This is an automated email from the ASF dual-hosted git repository. jleroux pushed a commit to branch release18.12 in repository https://gitbox.apache.org/repos/asf/ofbiz-framework.git
The following commit(s) were added to refs/heads/release18.12 by this push: new 91d64809a3 Fixed: [CVE-2023-34478] Apache Shiro, before 1.12.0, is susceptible to a path traversal attack (OFBIZ-12839) 91d64809a3 is described below commit 91d64809a3538d67c6afccbd39499c76f989f249 Author: Jacques Le Roux <jacques.le.r...@les7arts.com> AuthorDate: Sun Jul 23 17:15:30 2023 +0200 Fixed: [CVE-2023-34478] Apache Shiro, before 1.12.0, is susceptible to a path traversal attack (OFBIZ-12839) Only the build.gradle should have been pushed --- build.gradle | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build.gradle b/build.gradle index 27ba69e8f6..b00d066b53 100644 --- a/build.gradle +++ b/build.gradle @@ -205,7 +205,7 @@ dependencies { compile 'org.apache.logging.log4j:log4j-web:2.17.2' //??? compile 'org.apache.poi:poi:3.17' compile 'org.apache.pdfbox:pdfbox:2.0.24' - compile 'org.apache.shiro:shiro-core:1.12.0' + compile 'org.apache.shiro:shiro-core:1.4.0' compile 'org.apache.sshd:sshd-core:1.7.0' compile 'org.apache.tika:tika-core:1.28.4' compile 'org.apache.tika:tika-parsers:1.28.4'