As Brian said, According to the link you provided, current Shiro versions do not have any vulnerabilities.
The answer to your question (to the best of my understanding) is that all existing vulnerabilities are now fixed. > On Jul 20, 2023, at 1:14 PM, Brian Demers <bdem...@apache.org> wrote: > > > For that version, users are expected to update to a newer minor version. > > On Wed, Jul 19, 2023 at 4:43 PM Mihir Chhaya <mihir.chh...@gmail.com > <mailto:mihir.chh...@gmail.com>> wrote: > Thank you for your response. Following is the link I am referring to for the > Shiro Vulnerabilities associated with respective versions. > > https://mvnrepository.com/artifact/org.apache.shiro/shiro-core > <https://mvnrepository.com/artifact/org.apache.shiro/shiro-core> > > For example - following are reported in version 1.9. > CVE-2022-40664 > <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40664>CVE-2022-32532 > <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32532> > > Thank you, > -Mihir. > > On Wed, Jul 19, 2023 at 1:59 PM <le...@flowlogix.com > <mailto:le...@flowlogix.com>> wrote: > Hi, Mihir, > > I am not quite sure what you are asking. Can you clarify what exact > vulnerabilities you are referring to? > Perhaps a link or two? > > Thank you > >> On Jul 18, 2023, at 7:39 AM, Mihir Chhaya <mihir.chh...@gmail.com >> <mailto:mihir.chh...@gmail.com>> wrote: >> >> Hello, >> >> I see the Authentication bypass vulnerability existing in almost every >> release of the Apache Shiro. >> >> Is there any solution for this? We are evaluating the options to implement >> the security and not able to decide if these vulnerabilities will ever get >> resolved. >> >> Any suggestions? >> >> Thank you, >> -Mihir. >
