The Apache Shiro team is pleased to announce the release of Apache Shiro version 2.0.0-alpha-4
Apache Shiro is a powerful and easy-to-use Java security framework that performs authentication, authorization, cryptography, and session management. With Shiro’s easy-to-understand API, you can quickly and easily secure any application – from the smallest mobile applications to the largest web and enterprise applications. # This is a feature release for 2.x. All changes: https://github.com/apache/shiro/releases/tag/shiro-root-2.0.0-alpha-4 # CVE-2023-46750: URL Redirection to Untrusted Site ('Open Redirect') vulnerability when "form" authentication is used in Apache Shiro. Mitigation: Update to Apache Shiro 1.13.0+ or 2.0.0-alpha-4+. # Download and verification instructions are available on our download page: https://shiro.apache.org/download.html # For more information on Shiro, please read the documentation: https://shiro.apache.org/documentation.html Enjoy! The Apache Shiro Team