You are viewing a plain text version of this content. The canonical link for it is here.

Posted to user@shiro.apache.org by fpapon <fp...@apache.org> on 2023/11/12 08:27:10 UTC

[ANNOUNCE] Apache Shiro 1.13.0 with fix CVE-2023-46750

The Apache Shiro team is pleased to announce the release of Apache Shiro 
version 1.13.0.

Apache Shiro is a powerful and easy-to-use Java security framework that 
performs authentication, authorization, cryptography, and session 
management. With Shiro’s easy-to-understand API, you can quickly and 
easily secure any application – from the smallest mobile applications to 
the largest web and enterprise applications.


# This is a feature release for 1.x:

This release solves 2 issues since the 1.13.0 release and is available 
for download now.

# All changes:

https://github.com/apache/shiro/releases/tag/shiro-root-1.13.0

# CVE-2023-46750:

URL Redirection to Untrusted Site ('Open Redirect') vulnerability when 
"form" authentication is used in Apache Shiro.

Mitigation: Update to Apache Shiro 1.13.0+ or 2.0.0-alpha-4+.

# Download and verification instructions are available on our download page:

https://shiro.apache.org/download.html

# For more information on Shiro, please read the documentation:

https://shiro.apache.org/documentation.html


Enjoy!

The Apache Shiro Team

-- 
--
François