[
https://issues.apache.org/jira/browse/OFBIZ-12866?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17786308#comment-17786308
]
ASF subversion and git services commented on OFBIZ-12866:
---------------------------------------------------------
Commit 7935a14627a86325440516ac6b892a5f9d635e4d in ofbiz-framework's branch
refs/heads/release18.12 from Jacques Le Roux
[ https://gitbox.apache.org/repos/asf?p=ofbiz-framework.git;h=7935a14627 ]
Reverted: Upgrade Apache Shiro to 1.13.0 to fix CVE-2023-46750 (OFBIZ-12866)"
This reverts commit f76c08b0ac64de35fcc458e2ef2a6660507502e0.
This reverts commit 854b3225befa62f6cce694dbaab4dd3953fa9906.
OFBiz is not concerned by CVE-2023-46750
As we don't use Shiro form authentication we can keep the previous setting.
We use Shiro only to encrypt and decrypt date in EntityCrypto class.
> Upgrade Apache Shiro to 1.13.0 to fix CVE-2023-46750
> ----------------------------------------------------
>
> Key: OFBIZ-12866
> URL: https://issues.apache.org/jira/browse/OFBIZ-12866
> Project: OFBiz
> Issue Type: Sub-task
> Components: framework
> Affects Versions: 18.12.09
> Reporter: Jacques Le Roux
> Assignee: Jacques Le Roux
> Priority: Major
> Fix For: 18.12.10
>
>
> See https://lists.apache.org/thread/ff0rq7rykh6zxb7l4dronowpoxrcqkr8 for
> details
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
