This is an automated email from the ASF dual-hosted git repository. jleroux pushed a commit to branch trunk in repository https://gitbox.apache.org/repos/asf/ofbiz-framework.git
The following commit(s) were added to refs/heads/trunk by this push: new 3d34f5be1e Fixed: [CVE-2023-34478] Apache Shiro, before 1.12.0, is susceptible to a path traversal attack (OFBIZ-12839) 3d34f5be1e is described below commit 3d34f5be1ee0ce27eb3cc029baa961acf160dbbe Author: Jacques Le Roux <jacques.le.r...@les7arts.com> AuthorDate: Sat Jul 22 19:01:02 2023 +0200 Fixed: [CVE-2023-34478] Apache Shiro, before 1.12.0, is susceptible to a path traversal attack (OFBIZ-12839) See https://lists.apache.org/thread/jowcs5nd4tz5fxwl1mqkqnvyrwwx59qo for details --- build.gradle | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build.gradle b/build.gradle index f052b43d1a..5303048d66 100644 --- a/build.gradle +++ b/build.gradle @@ -243,7 +243,7 @@ dependencies { implementation 'org.apache.logging.log4j:log4j-core:2.19.0' // Somehow needed by Buildbot to compile OFBizDynamicThresholdFilter.java implementation 'org.apache.poi:poi:4.1.2' // poi-ooxml-schemas-5.0.0.pom'. Received status code 401 from server implementation 'org.apache.pdfbox:pdfbox:2.0.27' - implementation 'org.apache.shiro:shiro-core:1.10.1' + implementation 'org.apache.shiro:shiro-core:1.12.0' implementation 'org.apache.sshd:sshd-core:2.9.1' implementation 'org.apache.sshd:sshd-sftp:2.9.1' implementation 'org.apache.tika:tika-core:2.5.0'