PRs [#​3185](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3185) and [#​3189](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3189) for details.\n\n\n## 8.7.0\n\n## Bug Fixes\n- Add back internal methods `IsRecoverableException` and `IsRecoverableExceptionType` whose signatures were changed in the previous version. See [#​3181](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3181).\n\n## New Features\n- Make `Cnf` class public and move it to Microsoft.IdentityModel.Tokens package. See [#​3165](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3165).\n\n## What's Changed\n* Post Release 8.6.1 cleanup  by @​mdchennu in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3160\n* Updates CodeQL.yaml to exclude test files by @​sruke in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3163\n* Adds explanation for CodeQL warnings by @​sruke in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3167\n* Fix typo by @​rstm-sf in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3175\n* Need to change the locks by @​JoshLozensky in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3171\n* Move CNF from SHR to M.IM.Tokens by @​keegan-caruso in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3168\n* Add back IsRecoverableException methods. by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3183\n* Revert \"Need to change the locks\" by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3186\n* 8.7.0 changelog by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3184\n\n## New Contributors\n* @​rstm-sf made their first contribution in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3175\n\n**Full Changelog**: https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.6.1...8.7.0\n\n## 8.6.1\n\n8.6.1\n=====\n## Bug fix\n- Microsoft.IdentityModel now triggers a configuration refresh if token decryption fails. See issue [#​3148](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3148) for details.\n- Fix a bug in `JsonWebTokenHandler` where `JwtTokenDecryptionParameters`'s `Alg` and `Enc` were not set during token decryption, causing `IDX10611` and `IDX10619` errors to show null values in the messages. See issue [#​3003](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3003) for details.\n\n## Fundamentals\n- For development, IdentityModel now has a global.json file to specify the .NET SDK version. See issue [#​2995](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2995) for details.\n\n## What's Changed\n* Update version.props to next version by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3145\n* Update the public API shipped files by @​jmprieur in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3146\n* Add global.json file by @​mdchennu in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3153\n* Trigger metadata refresh for token decryption errors by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3149\n* Populate error messages correctly from JwtTokenUtilities.DecryptJwtToken by @​ksaaf in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3152\n* first changelog update by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3156\n\n## New Contributors\n* @​mdchennu made their first contribution in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3153\n* @​ksaaf made their first contribution in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3152\n\n**Full Changelog**: https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.6.0...8.6.1\n\n## 8.6.0\n\n8.6.0\n=====\n## New Features\n- TokenValidationParameters has a new boolean property `TryAllDecryptionKeys` that let you choose whether to try all decrypt keys when no key matches the token decrypt key IDs. By default it's set to **true** (legacy behavior) but you can set it to false to avoid tyring all keys which is more performant. See [#​3128](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3128)\n- Promote KeyInfo.MatchesKey from internal to protected internal virtual to enable SAML extensibility (for CoreWcf). See [#​3140](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3140)\n\n## Fundamentals\n* Update dependency on Microsoft.Extensions.Logging.Abstractions from 9.0.0 to 8.0.2 to avoid package downgrade in apps on .NET 9 using a netstandard2.0 library referencing logging.abstractions. See [3143](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3143)\n* Add more tests for encrypted tokens. See [#​3139](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3139)\n\n## What's Changed\n* Update CHANGELOG.md by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3133\n* Update version.props to next version by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3137\n* Add TryAllDecryptionKeys flag to whether decrypt if no key IDs match by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3128\n* Change KeyInfo.MatchesKey from internal to protected internal virtual. by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3140\n* Fix #​3112 by @​jmprieur in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3143\n* Add more auto-decryption related tests by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3139\n* Update changelog.md for 8.6.0 by @​jmprieur in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3144\n\n\n**Full Changelog**: https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.5.0...8.6.0\n\n## 8.5.0\n\n8.5.0\n=====\n## Reverting previous breaking change\n- The Configuration Manager has been reverted to version 8.3.1. The changes made in 8.4.0 assume the configuration manager is used as a singleton, which is similar to marking the type as disposable. We have since learned that [adding IDisposable is a breaking change](https://learn.microsoft.com/en-us/dotnet/fundamentals/runtime-libraries/system-idisposable), so we are following [semver guidance](https://semver.org/#what-do-i-do-if-i-accidentally-release-a-backward-incompatible-change-as-a-minor-version) and reverting and releasing a minor version (8.5.0).\n- Cherry-picked Changes: Included changes from PR [#​3022](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3022) and [#​3104](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3104).\n\n## What's Changed\n* Update version.props by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3126\n* fix formatting error by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3134\n* Revert configuration manager to 8.3.1 by @​keegan-caruso in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3132\n\n\n**Full Changelog**: https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.4.0...8.5.0\n\n## 8.4.0\n\n8.4.0\n=====\n## New Features\n- App context switch allows blocking or non-blocking calls for configuration. See PR [#​3106](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3106) for details and issue [#​3082](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3082) for details. If you are not using the ConfigurationManager as a singleton and not using the blocking option, you may need to call ShutdownBackgroundTask() to stop the background task to avoid leaking Tasks.\n- IdentityModel now enables symmetric and asymmetric keys to be created publicly with JWK. See [#​3094](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3094) for details.\n- IdentityModel now allows specifying the HTTP protocol version and version policy. See [#​2808](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2808) for details.\n\n## Repair items\n- Add request count and duration telemetry for configuration requests. See [#​3022](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3022) for details.\n- `KeyID` should be present in exception messages and is no longer PII. See [#​3104](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3104) for details.\n\n## Fundamentals\n- Fix spelling issues in xml comments. See [#​3117](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3117) for details.\n- Fix comment coverage in PR builds. See [#​3079](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3079) for details.\n\n### Work related to redesign of IdentityModel's token validation logic [#​2711](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2711)\n- See [#​3056](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3056). [#​3100](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3100), [#​3017](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3107), and [#​3111](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3111).\n- Add internal virtual on TokenHandler. See [#​3084](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3084) for details.\n\n* @​prochnowc made their first contribution in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2809\n\n## 8.3.1\n\n8.3.1\n=====\n## Bug Fixes\n* Respect TVP.RequireAudience when set to false. See [#​3055](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3055)\n* For net4.6.2 select RSACng for PSS support. See [#​3097](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3097)\n* Fix package downgrade in consuming libraries. See[#​3062](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3062)\n* Fix integer overflow in `AuthenticationEncryptionProvider.cs`. See [#​3063](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3063)\n\n## Fundamentals\n* Removed unused property on JsonWebToken ClaimsIdentity. See [#​3071](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3071) for details.\n* Upgrade to C# 13. See [#​2998](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2998)\n* Use new Base64Url API. See [#​22817](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2817)\n* Add warning quality check. See [#​3067](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3067)\n* Update dotnet actions. see [#​3074](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3074)\n* Fix warnings. See [#​3081](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3081)\n* Test updates in JsonWebToken. See [#​3080](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3080).\n\n### Work related to redesign of IdentityModel's token validation logic [#​2711](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2711)\n- [#​3027](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3027), [#​3028](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3028), [#​3051](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3051), [#​3054](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3054)\n\n## What's Changed\n* Update CHANGELOG.md by @​jmprieur in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3053\n* Extensibility tests: Audience - JWT, SAML and SAML2 by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3027\n* Extensibility tests: Lifetime - JWT, SAML and SAML2 by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3028\n* Implement lazy ClaimsIdentity creation from ValidatedToken on SAML and SAML2 on the new validation model by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3051\n* Add logging to the new validation model by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3054\n* update version by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3057\n* lower version to avoid downgrades. by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3058\n* Respect TVP.RequireAudience when set to false by @​kllysng in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3055\n* Fix package downgrade in consuming libraries by @​jmprieur in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3062\n* Add slnf for running perf and stress tests by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3066\n* Add Warning Quality Check Build Task 🔨 by @​kllysng in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3067\n* Update template-Build-run-tests-sign.yml by @​ciaozhang in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3069\n* Removed unused property on JsonWebToken by @​keegan-caruso in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3072\n* Update setup dotnet actions by @​keegan-caruso in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3074\n* fixed #​2983 and re-add code coverage comments to PRs by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3076\n* Remove duplicate keyid into var keysAttempted by @​bdapoigny in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2899\n* Upgrade to C# 13 by @​westin-m in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2998\n* Use new Base64Url API by @​msbw2 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2817\n* Update common.props by @​ciaozhang in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3078\n* fix warnings by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3081\n* Fixed integer overflow in AuthenticatedEncryptionProvider.cs by @​gparametr in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3063\n* Test updates by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3080\n* For net4.6.2 select RSACng for PSS support. by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3085\n* changelog for 8.3.1 by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3098\n\n## New Contributors\n* @​bdapoigny made their first contribution in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2899\n* @​gparametr made their first contribution in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3063\n\n ... (truncated)\n\n## 8.3.0\n\n## New features\n\n### Work related to redesign of IdentityModel's token validation logic [#​2711](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2711)\n* SAML and SAML2 new model validation: Token Replay. See [#​2994](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2994)\n* Extensibility tests: Token Type - JWT ([#​3030](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3030)), Issuer - SAML and SAML2 ([#​3026](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3026)), Algorithm and Signature - JWT, SAML and SAML2 ([#​3034](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3034)), Token Replay - JWT, SAML and SAML2 ([#​3032](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3032)),  Issuer signing key - JWT, SAML and SAML2 ([#​3029](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/302))\n* Avoid code duplication in extensibility testing. See [#​3041](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3041)\n* Extensibility Testing: Refactor. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3011\n* Remove duplicate code in extensibility tests. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3044\n\n## Bug fixes\n* Fix bug with AadIssuerValidator. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3042\n* Fixed SignedHttpRequest flaky test. See [#​3037](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3037)\n \n## Fundamentals\n* Install all .NET versions in pipeline to fix run tests task. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3018\n* Changelog for 8.2.1. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3009\n* Remove unnecessary AoT test project. See in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3045\n* Fix powershell script for nuget update. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3046\n* Update to next version. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3010\n* Disable Coverage PR comments. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3048\n* Updates GitHub Action to support long paths, See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3049\n* Stack parameters to improve reading of code. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3031\n\n## New Contributors\n* @​ssmelov made their first contribution in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3042\n\n**Full Changelog**: https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.2.1...8.3.0\n\n## 8.2.1\n\n8.2.1\n=====\n### New features\n- Update to use .NET 9 GA. See [2990](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2990).\n\n### Bug fixes\n- Remove dependency on Microsoft.Bcl.TimeProvider for .NET 8+ targets. See [2935](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2935).\n- Update cgmanifest to align with the JSON schema. See [2969](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2969).\n\n### Fundamentals\n- Streamline token creation in `SecurityTokenDescriptor`. See [2993](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2993).\n- Prevent inlining to guarantee stack frames in test. See [2999](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2999).\n\n### Work related to redesign of IdentityModel's token validation logic [#​2711](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2711)\n- Simplify stack frame caching. See [2976](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2976).\n- Implement reading SAML and SAML2 tokens. See [2980](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2980).\n- Implement validating SAML signature. See [2950](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2950).\n- Add tests for `IssuerExtensibility`. See [2987](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2987).\n- Add validation for SAML and SAML2 issuer signing key. See [2965](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2965).\n- Add validation for SAML and SAML2 algorithm. See [2984](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2984).\n\n## What's Changed\n* Microsoft.Rest.ClientRuntime has been deprecated, which results in so… by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2970\n* Update to next version after 8.2.0 release by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2975\n* Consolidating test statics by @​trwalke in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2956\n* New token validation model: Simplify stack frame caching by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2976\n* Remove dependency on Microsoft.Bcl.TimeProvider for .NET 8+ targets by @​filipnavara in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2935\n* Update cgmanifest to align with the JSON schema by @​jeffhandley in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2969\n* SAML and SAML2 new model validation: Read Token by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2980\n* SAML2 new model validation: Signature by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2961\n* JsonWebTokenHandler IssuerExtensibility by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2987\n* SAML and SAML2 new model validation: Issuer Signing Key by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2965\n* Ignore AotCompatibilityTests on ADO by @​jmprieur in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2992\n* SAML and SAML2 new model validation: Algorithm by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2984\n* Use SecurityTokenDescriptor when creating tokens by @​msbw2 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2991\n* Prevent inlining to guarantee stack frames in test by @​westin-m in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3002\n* Update to .NET 9 GA. Update some test dependencies. by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2990\n* Add Abstractions.Tests to strong name bypass file. by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3004\n\n## New Contributors\n* @​jeffhandley made their first contribution in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2969\n\n**Full Changelog**: https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.2.0...8.2.1\n\n## 8.2.0\n\n8.2.0\n=====\n### Fundamentals\n- Update System.Text.Json to 8.0.5 CVE-2024-43485. See [2892](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2892).\n- Using FixedTimeEquals in NETCore targets. See [2857](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2857).\n- Updated .NET 9 to RC 2 [2898](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2898).\n- Adds ability to create token without kid [2968](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2968)\n- Enables code coverage in PRs [2946](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2946)\n- Various test improvements:\n- [#​2953](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2953)\n- [#​2955](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2955)\n- [#​2951](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2951)\n- [#​2952](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2952)\n- [#​2947](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2947)\n\n### Work related to redesign of IdentityModel's token validation logic [#​2711](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2711)\n- Validates Audience for SAML2TokenHandler with New Model [2863](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2863)\n- Improvements to AudienceValidation [2902](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2902)\n- Added properties to ValidationResult [2923](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2923)\n- Implements Audience and Lifetime validations in SamlSecurityTokenHandler [2925](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2925)\n- Implements Issuer validation in SamlSecurityTokenHandler [2948](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2948)\n\n## What's Changed\n* update to next version by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2890\n* Use FixedTimeEquals in NETCore targets  by @​westin-m in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2857\n* Update System.Text.Json to 8.0.5 CVE-2024-43485 by @​msbw2 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2892\n* Update .NET 9 to RC 2 by @​msbw2 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2898\n* Validate Audience for SAML2TokenHandler with New Model by @​FuPingFranco in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2863\n* Regression tests: Issuer by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2868\n* Mark Wilson APIs as Shipped by @​westin-m in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2903\n* Add Tests for Lifetime Validation Using New Validation Model For SAML2 by @​FuPingFranco in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2906\n* Suggested changes to AudienceValidation by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2902\n* Extensibility tests: Audience by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2861\n* Added properties to ValidationResult without throwing by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2923\n* Extensibility tests: Lifetime by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2867\n* Regression tests: Issuer signing key by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2927\n* Do not serialize CaseSensitiveClaimsIdentity.SecurityToken. by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2896\n* Fix typo by @​westin-m in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2894\n* Implement and Test Audience and Lifetime validations in SamlSecurityTokenHandler with New Validation Model by @​FuPingFranco in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2925\n* Fix Flaky Tests: NameAndRoleClaimDelegates and RoleClaims by @​kellyyangsong in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2873\n* Regression tests: Signature by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2930\n* Validate Issuer Using New Validation Model in Saml2SecurityTokenHandler by @​FuPingFranco in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2929\n* Fix builds on macOS / Linux using the build.sh script by @​filipnavara in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2937\n* Regression tests: Algorithm by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2934\n* Regression tests: Token Type by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2932\n* Regression tests: Token Replay by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2931\n* Fix DevEx and IDDP builds such that when building internally, use an internal Nuget feed instead of nuget.org by @​kellyyangsong in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2936\n* Restore PopKeyResolvingTests.GetPopKeysFromJkuAsync by @​kellyyangsong in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2947\n* Restore skipped test: ReferenceCountingTest_MultiThreaded by @​kellyyangsong in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2952\n* Restore EnsureAotCompatibility test by @​kellyyangsong in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2951\n ... (truncated)\n\n## 8.1.2\n\n## What's Changed\n\n### Bug fixes\n\n* CaseSensitiveClaimsIdentity.Clone() now returns a `CaseSensitiveClaimsIdentity` as expected, by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2879\n* Multiple unused and unusable (for the moment) public APIs were removed. These were introduced by mistake leaking from the work done on logging and exception handling, by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2888\n\n### Fundamentals\n* Enabled PublicApiAnalyzers to better understand and trace changes to the public API, by @​keegan-caruso in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2782\n\n\n**Full Changelog**: https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.1.1...8.1.2\n\n## 8.1.1\n\n8.1.1\n=====\n### Bug fixes\n- Fix bug where ConfigurationManager was updating keys too frequently. See [2866](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2866) for details.\n\n## What's Changed\n* Rename validation delegates by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2847\n* Remove TransformBeforeSignatureValidationDelegate from ValidationParameters by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2848\n* Add disable discovery enumeration = true to all theory tests by @​kellyyangsong in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2849\n* Make CaseSensitiveClaimIdentity serializable by @​kellyyangsong in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2850\n* Remove Obsolete BinaryFormatter  by @​kellyyangsong in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2851\n* Refactor ValidateConditions in Saml2SecurityTokenHandler by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2855\n* Set custom BenchmarkDotNetconfig as default by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2852\n* Regression tests: Audience by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2838\n* Fix ValidateJsonWebTokenClaimMapping Flaky Test 🐞 by @​kellyyangsong in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2859\n* update current version by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2862\n* Regression tests: Lifetime by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2839\n* Rename ResolveTokenDecryptionKeyDelegate to DecryptionKeyResolverDelegate by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2869\n* Set internal _syncAfter using only AutomaticRefreshInterval. by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2865\n* 8.1.1 Changelog by @​kellyyangsong in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2864\n* Adjust for RefreshInterval not influencing AutomaticRefreshInterval. by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2870\n\n\n**Full Changelog**: https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.1.0...8.1.1\n\n## 8.1.0\n\n8.1.0\n=====\n### Performance improvements\n- Improves performance during issuer validation by replacing string comparison with span comparison. See PR [#​2826](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2826).\n\n### New features\n- Add optional check to prevent using keys that are shared across multiple clouds. See issue [#​2832](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2832) for details.\n\n### Bug fixes\n- JsonWebTokenHandler would only return unwrapped keys if there was no errors. This change is to align with the behavior in JwtSecurityTokenHandler, that is it returns the keys that were able to be unwrapped, and only throw if no keys were able to be unwrapped. See issue [#​2695](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2695) for details.\n\n### Fundamentals\n- Fix flaky tests. See [#​2793](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2793) for details.\n- Update XUnit versoin and fix test warnings due to new XUnit analyzers. See PR [#​2796](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2796) for details.\n- Onhboard to code coverage in ADO. See PR [#​2798](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2798).\n- Use `IsTargetFrameworkCompatible(*)` so AOT is forward-compatible with .NET 9 and beyond. See PR [#​2790](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2790) for details.\n- Fix a merge conflict impacting dev. See PR [#​2819](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2819).\n- Defining the following attribute in multiple assemblies (.Tokens, .Logging) causes an internal error.\n[DynamicallyAccessedMembers(DynamicallyAccessedMemberTypes.PublicConstructors)]. See PR [#​2820](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2820).\n- Remove perl dependency. See PR [#​2830](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2830).\n\n### Work related to redesign of IdentityModel's token validation logic [#​2711](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2711)\n- [#​2794](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2794)\n- [#​2800](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2800)\n- [#​2810](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2810)\n- [#​2811](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2811)\n- [#​2816](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2816)\n- [#​2822](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2822)\n- [#​2815](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2815)\n- [#​2818](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2818)\n- [#​2813](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2813)\n- [#​2827](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2827)\n\n## What's Changed\n* changelog 8.0.2 by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2792\n* Update version.props to 8.0.2 by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2791\n* Fix Async Issue in Extensibility Tests by @​FuPingFranco in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2795\n* Update xUnit version and fix test warnings by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2796\n* ValidateTokenAsync - New Path: Refactor result types by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2794\n* Onboard to code coverage in ADO by @​keegan-caruso in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2798\n* Exception refinement: Adding additional information by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2800\n* Add initial regression tests for the new validation path by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2810\n* Use IsTargetFrameworkCompatible() by @​martincostello in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2790\n* Regression tests: Added inner exception detail and invalid signature failure due to invalid algorithm used by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2811\n* Return unwrapped keys if able by @​keegan-caruso in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2812\n* New token validation path: Renamed result types by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2816\n* Fix merge conflict by @​msbw2 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2819\n* Removed attribute that causes issues with internal builds. by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2820\n* Add missing exception type to ValidationError -\u003e GetException() by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2822\n* Regression testing: Add JWE use cases by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2815\n ... (truncated)\n\n## 8.0.2\n\n8.0.2\n=====\n\n### Security fundamentals\n- Add `BannedApiAnalyzers` to prevent use of `ClaimsIdentity` constructors. See PR [#​2778](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2778) for details.\n\n### Bug fixes\n- IdentityModel now allows the JWT payload to be an empty string. See issue [#​2656](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2656) for details.\n- Cache `UseRfcDefinitionOfEpkAndKid` switch. See PR [#​2747](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2747) for details.\n- Method was named `DoNotFailOnMissingTid` in 7x and `DontFailOnMissingTid` in 8x, adding the method for back compat. See issue [#​2750](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2750) for details.\n- Metadata is now updated on a background thread. See [#​2780](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2780) for details.\n- `JsonWebKeySet` stores the original string it was created with. See PR [#​2755](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2755) for details.\n- Restore AOT compatibility. See [#​2711](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2711).\n- Fix OpenIdConnect parsing bug. See [#​2772](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2772) for details.\n- Remove the lock on creating a `SignatureProvider`. See [#​2788](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2788) for details.\n\n### Fundamentals\n- Test clean up [#​2742](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2742).\n- Use only FxCop in .NET framework targets [#​2693](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2693).\n- Add rule to add file headers automatically [#​2748](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2748).\n- Code analysis updates [#​2746](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2746).\n- Include README packages in NuGet [#​2752](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2752).\n- Update projects inside WilsonUnix solution [#​2768](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2768).\n- Code style enforced in build [#​2603](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2603).\n- CodeQL update [#​2767](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2767).\n- Update build pipeline to new one release build format [#​2777](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2777).\n- Update GitHub actions to `9.0.100-preview.7.24407.12` and add `\u003cNoWarn\u003e$(NoWarn);SYSLIB0057\u003c/NoWarn\u003e` due to breaking changes in preview7. [#​2786](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2786).\n\n### Work relating to [#​2711](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2711)\n- [#​2725](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2725), [#​2729](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2729), [#​2753](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2753), [#​2758](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2758), [#​2759](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2759), [#​2757](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2758), [#​2759](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2757), [#​2764](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2758), [#​2759](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2764), [#​2771](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2758), [#​2759](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2759), and [#​2779](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2779).\n\n\n## What's Changed\n* Remove old 6x tests used that are not needed anymore by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2742\n* Only use fxcop in netfw by @​keegan-caruso in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2693\n* Allow Jwt payload to be the empty string. by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2745\n* Add rule to add file headers automatically. by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2748\n* Remove Delegate Checks in Multiple Validators and Prevents Null Setting of Delegates by @​FuPingFranco in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2725\n* Fix CodeQL by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2746\n* Cache UseRfcDefinitionOfEpkAndKid switch. by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2747\n* Decrypt token: Remove exceptions + use new ValidationParameters by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2729\n* Include README packages in NuGet by @​localden in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2752\n* Remove internals for new work. by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2753\n* Add property named differently in 7x. by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2756\n* Remove SlimLock when updating metadata. by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2751\n* Revert \"Remove SlimLock when updating metadata. (#​2751)\" by @​keegan-caruso in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2762\n* Remove Delegate Checks Audience Validator and Prevents Null Setting of Delegate by @​FuPingFranco in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2758\n* Re-factor Issuer Validator to Follow New Validation Model by @​FuPingFranco in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2759\n* Update projects inside WilsonUnix solution by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2768\n* JsonWebKeySet stores the String it was created with by @​westin-m in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2755\n ... (truncated)\n\nCommits viewable in [compare view](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.0.1...8.14.0).\n\u003c/details\u003e\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=Microsoft.IdentityModel.JsonWebTokens\u0026package-manager=nuget\u0026previous-version=8.0.1\u0026new-version=8.14.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge and block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/statisticsnorway/PxWeb/pull/465","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/statisticsnorway%2FPxWeb/issues/465","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/465/packages"}},{"old_version":"8.14.0","new_version":"8.15.0","update_type":"minor","path":null,"pr_created_at":"2025-11-20T05:04:31.000Z","version_change":"8.14.0 → 8.15.0","issue":{"uuid":"3645470771","node_id":"PR_kwDOGnKBAc60f7hN","number":97,"state":"closed","title":"Bump Microsoft.IdentityModel.JsonWebTokens from 8.14.0 to 8.15.0","user":"dependabot[bot]","labels":["dependencies",".NET"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2025-12-03T05:03:54.000Z","author_association":null,"state_reason":null,"created_at":"2025-11-20T05:04:31.000Z","updated_at":"2025-12-03T05:03:56.000Z","time_to_close":1123163,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"Microsoft.IdentityModel.JsonWebTokens","old_version":"8.14.0","new_version":"8.15.0","repository_url":"https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet"}],"path":null,"ecosystem":"nuget"},"body":"Updated [Microsoft.IdentityModel.JsonWebTokens](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet) from 8.14.0 to 8.15.0.\n\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\n_Sourced from [Microsoft.IdentityModel.JsonWebTokens's releases](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/releases)._\n\n## 8.15.0\n\n## New Features\n- **Add ECDsa support in `X509SecurityKey` and `JsonWebKeyConverter.ConvertFromX509SecurityKey`**  \n  Extended `X509SecurityKey` and `JsonWebKeyConverter.ConvertFromX509SecurityKey` to support ECDSA keys.  \n  See PR [#​2377](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2377) for details.\n\n## Bug Fixes\n- **Sanitize logs to avoid leaking sensitive data**  \n  Updated logging to sanitize sensitive values, reducing the risk of inadvertently exposing secrets or PII in logs.  \n  See PR [#​3316](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3316) for details.\n- **Optimize log sanitization with `SearchValues`**  \n  Improved the performance of the log sanitization logic introduced earlier by using `SearchValues`, making sanitization more efficient in high-throughput scenarios.  \n  See PR [#​3341](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3341) for details.\n- **Update test for `IDX10400`**  \n  Adjusted the `IDX10400` test to align with the current behavior and error messaging.  \n  See PR [#​3314](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3314) for details.\n\n## Fundamentals\n- **Add supported algorithm tests**  \n  Added new tests to validate the set of supported cryptographic algorithms, increasing confidence in algorithm coverage and compatibility.  \n  See PR [#​3296](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3296) for details.\n- **Migrate repository agent rules from `.clinerules` to `agents.md`**  \n  Moved repository agent/AI-assist rules into markdown documentation to make them more visible and easier to maintain.  \n  See PR [#​3313](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3313) for details.\n- **Migrate `Microsoft.IdentityModel.TestExtensions` from Newtonsoft.Json to System.Text.Json**  \n  Updated `Microsoft.IdentityModel.TestExtensions` to use `System.Text.Json` instead of `Newtonsoft.Json`, aligning tests with the runtime serialization stack.  \n  See PR [#​3356](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3356) for details.\n- **Disable code coverage comments**  \n  Turned off automated code coverage comments on PRs to reduce noise while retaining coverage data elsewhere.  \n  See PR [#​3349](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3349) for details.\n- **Fix CodeQL alerts**  \n  Addressed CodeQL-reported issues to improve security posture and static analysis cleanliness.  \n  See PR [#​3364](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3364) for details.\n\n### .NET 10 / SDK and tooling updates\n- **Building with .NET 10 preview / RC 1**  \n  Updated the repository to build and test against .NET 10.0 preview/RC1, ensuring early compatibility with the upcoming runtime.  \n  See PRs [#​3287](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3287), [#​3357](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3357), and [#​3358](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3358) for details.\n- **Fix .NET 10 test execution consistency**  \n  Ensured consistent use of the `TargetNetNext` parameter across build, test, and pack phases so .NET 10.0 tests execute reliably.  \n  See PR [#​3337](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3337) for details.\n- **Update project files and workflows for .NET 10.0 compatibility**  \n  Adjusted project files and CI workflows to correctly target and run on .NET 10.0, including test and pack scenarios.  \n  See PR [#​3363](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3363) for details.\n- **Update .NET version to meet CG compliance**  \n  Updated the .NET version references to be compliant with corporate governance (CG) requirements.  \n  See PR [#​3353](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3353) for details.\n- **Update Coverlet collector and test SDK**  \n  - Bumped `CoverletCollectorVersion` to 6.0.4.  \n    See PR [#​3333](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3333) for details.  \n  - Upgraded `Microsoft.NET.Test.Sdk` to a newer version for improved test reliability and tooling support.  \n ... (truncated)\n\nCommits viewable in [compare view](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.14.0...8.15.0).\n\u003c/details\u003e\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge and block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/NosCoreIO/NosCore.Networking/pull/97","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/NosCoreIO%2FNosCore.Networking/issues/97","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/97/packages"}}]}