announce  

Messages by Date

• 2024/02/29 [ANNOUNCE] Apache Shiro 2.0.0 release fpapon
• 2024/01/12 CVE-2023-46749: Apache Shiro before 1.130 or 2.0.0-alpha-4, may be susceptible to a path traversal attack that results in an authentication bypass when used together with path rewriting Brian Demers
• 2023/11/13 [ANNOUNCE] Apache Shiro 1.13.0 with fix CVE-2023-46750 fpapon
• 2023/09/06 [ANNOUNCE][CVE-2023-34478] Apache Shiro 1.12.0 released fpapon
• 2023/09/06 [ANNOUNCE] Apache Shiro 1.12.0 released fpapon
• 2023/07/24 CVE-2023-34478: Apache Shiro before 1.12.0, or 2.0.0-alpha-3, may be susceptible to a path traversal attack when used together with APIs or other web frameworks that route requests based on non-normalized requests. Brian Demers
• 2023/01/13 [ANNOUNCE][CVE-2023-22602] Apache Shiro 1.11.0 released Brian Demers
• 2023/01/13 CVE-2023-22602: Apache Shiro before 1.11.0, when used with Spring Boot 2.6+, may allow authentication bypass through a specially crafted HTTP request Brian Demers
• 2022/10/11 [ANNOUNCE][CVE-2022-40664] Apache Shiro 1.10.0 released Brian Demers
• 2022/06/28 [ANNOUNCE][CVE-2022-32532] Apache Shiro 1.9.1 released Brian Demers
• 2021/09/16 CVE-2021-41303: Apache Shiro before 1.8.0, when using Apache Shiro with Spring Boot, a specially crafted HTTP request may cause an authentication bypass Brian Demers
• 2021/08/27 [ANNOUNCE] Apache Shiro 1.8.0 released Benjamin Marwell
• 2020/08/17 [ANNOUNCE][CVE-2020-13933] Apache Shiro 1.6.0 released Brian Demers
• 2016/11/14 [ANNOUNCE] Apache Shiro 1.4.0-RC2 released Brian Demers
• 2016/07/05 [ANNOUNCE] Apache Shiro 1.2.6 released Brian Demers
• 2016/06/03 [Announce] CVE-2016-4437: Apache Shiro information disclosure vulnerability Brian Demers
• 2015/08/03 Apache Shiro 1.2.4 released Kalle Korhonen