+0.9 (basically a +1 with a nit)
I think we need to get the 3.x out the door before we commit to an official
EOL for 2.x, but assuming we get 3.x out in 2024, I think these timelines
are reasonable, and +1 specifically for the 1.x EOL end of 2024)
One other thing I'd like to see added/fixed on
Submitted to the board!
On Thu, Jun 13, 2024 at 4:21 PM wrote:
> LGTM. Thanks Brian!
>
> > On Jun 13, 2024, at 10:26 AM, Francois Papon <
> francois.pa...@openobject.fr> wrote:
> >
> > LGTM
> >
> > Thanks Brian!
> >
> > On 13/06/202
The 2024 June ASF board report was due yesterday. I've created an initial
draft here:
https://svn.apache.org/repos/asf/shiro/board/2024-06.txt
Comments, suggestions, additions, and feedback are welcome. Otherwise, it
will be submitted tonight.
Sorry for being late,
-Brian
The report has been published!
On Wed, Mar 13, 2024 at 2:13 AM Francois Papon
wrote:
> +1
>
> Thanks Brian for the report!
>
> regards,
>
> François
>
> On 13/03/2024 02:30, Brian Demers wrote:
> > The 2024 March ASF board report is due tomorrow. I've
The 2024 March ASF board report is due tomorrow. I've created an initial
draft here:
https://svn.apache.org/repos/asf/shiro/board/2024-03.txt
Of note, the GitHub reporter statistics were not working, so this section
is empty.
Comments, suggestions, and feedback are welcome. Otherwise, it will
Major / Minor discussions are always fun.
My personal preference would be to try to label it a 2.1 (but given the
package name differences javax/jakarta that _might_ not be possible)
Maybe we could default to the jakarta versions and move the classifier
version to javax, in a 2.1?
Or maybe
Severity: low
Affected versions:
- Apache Shiro before 1.13.0
- Apache Shiro 2.0.0-alpha-1 before 2.0.0-alpha-4
Description:
Apache Shiro before 1.130 or 2.0.0-alpha-4, may be susceptible to a path
traversal attack that results in an authentication bypass when used together
with path
It's been submitted!
On Wed, Dec 13, 2023 at 11:50 AM Jean-Baptiste Onofré wrote:
>
> +1
>
> LGTM, thanks.
>
> Regards
> JB
>
> On Tue, Dec 12, 2023 at 6:17 PM Brian Demers wrote:
> >
> > The 2023 December ASF board report is due tomorrow. I've created a
The 2023 December ASF board report is due tomorrow. I've created an
initial draft here:
https://svn.apache.org/repos/asf/shiro/board/2023-12.txt
Comments, suggestions, and feedback are welcome. Otherwise, it will
be submitted tomorrow.
Thanks,
-Brian
+1 (binding)
I checked the build for reproducibility (based on recommendations
from Hervé Boutemy at Community Over Code - ApacheCon).
Assuming I ran the command correctly, I checked the 1.13.0 tag and source
dist by running:
mvn install artifact:compare -Pdocs,apache-release -DskipITs
My personal preference is GH Actions
On Mon, Oct 30, 2023 at 4:11 PM Richard Zowalla wrote:
> From the side line:
>
> We are using GH actions to publish snapshots in OpenNLP.
> It isn't a problem. INFRA can add the necessary secrets.
>
> Gruß
> Richard
>
> On 2023/10/29 11:09:11 Tamás Cservenák
Submitted!
On Wed, Sep 13, 2023 at 9:37 AM Jean-Baptiste Onofré
wrote:
> Looks good to me. Thanks !
>
> Regards
> JB
>
> On Tue, Sep 12, 2023 at 10:53 PM Brian Demers wrote:
> >
> > The 2023 September ASF board report is due tomorrow. I've created an
> &g
The 2023 September ASF board report is due tomorrow. I've created an
initial draft here:
https://svn.apache.org/repos/asf/shiro/board/2023-09.txt
Comments, suggestions, and feedback are welcome. Otherwise, it will be
submitted tomorrow.
NOTE: I left a comment in the report about the stats
Severity: important
Affected versions:
- Apache Shiro before 1.12.0
- Apache Shiro before 2.0.0-alpha-3
Description:
Apache Shiro, before 1.12.0 or 2.0.0-alpha-3, may be susceptible to a path
traversal attack that results in an authentication bypass when used together
with APIs or other web
+1 (binding)
On Tue, Jul 11, 2023 at 9:57 AM fpapon wrote:
> This is a call to vote in favor of releasing Apache Shiro version 1.12.0.
>
> We solved 1 Issue:
>
> https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12310950=12353403
>
> Maven Staging repo:
>
Submitted!
On Wed, Jun 14, 2023 at 5:21 PM Lenny Primak wrote:
> LGTM
> Thanks Brian
>
> > On Jun 14, 2023, at 2:12 PM, Brian Demers wrote:
> >
> > The 2023 June ASF board report is due today (sorry for the late notice).
> > I've created an
>
The 2023 June ASF board report is due today (sorry for the late notice).
I've created an
initial draft here:
https://svn.apache.org/repos/asf/shiro/board/2023-06.txt
Comments, suggestions, and feedback are welcome. Otherwise, it will
be submitted tonight.
Thanks,
-Brian
has other thoughts or opinions on the topic, please let us
> know!
> > -Brian
> >
> > On Wed, Apr 5, 2023 at 9:24 AM Jean-Baptiste Onofré
> wrote:
> >
> >> +1 for me, no objections.
> >>
> >> Regards
> >> JB
> >
involved here.
If anyone has other thoughts or opinions on the topic, please let us know!
-Brian
On Wed, Apr 5, 2023 at 9:24 AM Jean-Baptiste Onofré wrote:
> +1 for me, no objections.
>
> Regards
> JB
>
> On Fri, Mar 31, 2023 at 3:40 PM Brian Demers wrote:
> >
> >
We received a suggestion from the last board report to consider switching
from JIRA to GitHub issues.
The ASF JIRA instance no longer allows users to self-sign-up (though it
DOES allow us to invite others). This is largely due to spam.
Most developers have a GitHub account (and that is where most
The 2023 March ASF board report is due soon. I've created an
initial draft here:
https://svn.apache.org/repos/asf/shiro/board/2023-03.txt
Comments, suggestions, and feedback are welcome. Otherwise, it will
be submitted on the 15th.
NOTE: I feel like I'm missing something, there are a few
+1
On Fri, Jan 20, 2023 at 5:25 AM fpapon wrote:
> Hi,
>
> After several discussion on the mailing, I would like to start a vote to
> set the minimal version of the JDK to the version 11 starting to Shiro 2.x.
>
> Vote open for 72 hours:
>
> [ ] +1 (set JDK11 min version for Shiro 2.x)
> [ ] +0
The Apache Shiro team is pleased to announce the release of Apache Shiro
version 1.11.0.
This is a feature release for 1.x.
This release solves 3 issues since the 1.11.0 release and is available for
download now[1].
This release includes classifiers for the Jakarta namespace.
CVE-2023-22602
Description:
When using Apache Shiro before 1.11.0 together with Spring Boot 2.6+, a
specially crafted HTTP request may cause an authentication bypass.
The authentication bypass occurs when Shiro and Spring Boot are using different
pattern-matching techniques. Both Shiro and Spring Boot < 2.6
The vote has passed with the following result:
+1: Lenny Primak, Benjamin Marwell, Francois Papon, Jean-Baptiste Onofré
PMC quorum: reached
I will promote the source release zip file to the Apache distribution area
and
the artifacts to the central repo.
-Brian
This is a call to vote in favor of releasing Apache Shiro version 1.11.0.
NOTE: This is the second attempt at this release, additional fixes
for SHIRO-889 have been added since the previous attempt.
We solved 2 Issues:
Hi,
The vote has failed with the following result:
+1: François Papon, Jean-Baptiste Onofré, Benjamin Marwell
-1 Lenny Primak (problem with the new Jakarta packaging)
Lenny already has a patch in, we will re-rerun the release shortly.
- Brian
This is a call to vote in favor of releasing Apache Shiro version 1.11.0.
We solved 2 Issues:
Published! Thanks, everyone!
On Fri, Dec 16, 2022 at 3:10 PM Lenny Primak wrote:
> Thanks Brian!
> Looks good to me as well
>
> > On Dec 16, 2022, at 9:38 AM, Brian Demers wrote:
> >
> > The 2022 December ASF board report is due today. I've created an
> >
The 2022 December ASF board report is due today. I've created an
initial draft here:
https://svn.apache.org/repos/asf/shiro/board/2022-12.txt
Comments, suggestions, and feedback are welcome. Otherwise, it will
be submitted later today.
Thanks,
-Brian
+1
On Fri, Dec 9, 2022 at 6:21 AM Benjamin Marwell wrote:
> +1
>
>
>
>
> On Thu, 8 Dec 2022, 22:22 , wrote:
>
> > This will enable people to at least try to use modern Jakarta and JPMS
> > without enabling snapshots and adding Apache snapshot repo
> >
> >
>
+1 (binding)
Side note: the JIRA release notes link in the original mail requires you to
sign in to JIRA, this one _should_ be public:
https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12310950=12352460
On Tue, Nov 15, 2022 at 12:23 PM Jean-Baptiste Onofré
wrote:
> +1 (binding)
A pull request would be awesome! Thank you!
-Brian
> On Oct 18, 2022, at 3:41 PM, Julian Fernandez wrote:
>
> Hi all,
>
> I noticed that in 1.10.0, classes which override DefaultWebEnvironment need
> to initialize ShiroFilterConfiguration or an NPE will be thrown when
> ShiroFilter.init is
The Shiro team is pleased to announce the release of Apache Shiro version 1
.10.0.
This security release contains 7 fixes since the 1.9.1 release and is
available for Download now [1].
CVE-2022-40664:
Apache Shiro before 1.10.0, Authentication Bypass Vulnerability in Shiro
when forwarding or
The vote passes with 3 binding votes.
I'll get everything ready and send the announcement out in the morning.
Thanks, everyone!
-Brian
On Mon, Oct 10, 2022 at 4:03 PM Brian Demers wrote:
> +1 (binding)
>
> On Sat, Oct 8, 2022 at 3:06 AM fpapon wrote:
>
>> +1 (binding)
+1 (binding)
On Sat, Oct 8, 2022 at 3:06 AM fpapon wrote:
> +1 (binding)
>
> Thanks Brian!
>
> regards,
>
> Francois
>
> On 07/10/2022 17:46, Brian Demers wrote:
> > This is a call to vote in favor of releasing Apache Shiro version 1.10.0.
> >
This is a call to vote in favor of releasing Apache Shiro version 1.10.0.
We solved 6 Issues:
https://issues.apache.org/jira/issues/?jql=project%20%3D%20SHIRO%20AND%20fixVersion%20%3D%201.10.0
Maven Staging repo:
https://repository.apache.org/content/repositories/orgapacheshiro-1042
the work around jakarta and also that we are thinking
> about the roadmap for the 2.0.0.
>
> I don't know if it make sense but we could add that many of security
> report by user are based on a bad spring module integration/documentation.
>
> Regards,
>
> Francois
>
The 2022 September ASF board report is due tomorrow. I've created an
initial draft here:
https://svn.apache.org/repos/asf/shiro/board/2022-09.txt
Comments, suggestions, and feedback are welcome. Otherwise, it will
be submitted end of the day tomorrow.
Thanks,
-Brian
There are a couple of potential issues here, in general we would need to
understand more of the details of your application:
https://stackoverflow.com/help/how-to-ask
I'll make some guesses though.
Your logic might be triggering some sort of database (or similar) lookup,
which would be the slow
The Shiro team is pleased to announce the release of Apache Shiro version
1.9.1.
This security release contains 6 fixes since the 1.9.0 release and is
available for Download now [1].
Improvement
* [SHIRO-871] - ActiveDirectoryRealm - append suffix only if missing
from username
*
ing)
>
> Regards
> JB
>
> On Fri, Jun 24, 2022 at 9:46 PM Benjamin Marwell
> wrote:
> >
> > +1
> >
> > By the way: Not all modules are reproducible yet.
> >
> > Am Do., 23. Juni 2022 um 21:31 Uhr schrieb Brian Demers <
> bdem...@apache.org>
This is a call to vote in favor of releasing Apache Shiro version 1.9.1.
We solved 6 Issues:
https://issues.apache.org/jira/issues/?jql=project%20%3D%20SHIRO%20AND%20fixVersion%20%3D%201.9.1%20AND%20(status%20!%3D%20Open%20and%20status%20!%3D%20%22In%20Progress%22)%20ORDER%20BY%20priority%20DESC
+1
On Thu, Jun 23, 2022 at 2:40 PM Benjamin Marwell
wrote:
> Hi everyone,
>
> I'd suggest we create a blog post on shiro.apache.org that we might
> provide a shaded version of Shiro with the "jakarta" classifier soon.
> It seems to draw attention.
>
> What do you think?
> Ben
>
The 2022 June ASF board report is due today. I've created an
initial draft here:
https://svn.apache.org/repos/asf/shiro/board/2022-06.txt
Comments, suggestions, and feedback are welcome. Otherwise, it will
be submitted later tonight.
Thanks,
-Brian
Great questions! There are a few things in here, so I'll add some thoughts
inline:
On Sat, May 21, 2022 at 4:03 AM Steinar Bang wrote:
> Something I've been wondering for a while, is "Why isn't OAuth on the
> checklist of protocols supported by Shiro?"
>
As with anything, it comes down to time
+1 (binding)
Thanks Francois!!
On Thu, Mar 17, 2022 at 12:17 PM Jean-Baptiste Onofré
wrote:
> +1 (binding)
>
> Thanks,
> Regards
> JB
>
> On Wed, Mar 16, 2022 at 1:55 PM Francois Papon <
> francois.pa...@openobject.fr>
> wrote:
>
> > This is a call to vote in favor of releasing Apache Shiro
ree with that, I can cancel the vote and restart it next week?
>
> regards,
>
> On 11/03/2022 05:31, Brian Demers wrote:
>> Good catch on the notice and the release notes!
>>
>> I think we should respin the release because of this, these files are
>> included in the
Good catch on the notice and the release notes!
I think we should respin the release because of this, these files are
included in the source-zip (even though the last release missed them)
Sorry Francois, I know you have already done this twice,I can volunteer to
help next week when I'm back at my
The report has been submitted.
On Wed, Mar 9, 2022 at 11:55 PM Jean-Baptiste Onofré
wrote:
> Thanks Brian !
>
> It looks good to me.
>
> Regards
> JB
>
> On Wed, Mar 9, 2022 at 11:33 PM Brian Demers
> wrote:
>
>> Doh!
>>
>> Sorry everyone, tha
any content. I gonna try with another
> client.
>
> Regards
> JB
>
> Le mer. 9 mars 2022 à 15:15, Francois Papon
> a écrit :
>
>> Hi Brian,
>>
>> It seems like the file is empty.
>>
>> regards,
>>
>> François
>>
>> On
The 2022 March ASF board report is due tomorrow. I've created an
initial draft here:
https://svn.apache.org/repos/asf/shiro/board/2022-03.txt
Comments, suggestions, and feedback are welcome. Otherwise, it will
be submitted tomorrow.
Thanks,
-Brian
+1 !
On Tue, Feb 15, 2022 at 5:07 AM Jean-Baptiste Onofré
wrote:
> +1
>
> Regards
> JB
>
> On Tue, Feb 15, 2022 at 8:01 AM Benjamin Marwell
> wrote:
> >
> > Hello Shiro devs and users!
> >
> > As discussed on the dev list, there seems to be a majority in favour
> > of not deploying
+1 !!
On Mon, Feb 14, 2022 at 6:29 AM Benjamin Marwell
wrote:
> Hi all!
>
> Looking at the deploy/upload times and the usage stats,
> not deploying some of the modules might be a good idea.
>
> We could set maven.deploy.skip=true for some modules, especially:
>
> * integration tests
> *
+1 ship it!
On Thu, Jan 27, 2022 at 2:18 AM Francois Papon
wrote:
> Hi,
>
> Big +1!
>
> All looks good to me :)
>
> I think that we could missed some conversion (in the formatting) because
> there is a lot of content but most of them seems to be ok.
>
> regards,
>
> François
>
> On 21/01/2022
That should work, keep us posted!
On Wed, Dec 8, 2021 at 11:37 AM Steinar Bang wrote:
>
> >>>>> Brian Demers :
>
> > Cookies will get processed, but if you are using some other form of
> > header based auth they wouldn't be (unless you a corresponding filter
The report has been submitted
On Tue, Dec 7, 2021 at 2:28 PM Brian Demers wrote:
>
> The 2021 December ASF board report is due tomorrow. I've created an
> initial draft here:
>
> https://svn.apache.org/repos/asf/shiro/board/2021-12.txt
>
> Comments, suggestions, and
Cookies will get processed, but if you are using some other form of
header based auth they wouldn't be (unless you a corresponding filter
configured)
On Tue, Dec 7, 2021 at 5:04 PM Steinar Bang wrote:
>
> Question:
>
> when I do this:
>
> > [main]
> > authc =
You can also use `@RequireRoles("myapprole")` annotation instead of
the permission one.
I think the problem you might be running into is the
`PassThruAuthenticationFilter` doesn't have a "permissive" option, so
it's likely redirecting on that fitler.
To work around this, you could use the form
The 2021 December ASF board report is due tomorrow. I've created an
initial draft here:
https://svn.apache.org/repos/asf/shiro/board/2021-12.txt
Comments, suggestions, and feedback are welcome. Otherwise, it will
be submitted tomorrow.
Thanks to Benjamin (bmarwell) for putting this together!
This post is a little old (dependency wise), but it should still be accurate.
See the bit about the "permissive" filter.
https://stormpath.com/blog/protecting-jax-rs-resources-rbac-apache-shiro
If you go this route, you will need to ensure you are checking access
another way: annotation, another
Done!
Features pages:
https://github.com/apache/shiro-site/pull/88
Contrib pages on top of that (to avoid conflicts)
https://github.com/apache/shiro-site/pull/89
I think there are still a handful of pages that are not actually used (like
navigation.md)
The backstory is the site was originally
The 2021 September ASF board report is due tomorrow. I've created an
initial draft here:
https://svn.apache.org/repos/asf/shiro/board/2021-09.txt
Comments, suggestions, and feedback are welcome. Otherwise, it will be
submitted tomorrow.
Thanks,
-Brian
+1 for the change, we need a static site generator, that has some community
support!
(and another +1 for Asciidoc support, we have a few custom Velocity macros
that do things like create "Info" quote blocks which Asciidoc supports
directly)
Some other thoughts:
Minimizing system dependencies
+1 (binding)
On Tue, Aug 24, 2021 at 10:33 AM Francois Papon <
francois.pa...@openobject.fr> wrote:
> +1 (binding)
>
> Thanks Benjamin for the release!
>
> regards,
>
> François
> fpa...@apache.org
>
> Le 23/08/2021 à 21:16, Benjamin Marwell a écrit :
> > This is a call to vote in favor of
[
https://issues.apache.org/jira/browse/SHIRO-216?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17403327#comment-17403327
]
Brian Demers commented on SHIRO-216:
PR [merged]: https://github.com/apache/shiro/pull/318
>
[
https://issues.apache.org/jira/browse/SHIRO-206?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17401276#comment-17401276
]
Brian Demers commented on SHIRO-206:
IIRC, it was pulled out of main because it didn't have tests
+1 to remove
JSF support could be done in a third-party repo until it gains more
support/usage (and a few folks to help maintain it)
(said third-party repo could also be pushed to Maven Central)
Another option is to create a `apache/shiro-labs` git repo to test out
ideas for things that are NOT
General +1
I don't think these modules are used without shiro-core. shiro-core depends
on all of these modules, and that is what ends up getting used.
The only downside i would see is the case of 3rd party implementations of
things like cache or crypto. These current modules are pretty small
[
https://issues.apache.org/jira/browse/SHIRO-826?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17383639#comment-17383639
]
Brian Demers commented on SHIRO-826:
Hey [~sgessner]!
I just had a chance to dig into this a bit
[
https://issues.apache.org/jira/browse/SHIRO-826?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17382097#comment-17382097
]
Brian Demers commented on SHIRO-826:
Thanks [~sgessner]!
Any chance you have anything in your logs
[
https://issues.apache.org/jira/browse/SHIRO-825?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17375994#comment-17375994
]
Brian Demers commented on SHIRO-825:
[~zalbee], nm I found the test gap... I was looking in the wrong
On Thu, Jun 17, 2021 at 11:28 PM Jean-Baptiste Onofre
wrote:
> +1
>
> Regards
> JB
>
> > Le 16 juin 2021 à 19:38, Brian Demers a écrit :
> >
> > I'm going to split the current dev list and auto add current
> `dev@shiro.a.o`
> > subscribers to a new `
wrote:
> big +1 :)
>
> regards,
>
> François
> fpa...@apache.org
>
> Le 26/05/2021 à 23:54, Brian Demers a écrit :
> > Currently, both JIRA and Gitbox notifications are sent to the dev list
> > (current traffic):
> > https://mail-archives.apache.org/mod_mb
[
https://issues.apache.org/jira/browse/SHIRO-815?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17360116#comment-17360116
]
Brian Demers commented on SHIRO-815:
@Surya, we strongly encourage you to upgrade regardless
The 2021 June ASF board report is due tomorrow. I've created an initial
draft here:
https://svn.apache.org/repos/asf/shiro/board/2021-06.txt
Comments, suggestions, and feedback are welcome. Otherwise, it will be
submitted tomorrow.
Thanks,
-Brian
Thanks for the report!
This should be fixed in this PR, if you are interested:
https://github.com/apache/shiro-site/pull/83
On Sat, Jun 5, 2021 at 8:21 AM k4n5ha0 <9199...@qq.com> wrote:
> in this url
> http://shiro.apache.org/news.html
>
> i found :
>
> Apache Shiro 1.7.0 Released
> The Shiro
[
https://issues.apache.org/jira/browse/SHIRO-824?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17358749#comment-17358749
]
Brian Demers commented on SHIRO-824:
Hey [~k4n5hao]!
The mailing lists are a better place to ask
[
https://issues.apache.org/jira/browse/SHIRO-824?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Brian Demers closed SHIRO-824.
--
Resolution: Not A Problem
> how to create an allow list avoid deserialize vulnerabil
[
https://issues.apache.org/jira/browse/SHIRO-821?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17352212#comment-17352212
]
Brian Demers commented on SHIRO-821:
Oh, you are suggesting that there is just a missing ‘trim()’ call
[
https://issues.apache.org/jira/browse/SHIRO-821?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17352094#comment-17352094
]
Brian Demers commented on SHIRO-821:
[~nidhikv], I'm not sure I understand.
Your patterns end
Currently, both JIRA and Gitbox notifications are sent to the dev list
(current traffic):
https://mail-archives.apache.org/mod_mbox/shiro-dev/202105.mbox/browser
I propose moving the GitHub/Gitbox notifications to only
comm...@shiro.apache.org
And move JIRA notifications to a new
[
https://issues.apache.org/jira/browse/SHIRO-821?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17352049#comment-17352049
]
Brian Demers edited comment on SHIRO-821 at 5/26/21, 9:11 PM:
--
That looks
[
https://issues.apache.org/jira/browse/SHIRO-821?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17352049#comment-17352049
]
Brian Demers commented on SHIRO-821:
That looks like a bug to me that has now been corrected. `"
[
https://issues.apache.org/jira/browse/SHIRO-821?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17351875#comment-17351875
]
Brian Demers commented on SHIRO-821:
[~nidhikv] I've tried to quickly reproduce this issue
[
https://issues.apache.org/jira/browse/SHIRO-821?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Brian Demers updated SHIRO-821:
---
Description:
Hi,
Not sure if this is a bug but there appears to be a difference in the
way
[
https://issues.apache.org/jira/browse/SHIRO-821?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Brian Demers updated SHIRO-821:
---
Description:
Hi,
Not sure if this is a bug but there appears to be a difference in the
way
You can try to upgrade the jars, but I’d recommend contacting the vendor and
get them to upgrade the parcel.
-Brian
> On Apr 24, 2021, at 9:25 PM, zh0122 wrote:
>
> could any one help to check this?
>
> Thanks
>
> zh0122 于2021年4月22日周四 下午3:17写道:
>
>> Hello,
>>
>> As the Shiro has a bug
+1
On Fri, Apr 16, 2021 at 9:01 AM wrote:
> Hi,
>
> I would like to propose to rename all of our git branches as main on all
> of our branches:
>
> - https://github.com/apache/shiro
>
> - https://github.com/apache/shiro-site
>
> Any objections?
>
> regards,
>
> --
> François
> fpa...@apache.org
Brian Demers created SHIRO-813:
--
Summary: Create private git repo `shiro-private`
Key: SHIRO-813
URL: https://issues.apache.org/jira/browse/SHIRO-813
Project: Shiro
Issue Type: New Git Repo
[
https://issues.apache.org/jira/browse/SHIRO-730?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Brian Demers reassigned SHIRO-730:
--
Assignee: (was: Brian Demers)
> Updates the default Cipher mode to GCM in AesCipherServ
[
https://issues.apache.org/jira/browse/SHIRO-730?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Brian Demers reassigned SHIRO-730:
--
Assignee: Brian Demers
> Updates the default Cipher mode to GCM in AesCipherServ
Hey Roberto,
Sorry about the delay on this one, I originally thought we had answered
your question.
The commit you are looking for is
https://github.com/apache/shiro/commit/dc194fc977ab6cfbf3c1ecb085e2bac5db14af6d
If you are maintaining a 1.3.x package this is going to become more
difficult, is
The report has been submitted!
On Wed, Mar 10, 2021 at 8:00 AM Benjamin Marwell
wrote:
> Short and precise. LGTM.
>
> Am Mi., 10. März 2021 um 09:16 Uhr schrieb :
> >
> > LGTM!
> >
> > Thanks Brian
> >
> > regards,
> >
> > François
&
The 2021 March ASF board report is due tomorrow. I've created an initial
draft here:
https://svn.apache.org/repos/asf/shiro/board/2021-03.txt
Comments, suggestions, and feedback are welcome. Otherwise, it will be
submitted tomorrow.
Thanks,
-Brian
[
https://issues.apache.org/jira/browse/SHIRO-808?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Brian Demers resolved SHIRO-808.
Resolution: Incomplete
> security enhance
>
>
> Ke
[
https://issues.apache.org/jira/browse/SHIRO-808?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17285301#comment-17285301
]
Brian Demers commented on SHIRO-808:
Blocklists are not an effective mechanism for this type of attack
Hey Andrew,
Per my original email, we have been off of the CMS for years. If there are
pages still on the CMS that we are unaware of, please let us know and we
will take care of them ASAP!
-Brian
On Wed, Feb 3, 2021 at 8:57 AM Andrew Wetmore wrote:
> Hello, and happy New Year.
>
> Is there
+1 (binding)
On Thu, Jan 28, 2021 at 12:02 AM Jean-Baptiste Onofre
wrote:
> +1 (binding)
>
> Regards
> JB
>
> > Le 27 janv. 2021 à 22:10, Benjamin Marwell a
> écrit :
> >
> > This is a call to vote in favor of releasing Apache Shiro version 1.7.1.
> >
> > The 1 issue solved for 1.7.1:
> >
> >
[
https://issues.apache.org/jira/browse/SHIRO-803?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17250602#comment-17250602
]
Brian Demers commented on SHIRO-803:
Nothing set, but if you are interested, start a thread on the dev
1 - 100 of 763 matches
Mail list logo