No major changes required. There were some minor package renames, which what made it go 2.0
> On Jul 20, 2023, at 9:44 PM, Mihir Chhaya <[email protected]> wrote: > > Ok - Thank you all for your help. > On a different note; Are there any major design changes between 1.x and 2.x > versions? > If we go ahead with the 1.9.1+ version, would our application need to go > through major rework when upgrading to 2.x? > > Thank you, > -Mihir. > > On Thu, Jul 20, 2023 at 5:13 PM <[email protected] > <mailto:[email protected]>> wrote: > As Brian said, > According to the link you provided, current Shiro versions do not have any > vulnerabilities. > > The answer to your question (to the best of my understanding) is that all > existing vulnerabilities are now fixed. > >> On Jul 20, 2023, at 1:14 PM, Brian Demers <[email protected] >> <mailto:[email protected]>> wrote: >> >> >> For that version, users are expected to update to a newer minor version. >> >> On Wed, Jul 19, 2023 at 4:43 PM Mihir Chhaya <[email protected] >> <mailto:[email protected]>> wrote: >> Thank you for your response. Following is the link I am referring to for the >> Shiro Vulnerabilities associated with respective versions. >> >> https://mvnrepository.com/artifact/org.apache.shiro/shiro-core >> <https://mvnrepository.com/artifact/org.apache.shiro/shiro-core> >> >> For example - following are reported in version 1.9. >> CVE-2022-40664 >> <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40664>CVE-2022-32532 >> <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32532> >> >> Thank you, >> -Mihir. >> >> On Wed, Jul 19, 2023 at 1:59 PM <[email protected] >> <mailto:[email protected]>> wrote: >> Hi, Mihir, >> >> I am not quite sure what you are asking. Can you clarify what exact >> vulnerabilities you are referring to? >> Perhaps a link or two? >> >> Thank you >> >>> On Jul 18, 2023, at 7:39 AM, Mihir Chhaya <[email protected] >>> <mailto:[email protected]>> wrote: >>> >>> Hello, >>> >>> I see the Authentication bypass vulnerability existing in almost every >>> release of the Apache Shiro. >>> >>> Is there any solution for this? We are evaluating the options to implement >>> the security and not able to decide if these vulnerabilities will ever get >>> resolved. >>> >>> Any suggestions? >>> >>> Thank you, >>> -Mihir. >> >
