Vulnerability CVE-2025-45768 reported in PyJWT 2.10.1

[JugeshHM]

CVE has been reported in PyJWT 2.10.1. (https://nvd.nist.gov/vuln/detail/CVE-2025-45768)
What is the remediation plan? When can we expect a new release with above fix?

[onmete]

Can you please have a look @jpadilla? This is being flagged in enterprise environments.

[iloveskywsd]

Library users benefit from a minimum value and a mechanism for opting in to strict enforcement.

[fripsumisu]

Hello, could we have an update on the position regarding this CVE bug please?
I can see at least two PRs attempting to address this.

If this is not going to be addressed explicitly then could one of the project maintainers please confirm so that we can find an alternate provider. As this stand my company's SDLC policies will not permit us to use this library with this weakness in place.

Thanks.

[onmete]

@auvipy?

[yakirm-cr]

duplicate to #1080.