[ https://issues.apache.org/jira/browse/GEODE-10443?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
ASF GitHub Bot updated GEODE-10443: ----------------------------------- Labels: needsTriage pull-request-available (was: needsTriage) > Update shiro-core to version 1.11.0 for CVE-2022-40664 > ------------------------------------------------------ > > Key: GEODE-10443 > URL: https://issues.apache.org/jira/browse/GEODE-10443 > Project: Geode > Issue Type: Bug > Affects Versions: 1.15.1 > Reporter: Ankush Mittal > Priority: Major > Labels: needsTriage, pull-request-available > > As per [https://nvd.nist.gov/vuln/detail/CVE-2022-40664] , > _"Apache Shiro before 1.10.0, Authentication Bypass Vulnerability in Shiro > when forwarding or including via RequestDispatcher."_ > Geode 1.15.1 bundles version 1.9.1 of shiro-core jar which is vulnerable as > per the CVE. > Also although the CVE doesn't include "1.10.0", but since more latest version > "1.11.0" is available, logged ticket to bundle the same. -- This message was sent by Atlassian Jira (v8.20.10#820010)