[ https://issues.apache.org/jira/browse/GEODE-10443?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Alexander Murmann updated GEODE-10443: -------------------------------------- Labels: needsTriage (was: ) > Update shiro-core to version 1.11.0 for CVE-2022-40664 > ------------------------------------------------------ > > Key: GEODE-10443 > URL: https://issues.apache.org/jira/browse/GEODE-10443 > Project: Geode > Issue Type: Bug > Affects Versions: 1.15.1 > Reporter: Ankush Mittal > Priority: Major > Labels: needsTriage > > As per [https://nvd.nist.gov/vuln/detail/CVE-2022-40664] , > _"Apache Shiro before 1.10.0, Authentication Bypass Vulnerability in Shiro > when forwarding or including via RequestDispatcher."_ > > Geode 1.15.1 bundles version 1.9.1 of shiro-core jar which is vulnerable as > per the CVE. > > Also although the CVE doesn't include "1.10.0", but since more latest version > "1.11.0" is available, logged ticket to bundle the same. -- This message was sent by Atlassian Jira (v8.20.10#820010)