Correction, The first line should have read: > The Shiro team is pleased to announce the release of Apache Shiro version 1.5.2.
Sorry for the cut/paste error - Brian On Mon, Mar 23, 2020 at 2:13 PM Brian Demers <[email protected]> wrote: > The Shiro team is pleased to announce the release of Apache Shiro version > 1.4.2. > > This security release contains 3 fixes since the 1.5.1 release and is > available for Download now [1]. > > CVE-2020-1957: > Apache Shiro before 1.5.2, when using Apache Shiro with Spring dynamic > controllers, > a specially crafted request may cause an authentication bypass. > > Release binaries (.jars) are also available through Maven Central and > source bundles through Apache distribution mirrors. > > For more information on Shiro, please read the documentation [2]. > > -The Apache Shiro Team > > [1] http://shiro.apache.org/download.html > [2] http://shiro.apache.org/documentation.html > >
