You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@shiro.apache.org by bd...@apache.org on 2022/06/28 19:30:11 UTC
[shiro-site] branch asf-site updated: Update 1.9.1 release info
This is an automated email from the ASF dual-hosted git repository.
bdemers pushed a commit to branch asf-site
in repository https://gitbox.apache.org/repos/asf/shiro-site.git
The following commit(s) were added to refs/heads/asf-site by this push:
new 47f04aa9c Update 1.9.1 release info
47f04aa9c is described below
commit 47f04aa9cd0d11610c1fc65648900293ffb490d6
Author: Brian Demers <bd...@apache.org>
AuthorDate: Tue Jun 28 15:30:05 2022 -0400
Update 1.9.1 release info
---
.well-known/security.txt | 2 +-
blog/2022/06/28/apache-shiro-191-released.html | 24 +++++++++++++++++-------
feed.xml | 16 +++++++++++++---
index.html | 2 +-
news.html | 2 +-
5 files changed, 33 insertions(+), 13 deletions(-)
diff --git a/.well-known/security.txt b/.well-known/security.txt
index 68d2f3f86..d4536d032 100644
--- a/.well-known/security.txt
+++ b/.well-known/security.txt
@@ -1,5 +1,5 @@
Contact: mailto:security@shiro.apache.org
-Expires: 2023-06-28T18:11:54Z
+Expires: 2023-06-28T18:31:10Z
Preferred-Languages: en
Canonical: https://shiro.apache.org/.well-known/security.txt
Policy: https://shiro.apache.org/security-reports.html
\ No newline at end of file
diff --git a/blog/2022/06/28/apache-shiro-191-released.html b/blog/2022/06/28/apache-shiro-191-released.html
index 496fdcf71..683b57401 100644
--- a/blog/2022/06/28/apache-shiro-191-released.html
+++ b/blog/2022/06/28/apache-shiro-191-released.html
@@ -18,7 +18,7 @@
<html lang="en">
<head>
<meta charset="utf-8"/>
- <title>Apache Shiro 1.9.1 Released | Apache Shiro</title>
+ <title>1.9.1 available with fix CVE-2022-32532 | Apache Shiro</title>
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta name="author" content="Brian Demers">
<meta name="keywords" content='blog,release'>
@@ -28,16 +28,16 @@
<meta name="google-site-verification" content="gBTYOG8lMfNb_jrWrH3kFbudpEs_WrAJ2lb2-zLRaso"/>
<meta name="msvalidate.01" content="0B57EB46CBFAD8FD45008D2DB6B6C68C">
- <meta property="og:title" content="Apache Shiro 1.9.1 Released | Apache Shiro"/>
- <meta property="article:published_time" content="2022-06-28T18:10:57Z"/>
- <meta name="publish_date" property="og:publish_date" content="2022-06-28T18:10:57Z"/>
+ <meta property="og:title" content="1.9.1 available with fix CVE-2022-32532 | Apache Shiro"/>
+ <meta property="article:published_time" content="2022-06-28T18:30:09Z"/>
+ <meta name="publish_date" property="og:publish_date" content="2022-06-28T18:30:09Z"/>
<meta name="twitter:creator" content="@briandemers" />
<meta property="profile:first_name" content="Brian" />
<meta property="profile:last_name" content="Demers" />
<meta property="og:type" content="article"/>
<meta name="twitter:card" content="summary" />
<meta name="twitter:site" content="@ApacheShiro" />
- <meta property="article:modification_time" content="2022-06-28T18:10:57Z"/>
+ <meta property="article:modification_time" content="2022-06-28T18:30:09Z"/>
<meta property="article:tag" content='blog'/>
<meta property="article:tag" content='release'/>
<meta property="og:locale" content="en_US" />
@@ -187,13 +187,13 @@
</nav>
<div class="page-header">
- <h1>Apache Shiro 1.9.1 Released</h1>
+ <h1>1.9.1 available with fix CVE-2022-32532</h1>
</div>
<p>
<em>Published by <a rel="author" href="https://twitter.com/@briandemers">Brian Demers</a> on the
- <time datetime="2022-06-28T18:10:57Z">28th of June, 2022</time>
+ <time datetime="2022-06-28T18:30:09Z">28th of June, 2022</time>
</em>
</p>
@@ -215,6 +215,16 @@ This is a feature release for 1.x.</p>
<p>You can learn more on <a href="https://issues.apache.org/jira/projects/SHIRO/versions/12351487">Jira, Release 1.9.1</a>.</p>
</div>
<div class="sect2">
+<h3 id="cve_2022_32532">CVE-2022-32532</h3>
+<div class="paragraph">
+<p>Apache Shiro before 1.9.1, A RegexRequestMatcher can be misconfigured to be bypassed on some servlet containers. Applications using RegExPatternMatcher with <code>.</code> in the regular expression are possibly vulnerable to an authorization bypass.</p>
+</div>
+<div class="paragraph">
+<p>Credit:
+Apache Shiro would like the thank 4ra1n for reporting this issue.</p>
+</div>
+</div>
+<div class="sect2">
<h3 id="bug">Bug</h3>
<div class="ulist">
<ul>
diff --git a/feed.xml b/feed.xml
index f1c1bea53..fd4bb4d18 100644
--- a/feed.xml
+++ b/feed.xml
@@ -4,7 +4,7 @@
<subtitle>Simple. Java. Security.</subtitle>
<link href="https://shiro.apache.org/"/>
<link rel="self" href="https://shiro.apache.org/feed.xml" />
- <updated>2022-06-28T18:11:54Z</updated>
+ <updated>2022-06-28T18:31:10Z</updated>
<author>
<name>Les Hazlewood</name>
@@ -28,10 +28,10 @@
<logo>/images/apache-shiro-logo.png</logo>
<entry>
- <title>Apache Shiro 1.9.1 Released</title>
+ <title>1.9.1 available with fix CVE-2022-32532</title>
<link href="https://shiro.apache.org/blog/2022/06/28/apache-shiro-191-released.html"/>
<id>https://shiro.apache.org/blog/2022/06/28/apache-shiro-191-released.html</id>
- <updated>2022-06-28T18:10:57Z</updated>
+ <updated>2022-06-28T18:30:09Z</updated>
<author>
<name>Brian Demers</name>
</author>
@@ -54,6 +54,16 @@ This is a feature release for 1.x.</p>
<p>You can learn more on <a href="https://issues.apache.org/jira/projects/SHIRO/versions/12351487">Jira, Release 1.9.1</a>.</p>
</div>
<div class="sect2">
+<h3 id="cve_2022_32532">CVE-2022-32532</h3>
+<div class="paragraph">
+<p>Apache Shiro before 1.9.1, A RegexRequestMatcher can be misconfigured to be bypassed on some servlet containers. Applications using RegExPatternMatcher with <code>.</code> in the regular expression are possibly vulnerable to an authorization bypass.</p>
+</div>
+<div class="paragraph">
+<p>Credit:
+Apache Shiro would like the thank 4ra1n for reporting this issue.</p>
+</div>
+</div>
+<div class="sect2">
<h3 id="bug">Bug</h3>
<div class="ulist">
<ul>
diff --git a/index.html b/index.html
index b857f7ca0..24ccc31fe 100644
--- a/index.html
+++ b/index.html
@@ -290,7 +290,7 @@
<div class="card-body">
<div>
- <a href="blog/2022/06/28/apache-shiro-191-released.html"><h4 class="news-title">Apache Shiro 1.9.1 Released</h4></a>
+ <a href="blog/2022/06/28/apache-shiro-191-released.html"><h4 class="news-title">1.9.1 available with fix CVE-2022-32532</h4></a>
<p><small>by Brian Demers on 2022-06-28</small></p>
</div>
<div>
diff --git a/news.html b/news.html
index 182e11a62..4fbae7d81 100644
--- a/news.html
+++ b/news.html
@@ -181,7 +181,7 @@
<h4>June 2022</h4>
<ul>
- <li>28 - <a href="blog/2022/06/28/apache-shiro-191-released.html">Apache Shiro 1.9.1 Released</a></li>
+ <li>28 - <a href="blog/2022/06/28/apache-shiro-191-released.html">1.9.1 available with fix CVE-2022-32532</a></li>
</ul>
<h4>March 2022</h4>
<ul>