Would like to have latest version for below jar file.

<Siteminder installer path>/siteminder/bin/thirdparty/nimbus-jose-jwt-9.10.jar
 HIGH 7.5  CVE-2023-52428 (BDSA-2023-3666) 
 
https://nvd.nist.gov/vuln/detail/cve-2023-52428
An attacker can cause a denial of service (resource consumption) via a large JWE p2c header value (aka iteration count) for the PasswordBasedDecrypter (PBKDF2) component.

Policy Server Version: 12.8.7/12.8.8
Operation System: Windows/Linux

Policy Server calls this jar file only if you're using Federation, OIDC or JWT Authentication Scheme.

Please download the attached dev-fix and follow the below steps to deploy it on 12.8.7/12.8.8 version:

----------------------------------------------------------
1. Stop Policy Server

2. Take out nimbus-jose-jwt-9.10.jar from 12.8.7/12.8.8 PS installation i.e. siteminder/bin/thirdparty

3. Copy attached nimbus-jose-jwt-9.41.1.jar file in siteminder installation i.e. siteminder/bin/thirdparty

4. Add path of  nimbus-jose-jwt-9.41.1.jar in class path of jvmoptions.txt

---------------------------------------------------------

Given below JVMOptions.txt path is just for reference

-Djava.class.path=<Siteminder installer path>CA/siteminder/resources:/F6/CA/siteminder/config/properties:<Siteminder installer path>/CA/siteminder/bin/endorsed/jakarta.xml.bind-api.jar:<Siteminder installer path>/CA/siteminder/bin/endorsed/jakarta.activation-api.jar:<Siteminder installer path>/CA/siteminder/bin/jars/smbootstrap.jar:<Siteminder installer path>/CA/siteminder/bin/thirdparty/log4j-api-2.17.2.jar:<Siteminder installer path>/CA/siteminder/bin/thirdparty/log4j-core-2.17.2.jar:<Siteminder installer path>/CA/siteminder/bin/thirdparty/log4j-slf4j-impl-2.17.2.jar:<Siteminder installer path>/CA/siteminder/bin/thirdparty/nimbus-jose-jwt-9.41.1.jar

Note: nimbus-jose-jwt-9.41.1.jar already exists in latest version 12.9 GA version.