You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@shiro.apache.org by bd...@apache.org on 2020/11/04 21:12:25 UTC
[shiro-site] branch master updated: Add ref to spring doc in sec
report
This is an automated email from the ASF dual-hosted git repository.
bdemers pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/shiro-site.git
The following commit(s) were added to refs/heads/master by this push:
new dda385e Add ref to spring doc in sec report
dda385e is described below
commit dda385e3818e60ea40eb494e9b8104dec15fcd9c
Author: Brian Demers <bd...@apache.org>
AuthorDate: Wed Nov 4 16:12:16 2020 -0500
Add ref to spring doc in sec report
---
security-reports.md | 2 ++
1 file changed, 2 insertions(+)
diff --git a/security-reports.md b/security-reports.md
index f49613f..05a3ac2 100644
--- a/security-reports.md
+++ b/security-reports.md
@@ -28,6 +28,8 @@ Apache Shiro Vulnerability Reports
###[CVE-2020-17510](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17510)
Apache Shiro before 1.7.0, when using Apache Shiro with Spring, a specially crafted HTTP request may cause an authentication bypass.
+If you are NOT Shiro's Spring Boot Starter (`shiro-spring-boot-web-starter`), you must configure add the [`ShiroRequestMappingConfig` auto configuration to your application](/spring-framework.html#SpringFramework-WebConfig) or configure the [equivalent manually](https://github.com/apache/shiro/blob/shiro-root-1.7.0/support/spring/src/main/java/org/apache/shiro/spring/web/config/ShiroRequestMappingConfig.java#L28-L30).
+
###[CVE-2020-13933](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13933)
Apache Shiro before 1.6.0, when using Apache Shiro, a specially crafted HTTP request may cause an authentication bypass.