David Dillard created SHIRO-612:
-----------------------------------
Summary: Need to upgrade BeanUtils to avoid vulnerability
Key: SHIRO-612
URL: https://issues.apache.org/jira/browse/SHIRO-612
Project: Shiro
Issue Type: Bug
Affects Versions: 1.4.0-RC2
Reporter: David Dillard
Currently, the POM specifies to use BeanUtils 1.8.3. Unfortunately, this has a
known vulnerability
(https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0114) and there's a
Metasploit module available to make exploitation easier. This needs to be
upgraded to the fixed version 1.9.3.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
