You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@shiro.apache.org by bd...@apache.org on 2022/06/28 19:30:11 UTC

[shiro-site] branch asf-site updated: Update 1.9.1 release info

This is an automated email from the ASF dual-hosted git repository.

bdemers pushed a commit to branch asf-site
in repository https://gitbox.apache.org/repos/asf/shiro-site.git


The following commit(s) were added to refs/heads/asf-site by this push:
     new 47f04aa9c Update 1.9.1 release info
47f04aa9c is described below

commit 47f04aa9cd0d11610c1fc65648900293ffb490d6
Author: Brian Demers <bd...@apache.org>
AuthorDate: Tue Jun 28 15:30:05 2022 -0400

    Update 1.9.1 release info
---
 .well-known/security.txt                       |  2 +-
 blog/2022/06/28/apache-shiro-191-released.html | 24 +++++++++++++++++-------
 feed.xml                                       | 16 +++++++++++++---
 index.html                                     |  2 +-
 news.html                                      |  2 +-
 5 files changed, 33 insertions(+), 13 deletions(-)

diff --git a/.well-known/security.txt b/.well-known/security.txt
index 68d2f3f86..d4536d032 100644
--- a/.well-known/security.txt
+++ b/.well-known/security.txt
@@ -1,5 +1,5 @@
 Contact: mailto:security@shiro.apache.org
-Expires: 2023-06-28T18:11:54Z
+Expires: 2023-06-28T18:31:10Z
 Preferred-Languages: en
 Canonical: https://shiro.apache.org/.well-known/security.txt
 Policy: https://shiro.apache.org/security-reports.html
\ No newline at end of file
diff --git a/blog/2022/06/28/apache-shiro-191-released.html b/blog/2022/06/28/apache-shiro-191-released.html
index 496fdcf71..683b57401 100644
--- a/blog/2022/06/28/apache-shiro-191-released.html
+++ b/blog/2022/06/28/apache-shiro-191-released.html
@@ -18,7 +18,7 @@
 <html lang="en">
   <head>
     <meta charset="utf-8"/>
-    <title>Apache Shiro 1.9.1 Released | Apache Shiro</title>
+    <title>1.9.1 available with fix CVE-2022-32532 | Apache Shiro</title>
     <meta name="viewport" content="width=device-width, initial-scale=1.0">
     <meta name="author" content="Brian Demers">
     <meta name="keywords" content='blog,release'>
@@ -28,16 +28,16 @@
     <meta name="google-site-verification" content="gBTYOG8lMfNb_jrWrH3kFbudpEs_WrAJ2lb2-zLRaso"/>
     <meta name="msvalidate.01" content="0B57EB46CBFAD8FD45008D2DB6B6C68C">
 
-    <meta property="og:title" content="Apache Shiro 1.9.1 Released | Apache Shiro"/>
-    <meta property="article:published_time" content="2022-06-28T18:10:57Z"/>
-    <meta name="publish_date" property="og:publish_date" content="2022-06-28T18:10:57Z"/>
+    <meta property="og:title" content="1.9.1 available with fix CVE-2022-32532 | Apache Shiro"/>
+    <meta property="article:published_time" content="2022-06-28T18:30:09Z"/>
+    <meta name="publish_date" property="og:publish_date" content="2022-06-28T18:30:09Z"/>
     <meta name="twitter:creator" content="@briandemers" />
     <meta property="profile:first_name" content="Brian" />
     <meta property="profile:last_name" content="Demers" />
     <meta property="og:type" content="article"/>
       <meta name="twitter:card" content="summary" />
     <meta name="twitter:site" content="@ApacheShiro" />
-    <meta property="article:modification_time" content="2022-06-28T18:10:57Z"/>
+    <meta property="article:modification_time" content="2022-06-28T18:30:09Z"/>
     <meta property="article:tag" content='blog'/>
     <meta property="article:tag" content='release'/>
     <meta property="og:locale" content="en_US" />
@@ -187,13 +187,13 @@
     </nav>
 
 	<div class="page-header">
-		<h1>Apache Shiro 1.9.1 Released</h1>
+		<h1>1.9.1 available with fix CVE-2022-32532</h1>
 	</div>
 
 
 	<p>
 		<em>Published by <a rel="author" href="https://twitter.com/@briandemers">Brian Demers</a>&nbsp;on the
-			<time datetime="2022-06-28T18:10:57Z">28th of June, 2022</time>
+			<time datetime="2022-06-28T18:30:09Z">28th of June, 2022</time>
 		</em>
 	</p>
 
@@ -215,6 +215,16 @@ This is a feature release for 1.x.</p>
 <p>You can learn more on <a href="https://issues.apache.org/jira/projects/SHIRO/versions/12351487">Jira, Release 1.9.1</a>.</p>
 </div>
 <div class="sect2">
+<h3 id="cve_2022_32532">CVE-2022-32532</h3>
+<div class="paragraph">
+<p>Apache Shiro before 1.9.1, A RegexRequestMatcher can be misconfigured to be bypassed on some servlet containers. Applications using RegExPatternMatcher with <code>.</code> in the regular expression are possibly vulnerable to an authorization bypass.</p>
+</div>
+<div class="paragraph">
+<p>Credit:
+Apache Shiro would like the thank 4ra1n for reporting this issue.</p>
+</div>
+</div>
+<div class="sect2">
 <h3 id="bug">Bug</h3>
 <div class="ulist">
 <ul>
diff --git a/feed.xml b/feed.xml
index f1c1bea53..fd4bb4d18 100644
--- a/feed.xml
+++ b/feed.xml
@@ -4,7 +4,7 @@
   <subtitle>Simple. Java. Security.</subtitle>
   <link href="https://shiro.apache.org/"/>
   <link rel="self" href="https://shiro.apache.org/feed.xml" />
-  <updated>2022-06-28T18:11:54Z</updated>
+  <updated>2022-06-28T18:31:10Z</updated>
 
   <author>
     <name>Les Hazlewood</name>
@@ -28,10 +28,10 @@
   <logo>/images/apache-shiro-logo.png</logo>
 
   <entry>
-    <title>Apache Shiro 1.9.1 Released</title>
+    <title>1.9.1 available with fix CVE-2022-32532</title>
     <link href="https://shiro.apache.org/blog/2022/06/28/apache-shiro-191-released.html"/>
     <id>https://shiro.apache.org/blog/2022/06/28/apache-shiro-191-released.html</id>
-    <updated>2022-06-28T18:10:57Z</updated>
+    <updated>2022-06-28T18:30:09Z</updated>
     <author>
       <name>Brian Demers</name>
     </author>
@@ -54,6 +54,16 @@ This is a feature release for 1.x.&lt;/p&gt;
 &lt;p&gt;You can learn more on &lt;a href=&quot;https://issues.apache.org/jira/projects/SHIRO/versions/12351487&quot;&gt;Jira, Release 1.9.1&lt;/a&gt;.&lt;/p&gt;
 &lt;/div&gt;
 &lt;div class=&quot;sect2&quot;&gt;
+&lt;h3 id=&quot;cve_2022_32532&quot;&gt;CVE-2022-32532&lt;/h3&gt;
+&lt;div class=&quot;paragraph&quot;&gt;
+&lt;p&gt;Apache Shiro before 1.9.1, A RegexRequestMatcher can be misconfigured to be bypassed on some servlet containers. Applications using RegExPatternMatcher with &lt;code&gt;.&lt;/code&gt; in the regular expression are possibly vulnerable to an authorization bypass.&lt;/p&gt;
+&lt;/div&gt;
+&lt;div class=&quot;paragraph&quot;&gt;
+&lt;p&gt;Credit:
+Apache Shiro would like the thank 4ra1n for reporting this issue.&lt;/p&gt;
+&lt;/div&gt;
+&lt;/div&gt;
+&lt;div class=&quot;sect2&quot;&gt;
 &lt;h3 id=&quot;bug&quot;&gt;Bug&lt;/h3&gt;
 &lt;div class=&quot;ulist&quot;&gt;
 &lt;ul&gt;
diff --git a/index.html b/index.html
index b857f7ca0..24ccc31fe 100644
--- a/index.html
+++ b/index.html
@@ -290,7 +290,7 @@
 
         <div class="card-body">
           <div>
-            <a href="blog/2022/06/28/apache-shiro-191-released.html"><h4 class="news-title">Apache Shiro 1.9.1 Released</h4></a>
+            <a href="blog/2022/06/28/apache-shiro-191-released.html"><h4 class="news-title">1.9.1 available with fix CVE-2022-32532</h4></a>
             <p><small>by Brian Demers on 2022-06-28</small></p>
           </div>
           <div>
diff --git a/news.html b/news.html
index 182e11a62..4fbae7d81 100644
--- a/news.html
+++ b/news.html
@@ -181,7 +181,7 @@
       <h4>June 2022</h4>
       <ul>
 
-  <li>28 - <a href="blog/2022/06/28/apache-shiro-191-released.html">Apache Shiro 1.9.1 Released</a></li>
+  <li>28 - <a href="blog/2022/06/28/apache-shiro-191-released.html">1.9.1 available with fix CVE-2022-32532</a></li>
           </ul>
           <h4>March 2022</h4>
           <ul>