This is an automated email from the ASF dual-hosted git repository.
jleroux pushed a commit to branch release22.01
in repository https://gitbox.apache.org/repos/asf/ofbiz-framework.git
The following commit(s) were added to refs/heads/release22.01 by this push:
new 6b19c38b6f Fixed: [CVE-2023-34478] Apache Shiro, before 1.12.0, is
susceptible to a path traversal attack (OFBIZ-12839)
6b19c38b6f is described below
commit 6b19c38b6f384a1ddc2f4917e329fb337c127dde
Author: Jacques Le Roux <jacques.le.r...@les7arts.com>
AuthorDate: Sat Jul 22 19:17:32 2023 +0200
Fixed: [CVE-2023-34478] Apache Shiro, before 1.12.0, is susceptible to a
path traversal attack (OFBIZ-12839)
See https://lists.apache.org/thread/jowcs5nd4tz5fxwl1mqkqnvyrwwx59qo for
details
---
build.gradle | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/build.gradle b/build.gradle
index 6612add0a2..eac8bb299a 100644
--- a/build.gradle
+++ b/build.gradle
@@ -233,7 +233,7 @@ dependencies {
implementation 'org.apache.logging.log4j:log4j-core:2.17.2' // Somehow
needed by Buildbot to compile OFBizDynamicThresholdFilter.java
implementation 'org.apache.poi:poi:4.1.2' // poi-ooxml-schemas-5.0.0.pom'.
Received status code 401 from server
implementation 'org.apache.pdfbox:pdfbox:2.0.27'
- implementation 'org.apache.shiro:shiro-core:1.10.1'
+ implementation 'org.apache.shiro:shiro-core:1.12.0'
implementation 'org.apache.sshd:sshd-core:2.8.0'
implementation 'org.apache.sshd:sshd-sftp:2.8.0'
implementation 'org.apache.tika:tika-core:2.5.0'
