You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@shiro.apache.org by bd...@apache.org on 2020/11/04 21:17:24 UTC
[shiro-site] branch master updated: Fix word on vul page
This is an automated email from the ASF dual-hosted git repository.
bdemers pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/shiro-site.git
The following commit(s) were added to refs/heads/master by this push:
new 403d424 Fix word on vul page
403d424 is described below
commit 403d42414d257ff58a8c16455b11f114feb32f66
Author: Brian Demers <bd...@apache.org>
AuthorDate: Wed Nov 4 16:17:15 2020 -0500
Fix word on vul page
---
security-reports.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/security-reports.md b/security-reports.md
index 05a3ac2..9613b5d 100644
--- a/security-reports.md
+++ b/security-reports.md
@@ -28,7 +28,7 @@ Apache Shiro Vulnerability Reports
###[CVE-2020-17510](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17510)
Apache Shiro before 1.7.0, when using Apache Shiro with Spring, a specially crafted HTTP request may cause an authentication bypass.
-If you are NOT Shiro's Spring Boot Starter (`shiro-spring-boot-web-starter`), you must configure add the [`ShiroRequestMappingConfig` auto configuration to your application](/spring-framework.html#SpringFramework-WebConfig) or configure the [equivalent manually](https://github.com/apache/shiro/blob/shiro-root-1.7.0/support/spring/src/main/java/org/apache/shiro/spring/web/config/ShiroRequestMappingConfig.java#L28-L30).
+If you are NOT using Shiro's Spring Boot Starter (`shiro-spring-boot-web-starter`), you must configure add the [`ShiroRequestMappingConfig` auto configuration to your application](/spring-framework.html#SpringFramework-WebConfig) or configure the [equivalent manually](https://github.com/apache/shiro/blob/shiro-root-1.7.0/support/spring/src/main/java/org/apache/shiro/spring/web/config/ShiroRequestMappingConfig.java#L28-L30).
###[CVE-2020-13933](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13933)
Apache Shiro before 1.6.0, when using Apache Shiro, a specially crafted HTTP request may cause an authentication bypass.