[jira] [Work logged] (KNOX-2455) Upgrade Shiro to 1.6.0

Wed, 23 Sep 2020 20:00:50 -0700 


     [ 
https://issues.apache.org/jira/browse/KNOX-2455?focusedWorklogId=489960&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-489960
 ]

ASF GitHub Bot logged work on KNOX-2455:
----------------------------------------

                Author: ASF GitHub Bot
            Created on: 24/Sep/20 02:59
            Start Date: 24/Sep/20 02:59
    Worklog Time Spent: 10m 
      Work Description: moresandeep opened a new pull request #378:
URL: https://github.com/apache/knox/pull/378


   ## What changes were proposed in this pull request?
   This PR is to upgrade Shiro library to 1.6.0. Shiro 1.6.0 introduces some 
drastic changes in response to a security issue (see [Global 
Filters](https://shiro.apache.org/web.html#global-filters)) these changes will 
break some of the proxying services that include `;` `\` in the URL. `;` is 
most commonly used for `jsessionid` so that likely will introduce some 
breakage. We try to mitigate this breakage by turning off blocking `;`, `\` and 
non-ascii characters by setting the following properties to false out of the 
box.
   
   1. `invalidRequest.blockBackslash = false`
   2. `invalidRequest.blockSemicolon = false`
   3. `invalidRequest.blockNonAscii = false`
   
   These properties can be set to true in Knox topology (by adding shiro 
providers param section).
   This PR also adds unit tests to test these changes.
   
   ## How was this patch tested?
   This patch was tested locally.


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
[email protected]


Issue Time Tracking
-------------------

    Worklog Id:     (was: 489960)
    Time Spent: 50m  (was: 40m)

> Upgrade Shiro to 1.6.0
> ----------------------
>
>                 Key: KNOX-2455
>                 URL: https://issues.apache.org/jira/browse/KNOX-2455
>             Project: Apache Knox
>          Issue Type: Sub-task
>            Reporter: Kevin Risden
>            Assignee: Sandeep More
>            Priority: Major
>             Fix For: 1.5.0
>
>          Time Spent: 50m
>  Remaining Estimate: 0h
>
> Upgrade shiro 1.5.3 to 1.6.0



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Reply via email to