announce  

Messages by Thread

• [ANNOUNCE] Apache Shiro 2.0.0 release fpapon
• CVE-2023-46749: Apache Shiro before 1.130 or 2.0.0-alpha-4, may be susceptible to a path traversal attack that results in an authentication bypass when used together with path rewriting Brian Demers
• [ANNOUNCE] Apache Shiro 1.13.0 with fix CVE-2023-46750 fpapon
• [ANNOUNCE][CVE-2023-34478] Apache Shiro 1.12.0 released fpapon
• [ANNOUNCE] Apache Shiro 1.12.0 released fpapon
• CVE-2023-34478: Apache Shiro before 1.12.0, or 2.0.0-alpha-3, may be susceptible to a path traversal attack when used together with APIs or other web frameworks that route requests based on non-normalized requests. Brian Demers
• [ANNOUNCE][CVE-2023-22602] Apache Shiro 1.11.0 released Brian Demers
• CVE-2023-22602: Apache Shiro before 1.11.0, when used with Spring Boot 2.6+, may allow authentication bypass through a specially crafted HTTP request Brian Demers
• [ANNOUNCE][CVE-2022-40664] Apache Shiro 1.10.0 released Brian Demers
• [ANNOUNCE][CVE-2022-32532] Apache Shiro 1.9.1 released Brian Demers
• CVE-2021-41303: Apache Shiro before 1.8.0, when using Apache Shiro with Spring Boot, a specially crafted HTTP request may cause an authentication bypass Brian Demers
• [ANNOUNCE] Apache Shiro 1.8.0 released Benjamin Marwell
• [ANNOUNCE][CVE-2020-13933] Apache Shiro 1.6.0 released Brian Demers
• [ANNOUNCE] Apache Shiro 1.4.0-RC2 released Brian Demers
• [ANNOUNCE] Apache Shiro 1.2.6 released Brian Demers
• [Announce] CVE-2016-4437: Apache Shiro information disclosure vulnerability Brian Demers
• Apache Shiro 1.2.4 released Kalle Korhonen