diff --git a/gateway/enforcer/org.wso2.apk.enforcer/src/main/java/org/wso2/apk/enforcer/security/jwt/APIKeyAuthenticator.java b/gateway/enforcer/org.wso2.apk.enforcer/src/main/java/org/wso2/apk/enforcer/security/jwt/APIKeyAuthenticator.java
index eba64e2c2..8bd9215ea 100644
--- a/gateway/enforcer/org.wso2.apk.enforcer/src/main/java/org/wso2/apk/enforcer/security/jwt/APIKeyAuthenticator.java
+++ b/gateway/enforcer/org.wso2.apk.enforcer/src/main/java/org/wso2/apk/enforcer/security/jwt/APIKeyAuthenticator.java
@@ -344,11 +344,13 @@ private APIKeyValidationInfoDTO getAPIKeyValidationDTO(RequestContext requestCon
             throws ParseException, APISecurityException {
 
         APIKeyValidationInfoDTO validationInfoDTO = new APIKeyValidationInfoDTO();
-        JSONObject app = payload.getJSONObjectClaim(APIConstants.JwtTokenConstants.APPLICATION);
+        Map<String, Object> appClaim = payload.getJSONObjectClaim(APIConstants.JwtTokenConstants.APPLICATION);
+        JSONObject app;
         JSONObject api = null;
         validationInfoDTO.setType(requestContext.getMatchedAPI().getEnvType());
 
-        if (app != null) {
+        if (appClaim != null) {
+            app = new JSONObject(appClaim);
             validationInfoDTO.setApplicationUUID(app.getAsString(APIConstants.JwtTokenConstants.APPLICATION_UUID));
             validationInfoDTO.setApplicationName(app.getAsString(APIConstants.JwtTokenConstants.APPLICATION_NAME));
             //validationInfoDTO.setSubscriber(app.getAsString(APIConstants.JwtTokenConstants.APPLICATION_OWNER));
diff --git a/gateway/enforcer/org.wso2.apk.enforcer/src/main/java/org/wso2/apk/enforcer/security/jwt/APIKeyHandler.java b/gateway/enforcer/org.wso2.apk.enforcer/src/main/java/org/wso2/apk/enforcer/security/jwt/APIKeyHandler.java
index 03d67d13e..9ca1aa021 100644
--- a/gateway/enforcer/org.wso2.apk.enforcer/src/main/java/org/wso2/apk/enforcer/security/jwt/APIKeyHandler.java
+++ b/gateway/enforcer/org.wso2.apk.enforcer/src/main/java/org/wso2/apk/enforcer/security/jwt/APIKeyHandler.java
@@ -170,7 +170,7 @@ public boolean isJwtTokenExpired(JWTClaimsSet payload, String keyType, String or
         DefaultJWTClaimsVerifier jwtClaimsSetVerifier = new DefaultJWTClaimsVerifier();
         jwtClaimsSetVerifier.setMaxClockSkew((int) FilterUtils.getTimeStampSkewInSeconds());
         try {
-            jwtClaimsSetVerifier.verify(payload);
+            jwtClaimsSetVerifier.verify(payload,null);
         } catch (BadJWTException e) {
             if ("Expired JWT".equals(e.getMessage())) {
                 log.debug("{} API key is expired.", keyType);
diff --git a/libs.versions.toml b/libs.versions.toml
index 433c544fa..b5d2f3c5a 100644
--- a/libs.versions.toml
+++ b/libs.versions.toml
@@ -147,7 +147,7 @@ httpcomponents = "4.5.14"
 io-github-openfeign = "11.0"
 io-swagger = "1.6.9"
 io-swagger-v3 = "2.2.9"
-jackson = "2.14.2"
+jackson = "2.18.0"
 javax-cache = "1.1.1"
 javax-validation = "2.0.1.Final"
 javax-validation-api = "1.1.0.Final"
@@ -159,10 +159,10 @@ log4j = "2.19.0"
 mapstruct = "1.5.3.Final"
 minidev = "2.4.9"
 moandjiezana = "0.7.2"
-netty = "4.1.100.Final"
-nimbus = "7.9.0.wso2v1"
-okhttp = "4.9.3.wso2v1"
-okio = "2.8.0.wso2v1"
+netty = "4.1.114.Final"
+nimbus = "9.31.wso2v1"
+okhttp = "4.9.3.wso2v3"
+okio = "3.9.0.wso2v1"
 opentelemetry = "1.24.0"
 opentelemetry-jaeger-thrift = "1.24.0"
 opentelemetry-semconv = "1.24.0-alpha"