This is an automated email from the ASF dual-hosted git repository.
jleroux pushed a commit to branch release18.12
in repository https://gitbox.apache.org/repos/asf/ofbiz-framework.git
The following commit(s) were added to refs/heads/release18.12 by this push:
new 91d64809a3 Fixed: [CVE-2023-34478] Apache Shiro, before 1.12.0, is
susceptible to a path traversal attack (OFBIZ-12839)
91d64809a3 is described below
commit 91d64809a3538d67c6afccbd39499c76f989f249
Author: Jacques Le Roux <[email protected]>
AuthorDate: Sun Jul 23 17:15:30 2023 +0200
Fixed: [CVE-2023-34478] Apache Shiro, before 1.12.0, is susceptible to a
path traversal attack (OFBIZ-12839)
Only the build.gradle should have been pushed
---
build.gradle | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/build.gradle b/build.gradle
index 27ba69e8f6..b00d066b53 100644
--- a/build.gradle
+++ b/build.gradle
@@ -205,7 +205,7 @@ dependencies {
compile 'org.apache.logging.log4j:log4j-web:2.17.2' //???
compile 'org.apache.poi:poi:3.17'
compile 'org.apache.pdfbox:pdfbox:2.0.24'
- compile 'org.apache.shiro:shiro-core:1.12.0'
+ compile 'org.apache.shiro:shiro-core:1.4.0'
compile 'org.apache.sshd:sshd-core:1.7.0'
compile 'org.apache.tika:tika-core:1.28.4'
compile 'org.apache.tika:tika-parsers:1.28.4'
