This is an automated email from the ASF dual-hosted git repository.
bdemers pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/shiro-site.git
The following commit(s) were added to refs/heads/main by this push:
new 75d260f8e Update 1.9.1 release info
75d260f8e is described below
commit 75d260f8ecd1130a9fac162170c35c5460a0c5e3
Author: Brian Demers <[email protected]>
AuthorDate: Tue Jun 28 15:30:28 2022 -0400
Update 1.9.1 release info
---
src/site/content/blog/2022/06/28/apache-shiro-191-released.adoc | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/src/site/content/blog/2022/06/28/apache-shiro-191-released.adoc
b/src/site/content/blog/2022/06/28/apache-shiro-191-released.adoc
index 2861f5ae2..250259971 100644
--- a/src/site/content/blog/2022/06/28/apache-shiro-191-released.adoc
+++ b/src/site/content/blog/2022/06/28/apache-shiro-191-released.adoc
@@ -17,7 +17,7 @@
# under the License.
////
-= Apache Shiro 1.9.1 Released
+= 1.9.1 available with fix CVE-2022-32532
Brian Demers
:jbake-date: 2022-06-28
:jbake-type: post
@@ -35,6 +35,12 @@ This release solves 6 issues since the 1.9.1 release and is
available for downlo
You can learn more on
link:https://issues.apache.org/jira/projects/SHIRO/versions/12351487[Jira,
Release 1.9.1].
+=== CVE-2022-32532
+Apache Shiro before 1.9.1, A RegexRequestMatcher can be misconfigured to be
bypassed on some servlet containers. Applications using RegExPatternMatcher
with `.` in the regular expression are possibly vulnerable to an authorization
bypass.
+
+Credit:
+Apache Shiro would like the thank 4ra1n for reporting this issue.
+
=== Bug
* [https://issues.apache.org/jira/browse/SHIRO-829[SHIRO-829]] -
