You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@shiro.apache.org by bm...@apache.org on 2021/10/08 19:28:56 UTC
[shiro-site] branch jbake updated: delete wiki export fragments:
This is an automated email from the ASF dual-hosted git repository.
bmarwell pushed a commit to branch jbake
in repository https://gitbox.apache.org/repos/asf/shiro-site.git
The following commit(s) were added to refs/heads/jbake by this push:
new a07ed5c delete wiki export fragments:
new d432eb7 Merge pull request #109 from bmarwell/jbake
a07ed5c is described below
commit a07ed5ce1b19e730e6e2e9635aa11610c0e233d7
Author: Benjamin Marwell <bm...@apache.org>
AuthorDate: Fri Oct 8 21:28:10 2021 +0200
delete wiki export fragments:
- inclusionslibrary.md
- navigation.md
- getting-started-block.md
Converted pages:
- security-reports.adoc
- developer-resources.adoc
- graduation-resolution.adoc
---
developer-resources.md.vtl | 39 --------------
getting-started-block.md | 5 --
inclusionslibrary.md | 22 --------
jbake/content/developer-resources.adoc | 48 +++++++++++++++++
.../content/graduation-resolution.adoc | 17 +++---
.../content/security-reports.adoc | 61 ++++++++++++++--------
navigation.md | 34 ------------
7 files changed, 98 insertions(+), 128 deletions(-)
diff --git a/developer-resources.md.vtl b/developer-resources.md.vtl
deleted file mode 100644
index b9e38ee..0000000
--- a/developer-resources.md.vtl
+++ /dev/null
@@ -1,39 +0,0 @@
-<a name="DeveloperResources-ApacheShiroDeveloperResources"></a>
-#[[#Apache Shiro Developer Resources]]#
-
-This page and its children are dedicated for reference information used by the Apache Shiro development team when performing tasks as a committer or contributor
-
-<a name="DeveloperResources-WritingDocumentation"></a>
-#[[##Writing Documentation]]#
-
-All non-JavaDoc documentation is managed in our [apache/shiro-site](https://github.com/apache/shiro-site) repo.
-
-<a name="DeveloperResources-SourceCodeRepository"></a>
-#[[##Source Code Repository]]#
-
-We use a Git repository located at [git://git.apache.org/shiro.git](git://git.apache.org/shiro.git).
-
-Active development is done in the `main` branch, and maintenance typically on the `1.2.x` branch.
-
-<a name="DeveloperResources-BuildingfromGit"></a>
-#[[###Building from Git]]#
-
-For Shiro cutting-edge development, you can clone the code from Git and build it using [Maven](http://maven.apache.org) 2.2+:
-
-1. Check out the code:
-
- ``` bash
- git clone https://github.com/apache/shiro.git
- ```
-
-2. Build the project using [Maven](http://maven.apache.org) 3.x+:
-
- ``` bash
- cd shiro
- mvn install
- ```
-
- The resulting artifacts will be in your local M2 Repo under the org.apache.shiro group.
-
-#danger('Cutting-edge development', 'When building from `main` or any branches, use the generated artifacts at your own risk! Current and previous stable releases will always be available via the <a href="download.html" title="Download">Download</a> page.')
-<input type="hidden" id="ghEditPage" value="developer-resources.md.vtl"></input>
diff --git a/getting-started-block.md b/getting-started-block.md
deleted file mode 100644
index 7fe8d1b..0000000
--- a/getting-started-block.md
+++ /dev/null
@@ -1,5 +0,0 @@
-<a name="GettingStartedBlock-GetStartedin10MinuteswithShiro"></a>
-##Get Started in 10 Minutes with Shiro
-
-Try out Shiro for yourself with our [10 Minute Tutorial](10-minute-tutorial.html "10 Minute Tutorial"). And if you have any questions about Shiro, please check out our [community forum](forums.html "Forums") or [user mailing list](mailing-lists.html "Mailing Lists") for answers from the community.
-<input type="hidden" id="ghEditPage" value="getting-started-block.md"></input>
diff --git a/inclusionslibrary.md b/inclusionslibrary.md
deleted file mode 100644
index 3881e39..0000000
--- a/inclusionslibrary.md
+++ /dev/null
@@ -1,22 +0,0 @@
-The children of this page contain information which is **included in other pages**. This is a library of re-usable information chunks.
-
-If you want to change any of these pages, be aware that:
-
-* Changing page names is problematic — you will need to change all the {include} and {excerpt-include} macros manually.
-* The content is used in many places — make sure your change is generic enough to fit the contexts in which the pages are used.
-
-To include an excerpt from a page:
-
-```
-{excerpt-include:_page name|nopanel=true}
-```
-
-Note that the page titled '_page name' must contain the {excerpt} macro, otherwise the {excerpt-include} will not work.
-
-To include the entire contents of a page"
-
-```
-{include:page name|nopanel=true}
-```
-
-<input type="hidden" id="ghEditPage" value="inclusionslibrary.md"></input>
diff --git a/jbake/content/developer-resources.adoc b/jbake/content/developer-resources.adoc
new file mode 100644
index 0000000..c2c5653
--- /dev/null
+++ b/jbake/content/developer-resources.adoc
@@ -0,0 +1,48 @@
+[#DeveloperResources-ApacheShiroDeveloperResources]
+= Apache Shiro Developer Resources
+:jbake-type: page
+:jbake-status: published
+:jbake-tags: development, git, clone, main, master, trunk, mavne
+:idprefix:
+:icons: font
+
+This page is dedicated for reference information used by the Apache Shiro development team when performing tasks as a committer or contributor.
+
+[#DeveloperResources-WritingDocumentation]
+== Writing Documentation
+
+All non-JavaDoc documentation is managed in our https://github.com/apache/shiro-site[apache/shiro-site] repo.
+
+[#DeveloperResources-SourceCodeRepository]
+== Source Code Repository
+
+We use a Git repository located at git://git.apache.org/shiro.git.
+You can also browse the mirrored repository on GitHub, located at link:https://github.com/apache/shiro-site[].
+
+Active development is done in the `main` branch, and maintenance typically on the `1.N.x` branch (where `N` is the current feature release and `x` is static).
+
+[#DeveloperResources-BuildingfromGit]
+=== Building from Git
+
+For Shiro cutting-edge development, you can clone the code from Git and build it using http://maven.apache.org[Maven] 3.6+:
+
+1. Check out the code:
++
+[source,bash]
+----
+git clone https://github.com/apache/shiro.git
+----
+2. Build the project using http://maven.apache.org[Maven] 3.6+:
++
+[source,bash]
+----
+cd shiro
+mvn verify
+----
+
+[CAUTION]
+.Cutting-edge development
+====
+When building from `main` or any branches, use the generated artifacts at your own risk!
+Current and previous stable releases will always be available via the link:/download.html[Download] page.
+====
diff --git a/graduation-resolution.md b/jbake/content/graduation-resolution.adoc
similarity index 90%
rename from graduation-resolution.md
rename to jbake/content/graduation-resolution.adoc
index d07c8b3..5350fba 100644
--- a/graduation-resolution.md
+++ b/jbake/content/graduation-resolution.adoc
@@ -1,7 +1,13 @@
-<a name="GraduationResolution-ApacheShiroGraduationResolution"></a>
-#Apache Shiro Graduation Resolution
-
-``` nohighlight
+[#GraduationResolution-ApacheShiroGraduationResolution]
+= Apache Shiro Graduation Resolution
+:jbake-type: page
+:jbake-status: published
+:jbake-tags: events, meetings
+:idprefix:
+:icons: font
+
+[source,nohighlight]
+----
Establish Apache Shiro Project
WHEREAS, the Board of Directors deems it to be in the best
@@ -52,5 +58,4 @@ Incubator Shiro podling; and be it further
RESOLVED, that all responsibility pertaining to the Apache
Incubator Shiro podling encumbered upon the Apache Incubator
PMC are hereafter discharged.
-```
-<input type="hidden" id="ghEditPage" value="graduation-resolution.md"></input>
+----
diff --git a/security-reports.md b/jbake/content/security-reports.adoc
similarity index 51%
rename from security-reports.md
rename to jbake/content/security-reports.adoc
index 03f723a..4b54934 100644
--- a/security-reports.md
+++ b/jbake/content/security-reports.adoc
@@ -1,58 +1,75 @@
+= Security Reports
+:jbake-type: page
+:jbake-status: published
+:jbake-tags: events, meetings
+:idprefix:
+:icons: font
+:toc:
-Reporting a vulnerability
--------------------------
+== Reporting a vulnerability
We strongly encourage people to report security vulnerabilities privately to our security list before disclosing them in a public forum.
-Please note that the e-mail address below should only be used for reporting undisclosed security vulnerabilities in Apache Shiro and managing the process of fixing such vulnerabilities. We cannot accept regular bug reports or other queries at this address.
+Please note that the e-mail address below should only be used for reporting undisclosed security vulnerabilities in Apache Shiro and managing the process of fixing such vulnerabilities.
+We cannot accept regular bug reports or other queries at this address.
-[security@shiro.apache.org](mailto:security@shiro.apache.org)
+link:mailto:security@shiro.apache.org[security@shiro.apache.org]
-
-Vulnerability Handling Process
-------------------------------
+== Vulnerability Handling Process
An overview of the vulnerability handling process is:
-* The reporter reports the vulnerability privately to [security@shiro.apache.org](mailto:security@shiro.apache.org).
+* The reporter reports the vulnerability privately to link:mailto:security@shiro.apache.org[security@shiro.apache.org].
* The Apache Shiro PMC team works privately with the reporter to resolve the vulnerability.
* A new release of the Apache Shiro concerned is made that includes the fix.
* The vulnerability is publicly announced.
-A [more detailed description of the process](http://www.apache.org/security/committers.html) has been written for committers. Reporters of security vulnerabilities may also find it useful.
+A http://www.apache.org/security/committers.html[more detailed description of the process] has been written for committers. Reporters of security vulnerabilities may also find it useful.
+
+== Apache Shiro Vulnerability Reports
+
+=== link:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41303[CVE-2021-41303]
+Apache Shiro before 1.8.0, when using Apache Shiro with Spring Boot, a specially crafted HTTP request may cause an authentication bypass.
-Apache Shiro Vulnerability Reports
-----------------------------------
+=== https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17523[CVE-2020-17523]
-###[CVE-2020-17523](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17523)
Apache Shiro before 1.7.1, when using Apache Shiro with Spring, a specially crafted HTTP request may cause an authentication bypass.
-###[CVE-2020-17510](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17510)
+=== https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17510[CVE-2020-17510]
+
Apache Shiro before 1.7.0, when using Apache Shiro with Spring, a specially crafted HTTP request may cause an authentication bypass.
-If you are NOT using Shiro's Spring Boot Starter (`shiro-spring-boot-web-starter`), you must configure add the [`ShiroRequestMappingConfig` auto configuration to your application](/spring-framework.html#SpringFramework-WebConfig) or configure the [equivalent manually](https://github.com/apache/shiro/blob/shiro-root-1.7.0/support/spring/src/main/java/org/apache/shiro/spring/web/config/ShiroRequestMappingConfig.java#L28-L30).
+If you are NOT using Shiro's Spring Boot Starter (`shiro-spring-boot-web-starter`), you must configure add the link:/spring-framework.html#SpringFramework-WebConfig[`ShiroRequestMappingConfig` auto configuration to your application] or configure the https://github.com/apache/shiro/blob/shiro-root-1.7.0/support/spring/src/main/java/org/apache/shiro/spring/web/config/ShiroRequestMappingConfig.java#L28-L30[equivalent manually].
+
+=== https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13933[CVE-2020-13933]
-###[CVE-2020-13933](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13933)
Apache Shiro before 1.6.0, when using Apache Shiro, a specially crafted HTTP request may cause an authentication bypass.
-###[CVE-2020-11989](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11989)
+=== https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11989[CVE-2020-11989]
+
Apache Shiro before 1.5.3, when using Apache Shiro with Spring dynamic controllers, a specially crafted request may cause an authentication bypass.
-###[CVE-2020-1957](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1957)
+=== https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1957[CVE-2020-1957]
+
Apache Shiro before 1.5.2, when using Apache Shiro with Spring dynamic controllers, a specially crafted request may cause an authentication bypass.
-###[CVE-2019-12422](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12422)
+=== https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12422[CVE-2019-12422]
+
Apache Shiro before 1.4.2, when using the default "remember me" configuration, cookies could be susceptible to a padding attack.
-###[CVE-2016-6802](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6802)
+=== https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6802[CVE-2016-6802]
+
Apache Shiro before 1.3.2 allows attackers to bypass intended servlet filters and gain access by leveraging use of a non-root servlet context path.
-###[CVE-2016-4437](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4437)
+=== https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4437[CVE-2016-4437]
+
Apache Shiro before 1.2.5, when a cipher key has not been configured for the "remember me" feature, allows remote attackers to execute arbitrary code or bypass intended access restrictions via an unspecified request parameter.
-###[CVE-2014-0074](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0074)
+=== https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0074[CVE-2014-0074]
+
Apache Shiro 1.x before 1.2.3, when using an LDAP server with unauthenticated bind enabled, allows remote attackers to bypass authentication via an empty (1) username or (2) password.
-###[CVE-2010-3863](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3863)
+=== https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3863[CVE-2010-3863]
+
Apache Shiro before 1.1.0, and JSecurity 0.9.x, does not canonicalize URI paths before comparing them to entries in the shiro.ini file, which allows remote attackers to bypass intended access restrictions via a crafted request, as demonstrated by the /./account/index.jsp URI.
diff --git a/navigation.md b/navigation.md
deleted file mode 100644
index 8defa9d..0000000
--- a/navigation.md
+++ /dev/null
@@ -1,34 +0,0 @@
-* [Home](index.html)
-* [Download](download.html)
-
-* [About](about.html)
-
- * [What is Shiro](what-is-shiro.html)
- * [Features](features.html)
- * [News](news.html)
- * [Events](events.html)
- * [License](license.html)
-
-* [Documentation](documentation.html)
-
- * [10 Minute Tutorial](10-minute-tutorial.html)
- * [Guides](guides.html)
- * [Reference Manual](reference.html)
- * [Articles](articles.html)
- * [API](http://shiro.apache.org/static/current/apidocs)
-
-* [Contribute](how-to-contribute.html)
-
- * [How to Contribute](how-to-contribute.html)
- * [Donate to ASF](http://www.apache.org/foundation/sponsorship.html)
- * [Developer Resources](developer-resources.html)
-
-* [Community Support](support.html)
-
- * [Mailing Lists](mailing-lists.html)
- * [Forums](forums.html)
- * [Issue & Bug Tracking](issues.html)
-
-* [Commercial Support](commercial-support.html)
-
-<input type="hidden" id="ghEditPage" value="navigation.md"></input>