Hi, Hope you all are doing well.

We had a report of vulnerability CVE-2024-30172 on use of BouncyCastle.Crypto, version 1.8.9. Even thought we updated to JWT version 4.1.10 and the component already updated to BouncyCastle.Cryptography.dll 2.6.2, it was constantly on reports.

At extension JWTCore, file BouncyCastle.Crypto and references still remain, so I removed, published and solved the issue.

Its possible to remove BouncyCastle.Crypto on further versions?

Thanks.