You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@shiro.apache.org by r00t 4dm <r0...@gmail.com> on 2021/02/01 06:36:41 UTC
Re: [ANNOUNCE][CVE-2020-17523] Apache Shiro 1.7.1 released
Hi,
> [1] http://shiro.apache.org/download.html
> [2] http://shiro.apache.org/documentation.html
There pages is not update.
Regards, r00t4dm
Cloud-Penetrating Arrow Lab of Meituan Corp Information Security Department
> 2021年2月1日 上午7:00,Benjamin Marwell <bm...@apache.org> 写道:
>
> The Shiro team is pleased to announce the release of Apache Shiro version 1.7.1.
>
> This security release contains 1 fix since the 1.7.0 release and is
> available for Download now [1].
>
> Bug
> [SHIRO-797] - Shiro 1.7.0 is lower than using springboot version
> 2.0.7 dependency error
>
> CVE-2020-17523:
> Apache Shiro before 1.7.1, when using Apache Shiro with Spring, a
> specially crafted HTTP request may cause an authentication bypass.
>
> Release binaries (.jars) are also available through Maven Central and
> source bundles through Apache distribution mirrors.
>
> For more information on Shiro, please read the documentation [2].
>
> -The Apache Shiro Team
>
> [1] http://shiro.apache.org/download.html
> [2] http://shiro.apache.org/documentation.html
>
> --
> Benjamin
> bmarwell@apache.org