You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@shiro.apache.org by le...@flowlogix.com on 2023/11/13 01:05:15 UTC
[ANNOUNCE] Apache Shiro 2.0.0-alpha-4 with fix CVE-2023-46750
The Apache Shiro team is pleased to announce the release of Apache Shiro
version 2.0.0-alpha-4
Apache Shiro is a powerful and easy-to-use Java security framework that
performs authentication, authorization, cryptography, and session
management. With Shiro’s easy-to-understand API, you can quickly and
easily secure any application – from the smallest mobile applications to
the largest web and enterprise applications.
# This is a feature release for 2.x. All changes:
https://github.com/apache/shiro/releases/tag/shiro-root-2.0.0-alpha-4
# CVE-2023-46750:
URL Redirection to Untrusted Site ('Open Redirect') vulnerability when
"form" authentication is used in Apache Shiro.
Mitigation: Update to Apache Shiro 1.13.0+ or 2.0.0-alpha-4+.
# Download and verification instructions are available on our download page:
https://shiro.apache.org/download.html
# For more information on Shiro, please read the documentation:
https://shiro.apache.org/documentation.html
Enjoy!
The Apache Shiro Team