Security hotfix for Duende.AccessTokenManagement.OpenIdConnect
We recently published Duende.AccessTokenManagement.OpenIdConnect 3.0.1, a security hotfix which addresses CVE-2024-51987, a medium-severity security issue that can cause refreshed access tokens to be cached and used for the wrong user.
We encourage everyone using Duende.AccessTokenManagement.OpenIdConnect 3.0.0 to update to version 3.0.1.