This is an automated email from the ASF dual-hosted git repository.
jleroux pushed a commit to branch trunk
in repository https://gitbox.apache.org/repos/asf/ofbiz-framework.git
The following commit(s) were added to refs/heads/trunk by this push:
new aa459fdaf9 Improved: Upgrade Apache Shiro from 1.13.0 to 2.0.0
(OFBIZ-12961)
aa459fdaf9 is described below
commit aa459fdaf92cd22b0fd92363b3295bf0de48c3ae
Author: Jacques Le Roux <[email protected]>
AuthorDate: Sat Mar 23 07:17:40 2024 +0100
Improved: Upgrade Apache Shiro from 1.13.0 to 2.0.0 (OFBIZ-12961)
At first glance there is no security vulnerability implied, just a new API.
Despite still having Core in Maven:
https://mvnrepository.com/artifact/org.apache.shiro
in Gradle I had to change Core by Crypto to compile.
https://javadoc.io/doc/org.apache.shiro/shiro-crypto-cipher/latest/org/apache/shiro/crypto/cipher/AesCipherService.html
I guess something related to modules. Package is still
org.apache.shiro.crypto
I did not dig deeper.
---
dependencies.gradle | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/dependencies.gradle b/dependencies.gradle
index c5009a1818..b1a2e29c5c 100644
--- a/dependencies.gradle
+++ b/dependencies.gradle
@@ -53,7 +53,7 @@ dependencies {
implementation 'org.apache.logging.log4j:log4j-core:2.20.0' // Somehow
needed by Buildbot to compile OFBizDynamicThresholdFilter.java
implementation 'org.apache.poi:poi:4.1.2' // poi-ooxml-schemas-5.0.0.pom'.
Received status code 401 from server
implementation 'org.apache.pdfbox:pdfbox:2.0.29' // 3.0.1 does not compile
- implementation 'org.apache.shiro:shiro-core:1.13.0'
+ implementation 'org.apache.shiro:shiro-crypto:2.0.0'
implementation 'org.apache.sshd:sshd-core:2.10.0'
implementation 'org.apache.sshd:sshd-sftp:2.10.0'
implementation 'org.apache.tika:tika-core:2.5.0'
