Hi, > [1] http://shiro.apache.org/download.html > [2] http://shiro.apache.org/documentation.html
There pages is not update. Regards, r00t4dm Cloud-Penetrating Arrow Lab of Meituan Corp Information Security Department > 2021年2月1日 上午7:00,Benjamin Marwell <[email protected]> 写道: > > The Shiro team is pleased to announce the release of Apache Shiro version > 1.7.1. > > This security release contains 1 fix since the 1.7.0 release and is > available for Download now [1]. > > Bug > [SHIRO-797] - Shiro 1.7.0 is lower than using springboot version > 2.0.7 dependency error > > CVE-2020-17523: > Apache Shiro before 1.7.1, when using Apache Shiro with Spring, a > specially crafted HTTP request may cause an authentication bypass. > > Release binaries (.jars) are also available through Maven Central and > source bundles through Apache distribution mirrors. > > For more information on Shiro, please read the documentation [2]. > > -The Apache Shiro Team > > [1] http://shiro.apache.org/download.html > [2] http://shiro.apache.org/documentation.html > > -- > Benjamin > [email protected]
