You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@shiro.apache.org by "boyqian (Jira)" <ji...@apache.org> on 2022/04/07 02:36:00 UTC

[jira] [Commented] (SHIRO-878) Update Spring Dependencies to 5.2.20

    [ https://issues.apache.org/jira/browse/SHIRO-878?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17518547#comment-17518547 ] 

boyqian commented on SHIRO-878:
-------------------------------

Excuse me. So when will we release a new version of shiro that fixes the spring vulnerability?

> Update Spring Dependencies to 5.2.20
> ------------------------------------
>
>                 Key: SHIRO-878
>                 URL: https://issues.apache.org/jira/browse/SHIRO-878
>             Project: Shiro
>          Issue Type: Dependency upgrade
>          Components: Integration: Spring
>            Reporter: Benjamin Marwell
>            Assignee: Les Hazlewood
>            Priority: Major
>             Fix For: 2.0.0, 1.9.1
>
>
> https://spring.io/blog/2022/03/31/spring-framework-rce-early-announcement



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@shiro.apache.org
For additional commands, e-mail: issues-help@shiro.apache.org