web-eid · svenzik · May 11, 2026
diff --git a/example/pom.xml b/example/pom.xml
@@ -5,7 +5,7 @@
 	<parent>
 		<groupId>org.springframework.boot</groupId>
 		<artifactId>spring-boot-starter-parent</artifactId>
-		<version>3.5.13</version>
+		<version>3.5.14</version>
 		<relativePath/> <!-- lookup parent from repository -->
 	</parent>
 	<groupId>eu.webeid.example</groupId>
@@ -23,9 +23,6 @@
 		<digidoc4j.version>6.1.1</digidoc4j.version>
 		<jmockit.version>1.44</jmockit.version> <!-- Keep version 1.44, otherwise mocking will fail. -->
 		<jib.version>3.5.1</jib.version>
-
-        <!-- Remove explicit thymeleaf version override when spring boot uses thymeleaf 3.1.4.RELEASE or later: CVE-2026-40477, CVE-2026-40478, CVE-2026-40477, CVE-2026-40478 -->
-        <thymeleaf.version>3.1.4.RELEASE</thymeleaf.version>
 	</properties>
 
 	<dependencies>

diff --git a/pom.xml b/pom.xml
@@ -12,18 +12,18 @@
 
     <properties>
         <java.version>11</java.version>
-        <jjwt.version>0.12.6</jjwt.version>
+        <jjwt.version>0.13.0</jjwt.version>
         <bouncycastle.version>1.84</bouncycastle.version>
-        <jackson.version>2.19.1</jackson.version>
+        <jackson.version>2.21.3</jackson.version>
         <slf4j.version>2.0.17</slf4j.version>
-        <junit-jupiter.version>5.13.3</junit-jupiter.version>
+        <junit-jupiter.version>5.14.4</junit-jupiter.version>
         <assertj.version>3.27.7</assertj.version>
-        <mockito.version>5.18.0</mockito.version>
-        <maven-surefire-plugin.version>3.5.2</maven-surefire-plugin.version>
-        <maven-source-plugin.version>3.3.1</maven-source-plugin.version>
-        <maven-javadoc-plugin.version>3.11.2</maven-javadoc-plugin.version>
-        <maven-enforcer-plugin.version>3.6.0</maven-enforcer-plugin.version>
-        <jacoco.version>0.8.12</jacoco.version>
+        <mockito.version>5.23.0</mockito.version>
+        <maven-surefire-plugin.version>3.5.5</maven-surefire-plugin.version>
+        <maven-source-plugin.version>3.4.0</maven-source-plugin.version>
+        <maven-javadoc-plugin.version>3.12.0</maven-javadoc-plugin.version>
+        <maven-enforcer-plugin.version>3.6.2</maven-enforcer-plugin.version>
+        <jacoco.version>0.8.14</jacoco.version>
         <sonar.coverage.jacoco.xmlReportPaths>
             ${project.basedir}/../jacoco-coverage-report/target/site/jacoco-aggregate/jacoco.xml
         </sonar.coverage.jacoco.xmlReportPaths>

diff --git a/src/main/java/eu/webeid/security/validator/AuthTokenValidatorImpl.java b/src/main/java/eu/webeid/security/validator/AuthTokenValidatorImpl.java
@@ -107,7 +107,7 @@ public WebEidAuthToken parse(String authToken) throws AuthTokenException {
             return parseToken(authToken);
         } catch (Exception e) {
             // Generally "log and rethrow" is an anti-pattern, but it fits with the surrounding logging style.
-            LOG.warn("Token parsing was interrupted:", e);
+            LOG.warn("Token parsing failed: {}: {}", e.getClass().getName(), e.getMessage());
             throw e;
         }
     }
@@ -119,7 +119,7 @@ public X509Certificate validate(WebEidAuthToken authToken, String currentChallen
             return validateToken(authToken, currentChallengeNonce);
         } catch (Exception e) {
             // Generally "log and rethrow" is an anti-pattern, but it fits with the surrounding logging style.
-            LOG.warn("Token validation was interrupted:", e);
+            LOG.warn("Token validation failed: {}: {}", e.getClass().getName(), e.getMessage());
             throw e;
         }
     }