This is an automated email from the ASF dual-hosted git repository.
bdemers pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/shiro-site.git
The following commit(s) were added to refs/heads/master by this push:
new d63b3cc add security notice to shiro site
d63b3cc is described below
commit d63b3ccf2ac1e2f493563737484db72de1845782
Author: Brian Demers <[email protected]>
AuthorDate: Mon Jun 22 10:46:03 2020 -0400
add security notice to shiro site
---
security-reports.md | 3 +++
1 file changed, 3 insertions(+)
diff --git a/security-reports.md b/security-reports.md
index f039de7..26ae89f 100644
--- a/security-reports.md
+++ b/security-reports.md
@@ -25,6 +25,9 @@ A [more detailed description of the
process](http://www.apache.org/security/comm
Apache Shiro Vulnerability Reports
----------------------------------
+###[CVE-2020-1957](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11989)
+Apache Shiro before 1.5.3, when using Apache Shiro with Spring dynamic
controllers, a specially crafted request may cause an authentication bypass.
+
###[CVE-2020-1957](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1957)
Apache Shiro before 1.5.2, when using Apache Shiro with Spring dynamic
controllers, a specially crafted request may cause an authentication bypass.
