From 0dedabbf0eceb290fe3698900f1b27d77c33ded6 Mon Sep 17 00:00:00 2001
From: Dolph Flynn <96876199+DolphFlynn@users.noreply.github.com>
Date: Tue, 7 Apr 2026 11:16:24 +0100
Subject: [PATCH 1/2] Update weak secrets list

---
 src/main/resources/jwt.secrets.list.txt | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/src/main/resources/jwt.secrets.list.txt b/src/main/resources/jwt.secrets.list.txt
index ad5da1fb..c182b052 100644
--- a/src/main/resources/jwt.secrets.list.txt
+++ b/src/main/resources/jwt.secrets.list.txt
@@ -103973,3 +103973,7 @@ notesApp#12345
 serucity_is_secure_beacuse_it_is
 @token2F5e84cb2610411b048c16probono4e60553855ebd5827918
 !@2222222fasdhiohDCWQA
+replace_with_lengthy_secure_hex
+dff4665a082305d28b485d1d763d0d3e52e2577220eaa551836862a3dbca1aade309fe7ceed35180ac494cbc27bd2f5f84d45e1
+b89787dc4f8930ff36715598bddc8d28946c29c7d9d3c1f8272fc8eb307c4b1de6e9a20a824ac06b4a53efeaf99be20469da5355d7218851c8e87520db26a819
+3beeee45bc938475ecba45075c53aae0f94299a83f824b25bbaf7965b4b0c60ff2b0c66c9047a026578deb5ecadabaa602891be2be66ed123a7b26876d4daddf
\ No newline at end of file

From 714c659755ff24a1df398f6b8f8b0fb5531b4f81 Mon Sep 17 00:00:00 2001
From: Dolph Flynn <96876199+DolphFlynn@users.noreply.github.com>
Date: Tue, 7 Apr 2026 11:25:13 +0100
Subject: [PATCH 2/2] Fix potential for ArrayIndexOutOfBoundsException.

---
 .../blackberry/jwteditor/view/config/IntruderConfigModel.java  | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/main/java/com/blackberry/jwteditor/view/config/IntruderConfigModel.java b/src/main/java/com/blackberry/jwteditor/view/config/IntruderConfigModel.java
index 1385df45..1482d06a 100644
--- a/src/main/java/com/blackberry/jwteditor/view/config/IntruderConfigModel.java
+++ b/src/main/java/com/blackberry/jwteditor/view/config/IntruderConfigModel.java
@@ -105,8 +105,9 @@ JWSAlgorithm[] signingAlgorithms() {
 
     JWSAlgorithm signingAlgorithm() {
         JWSAlgorithm signingAlgorithm = intruderConfig.signingAlgorithm();
+        JWSAlgorithm[] signingAlgorithms = signingAlgorithms();
 
-        return signingAlgorithm == null && hasSigningKeys() ? signingAlgorithms()[0] : signingAlgorithm;
+        return signingAlgorithm == null && hasSigningKeys() && signingAlgorithms.length > 0 ? signingAlgorithms[0] : signingAlgorithm;
     }
 
     void setSigningAlgorithm(JWSAlgorithm signingAlgorithm) {