announce

[ANNOUNCE] Apache Shiro 2.0.0 release

Thu, 29 Feb 2024 15:46:12 GMT

2024/02/29 -- fpapon

CVE-2023-46749: Apache Shiro before 1.130 or 2.0.0-alpha-4, may be susceptible to a path traversal attack that results in an authentication bypass when used together with path rewriting

Fri, 12 Jan 2024 16:54:03 GMT

2024/01/12 -- Brian Demers

[ANNOUNCE] Apache Shiro 1.13.0 with fix CVE-2023-46750

Mon, 13 Nov 2023 15:00:32 GMT

2023/11/13 -- fpapon

[ANNOUNCE][CVE-2023-34478] Apache Shiro 1.12.0 released

Wed, 06 Sep 2023 19:39:13 GMT

2023/09/06 -- fpapon

[ANNOUNCE] Apache Shiro 1.12.0 released

Wed, 06 Sep 2023 19:39:13 GMT

2023/09/06 -- fpapon

CVE-2023-34478: Apache Shiro before 1.12.0, or 2.0.0-alpha-3, may be susceptible to a path traversal attack when used together with APIs or other web frameworks that route requests based on non-normalized requests.

Mon, 24 Jul 2023 18:08:49 GMT

2023/07/24 -- Brian Demers

[ANNOUNCE][CVE-2023-22602] Apache Shiro 1.11.0 released

Fri, 13 Jan 2023 17:41:37 GMT

2023/01/13 -- Brian Demers

CVE-2023-22602: Apache Shiro before 1.11.0, when used with Spring Boot 2.6+, may allow authentication bypass through a specially crafted HTTP request

Fri, 13 Jan 2023 17:19:25 GMT

2023/01/13 -- Brian Demers

[ANNOUNCE][CVE-2022-40664] Apache Shiro 1.10.0 released

Wed, 12 Oct 2022 03:01:10 GMT

2022/10/12 -- Brian Demers

[ANNOUNCE][CVE-2022-32532] Apache Shiro 1.9.1 released

Tue, 28 Jun 2022 19:35:13 GMT

2022/06/28 -- Brian Demers

CVE-2021-41303: Apache Shiro before 1.8.0, when using Apache Shiro with Spring Boot, a specially crafted HTTP request may cause an authentication bypass

Thu, 16 Sep 2021 20:21:18 GMT

2021/09/16 -- Brian Demers

[ANNOUNCE] Apache Shiro 1.8.0 released

Fri, 27 Aug 2021 16:00:30 GMT

2021/08/27 -- Benjamin Marwell

[ANNOUNCE][CVE-2020-13933] Apache Shiro 1.6.0 released

Mon, 17 Aug 2020 17:31:23 GMT

2020/08/17 -- Brian Demers

[ANNOUNCE] Apache Shiro 1.4.0-RC2 released

Mon, 14 Nov 2016 22:24:00 GMT

2016/11/14 -- Brian Demers

[ANNOUNCE] Apache Shiro 1.2.6 released

Tue, 05 Jul 2016 16:50:28 GMT

2016/07/05 -- Brian Demers

[Announce] CVE-2016-4437: Apache Shiro information disclosure vulnerability

Fri, 03 Jun 2016 15:51:06 GMT

2016/06/03 -- Brian Demers

Apache Shiro 1.2.4 released

Mon, 03 Aug 2015 17:35:54 GMT

2015/08/03 -- Kalle Korhonen