This is an automated email from the ASF dual-hosted git repository.
bdemers pushed a commit to branch asf-site
in repository https://gitbox.apache.org/repos/asf/shiro-site.git
The following commit(s) were added to refs/heads/asf-site by this push:
new 16485aaeb 1.10.0 blog
16485aaeb is described below
commit 16485aaeb83c58df516f1e6c7e7d2b4e54a87821
Author: Brian Demers <[email protected]>
AuthorDate: Tue Oct 11 22:48:58 2022 -0400
1.10.0 blog
---
.well-known/security.txt | 2 +-
2/index.html | 8 +-
3/index.html | 8 +-
4/index.html | 8 +-
5/index.html | 8 +-
6/index.html | 8 +-
7/index.html | 8 +-
8/index.html | 10 +-
{8 => 9}/index.html | 20 +-
.../10/10/2022/apache-shiro-1101-released.html | 354 +++++++++++++++++++++
feed.xml | 166 +++++++---
index.html | 8 +-
news.html | 7 +-
security-reports.html | 7 +
sitemap.xml | 86 ++---
15 files changed, 566 insertions(+), 142 deletions(-)
diff --git a/.well-known/security.txt b/.well-known/security.txt
index 530ea4206..5557a1d7a 100644
--- a/.well-known/security.txt
+++ b/.well-known/security.txt
@@ -1,5 +1,5 @@
Contact: mailto:[email protected]
-Expires: 2023-10-11T03:11:37Z
+Expires: 2023-10-12T02:45:44Z
Preferred-Languages: en
Canonical: https://shiro.apache.org/.well-known/security.txt
Policy: https://shiro.apache.org/security-reports.html
\ No newline at end of file
diff --git a/2/index.html b/2/index.html
index 9150a1d5d..9572f223b 100644
--- a/2/index.html
+++ b/2/index.html
@@ -289,6 +289,10 @@
</div>
<div class="card-body">
+ <div>
+ <a href="../blog/2021/v1.8.0.html"><h4 class="news-title">Apache
Shiro v1.8.0 released</h4></a>
+ <p><small>by Benjamin Marwell on 2021-08-26</small></p>
+ </div>
<div>
<a href="../blog/2021/v1.7.1.html"><h4 class="news-title">1.7.1
available with fix CVE-2020-17523</h4></a>
<p><small>by Brian Demers on 2021-01-31</small></p>
@@ -305,10 +309,6 @@
<a
href="../blog/2020/05/25/feathercast-with-brian-demers.html"><h4
class="news-title">Feathercast with Brian Demers</h4></a>
<p><small>by Benjamin Marwell on 2020-05-25</small></p>
</div>
- <div>
- <a href="../blog/2020/05/03/apache-shiro-1.5.3-released.html"><h4
class="news-title">Apache Shiro 1.5.3 Released</h4></a>
- <p><small>by The Apache Shiro Team on 2020-05-03</small></p>
- </div>
<hr/>
<nav class="" aria-label="News Pagination">
diff --git a/3/index.html b/3/index.html
index 0c2f9432f..f2c6be395 100644
--- a/3/index.html
+++ b/3/index.html
@@ -289,6 +289,10 @@
</div>
<div class="card-body">
+ <div>
+ <a href="../blog/2020/05/03/apache-shiro-1.5.3-released.html"><h4
class="news-title">Apache Shiro 1.5.3 Released</h4></a>
+ <p><small>by The Apache Shiro Team on 2020-05-03</small></p>
+ </div>
<div>
<a href="../blog/2020/03/25/apache-shiro-152-released.html"><h4
class="news-title">Apache Shiro 1.5.2 Released</h4></a>
<p><small>by The Apache Shiro Team on 2020-03-25</small></p>
@@ -305,10 +309,6 @@
<a href="../blog/2019/11/18/apache-shiro-142-released.html"><h4
class="news-title">Apache Shiro 1.4.2 Released</h4></a>
<p><small>by François Papon on 2019-11-18</small></p>
</div>
- <div>
- <a href="../blog/2019/05/01/apache-shiro-141-released.html"><h4
class="news-title">Apache Shiro 1.4.1 Released</h4></a>
- <p><small>by François Papon on 2019-05-01</small></p>
- </div>
<hr/>
<nav class="" aria-label="News Pagination">
diff --git a/4/index.html b/4/index.html
index 450a05456..1cd281058 100644
--- a/4/index.html
+++ b/4/index.html
@@ -289,6 +289,10 @@
</div>
<div class="card-body">
+ <div>
+ <a href="../blog/2019/05/01/apache-shiro-141-released.html"><h4
class="news-title">Apache Shiro 1.4.1 Released</h4></a>
+ <p><small>by François Papon on 2019-05-01</small></p>
+ </div>
<div>
<a href="../blog/2016/11/14/apache-shiro-140rc2-released.html"><h4
class="news-title">Apache Shiro 1.4.0-RC2 Released</h4></a>
<p><small>by Brian Demers on 2016-11-14</small></p>
@@ -305,10 +309,6 @@
<a href="../blog/2016/07/25/apache-shiro-130-released.html"><h4
class="news-title">Apache Shiro 1.3.0 Released</h4></a>
<p><small>by Brian Demers on 2016-07-25</small></p>
</div>
- <div>
- <a href="../blog/2016/07/05/apache-shiro-126-released.html"><h4
class="news-title">Apache Shiro 1.2.4 Released</h4></a>
- <p><small>by Brian Demers on 2016-07-05</small></p>
- </div>
<hr/>
<nav class="" aria-label="News Pagination">
diff --git a/5/index.html b/5/index.html
index 9fce72f8c..0145f12ea 100644
--- a/5/index.html
+++ b/5/index.html
@@ -289,6 +289,10 @@
</div>
<div class="card-body">
+ <div>
+ <a href="../blog/2016/07/05/apache-shiro-126-released.html"><h4
class="news-title">Apache Shiro 1.2.4 Released</h4></a>
+ <p><small>by Brian Demers on 2016-07-05</small></p>
+ </div>
<div>
<a href="../blog/2016/05/26/apache-shiro-125-released.html"><h4
class="news-title">Apache Shiro 1.2.4 Released</h4></a>
<p><small>by Brian Demers on 2016-05-26</small></p>
@@ -305,10 +309,6 @@
<a href="../blog/2012/07/29/apache-shiro-121-released.html"><h4
class="news-title">Apache Shiro 1.2.1 Released</h4></a>
<p><small>by Les Hazlewood on 2012-07-29</small></p>
</div>
- <div>
- <a href="../blog/2012/03/13/whats-new-in-apache-shiro-12.html"><h4
class="news-title">What’s new in Apache Shiro 1.2?</h4></a>
- <p><small>by Lez Hazelwood on 2012-03-13</small></p>
- </div>
<hr/>
<nav class="" aria-label="News Pagination">
diff --git a/6/index.html b/6/index.html
index ffbc82f06..de374913a 100644
--- a/6/index.html
+++ b/6/index.html
@@ -289,6 +289,10 @@
</div>
<div class="card-body">
+ <div>
+ <a href="../blog/2012/03/13/whats-new-in-apache-shiro-12.html"><h4
class="news-title">What’s new in Apache Shiro 1.2?</h4></a>
+ <p><small>by Lez Hazelwood on 2012-03-13</small></p>
+ </div>
<div>
<a href="../blog/2012/01/24/apache-shiro-120-released.html"><h4
class="news-title">Apache Shiro 1.2.0 Released!</h4></a>
<p><small>by Lez Hazelwood on 2012-01-24</small></p>
@@ -305,10 +309,6 @@
<a
href="../blog/2011/03/14/infoq-article-on-apache-shiro.html"><h4
class="news-title">infoq article on Apache Shiro</h4></a>
<p><small>by Les Hazlewood on 2011-03-14</small></p>
</div>
- <div>
- <a
href="../blog/2011/02/28/java-authorization-guide-with-apache-shiro-posted.html"><h4
class="news-title">Java Authorization Guide with Apache Shiro posted</h4></a>
- <p><small>by Alex Salazar on 2011-02-28</small></p>
- </div>
<hr/>
<nav class="" aria-label="News Pagination">
diff --git a/7/index.html b/7/index.html
index 234186518..cfae95d9e 100644
--- a/7/index.html
+++ b/7/index.html
@@ -289,6 +289,10 @@
</div>
<div class="card-body">
+ <div>
+ <a
href="../blog/2011/02/28/java-authorization-guide-with-apache-shiro-posted.html"><h4
class="news-title">Java Authorization Guide with Apache Shiro posted</h4></a>
+ <p><small>by Alex Salazar on 2011-02-28</small></p>
+ </div>
<div>
<a
href="../blog/2011/02/10/apache-shiro-integration-for-grails-113-released.html"><h4
class="news-title">Apache Shiro integration for Grails 1.1.3 released</h4></a>
<p><small>by Alex Salazar on 2011-02-10</small></p>
@@ -305,10 +309,6 @@
<a href="../blog/2010/11/03/apache-shiro-110-released.html"><h4
class="news-title">Apache Shiro 1.1.0 Released</h4></a>
<p><small>by Les Hazlewood on 2010-11-03</small></p>
</div>
- <div>
- <a
href="../blog/2010/09/24/apache-shiro-becomes-an-apache-top-level-project.html"><h4
class="news-title">Apache Shiro becomes an Apache Top Level Project</h4></a>
- <p><small>by Les Hazlewood on 2010-09-24</small></p>
- </div>
<hr/>
<nav class="" aria-label="News Pagination">
diff --git a/8/index.html b/8/index.html
index 45a848b65..93d426ee1 100644
--- a/8/index.html
+++ b/8/index.html
@@ -289,6 +289,10 @@
</div>
<div class="card-body">
+ <div>
+ <a
href="../blog/2010/09/24/apache-shiro-becomes-an-apache-top-level-project.html"><h4
class="news-title">Apache Shiro becomes an Apache Top Level Project</h4></a>
+ <p><small>by Les Hazlewood on 2010-09-24</small></p>
+ </div>
<div>
<a
href="../blog/2010/09/20/san-francisco-jug-presentation.html"><h4
class="news-title">San Francisco JUG presentation</h4></a>
<p><small>by Les Hazlewood on 2010-09-20</small></p>
@@ -305,17 +309,13 @@
<a
href="../blog/2010/06/01/apache-shiro-100-incubating-released.html"><h4
class="news-title">Apache Shiro 1.0.0-incubating Released!</h4></a>
<p><small>by Les Hazlewood on 2010-06-01</small></p>
</div>
- <div>
- <a href="../blog/2010/03/18/great-source-comments.html"><h4
class="news-title">Great Source Comments</h4></a>
- <p><small>by Les Hazlewood on 2010-03-18</small></p>
- </div>
<hr/>
<nav class="" aria-label="News Pagination">
<ul class="pagination justify-content-center">
<li class="page-item"><a class="page-link" rel="prev"
href="../7">Previous</a></li>
<li class="page-item"><a class="page-link" rel="self"
href="../8">8</a></li>
- <li class="page-item disabled" aria-disabled="true" disabled><a
class="page-link" rel="prev" href="#">Next</a></li>
+ <li class="page-item"><a class="page-link" rel="next"
href="../9">Next</a></li>
<li class="page-item"><a class="page-link"
href="../news.html">Archive</a></li>
</ul>
</nav>
diff --git a/8/index.html b/9/index.html
similarity index 94%
copy from 8/index.html
copy to 9/index.html
index 45a848b65..bd130a469 100644
--- a/8/index.html
+++ b/9/index.html
@@ -289,22 +289,6 @@
</div>
<div class="card-body">
- <div>
- <a
href="../blog/2010/09/20/san-francisco-jug-presentation.html"><h4
class="news-title">San Francisco JUG presentation</h4></a>
- <p><small>by Les Hazlewood on 2010-09-20</small></p>
- </div>
- <div>
- <a
href="../blog/2010/09/14/ibm-developerworks-introduction-to-apache-shiro.html"><h4
class="news-title">IBM DeveloperWorks - Introduction to Apache Shiro</h4></a>
- <p><small>by Les Hazlewood on 2010-09-14</small></p>
- </div>
- <div>
- <a
href="../blog/2010/06/01/sdforum-java-sig-apache-shiro-presentation.html"><h4
class="news-title">SDForum Java SIG Apache Shiro Presentation</h4></a>
- <p><small>by Les Hazlewood on 2010-06-01</small></p>
- </div>
- <div>
- <a
href="../blog/2010/06/01/apache-shiro-100-incubating-released.html"><h4
class="news-title">Apache Shiro 1.0.0-incubating Released!</h4></a>
- <p><small>by Les Hazlewood on 2010-06-01</small></p>
- </div>
<div>
<a href="../blog/2010/03/18/great-source-comments.html"><h4
class="news-title">Great Source Comments</h4></a>
<p><small>by Les Hazlewood on 2010-03-18</small></p>
@@ -313,8 +297,8 @@
<nav class="" aria-label="News Pagination">
<ul class="pagination justify-content-center">
- <li class="page-item"><a class="page-link" rel="prev"
href="../7">Previous</a></li>
- <li class="page-item"><a class="page-link" rel="self"
href="../8">8</a></li>
+ <li class="page-item"><a class="page-link" rel="prev"
href="../8">Previous</a></li>
+ <li class="page-item"><a class="page-link" rel="self"
href="../9">9</a></li>
<li class="page-item disabled" aria-disabled="true" disabled><a
class="page-link" rel="prev" href="#">Next</a></li>
<li class="page-item"><a class="page-link"
href="../news.html">Archive</a></li>
</ul>
diff --git a/blog/2022/10/10/2022/apache-shiro-1101-released.html
b/blog/2022/10/10/2022/apache-shiro-1101-released.html
new file mode 100644
index 000000000..daadb14e8
--- /dev/null
+++ b/blog/2022/10/10/2022/apache-shiro-1101-released.html
@@ -0,0 +1,354 @@
+<!DOCTYPE html>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE- 2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+<html lang="en">
+ <head>
+ <meta charset="utf-8"/>
+ <title>1.10.0 available with fix CVE-2022-40664 | Apache Shiro</title>
+ <meta name="viewport" content="width=device-width, initial-scale=1.0">
+ <meta name="author" content="Brian Demers">
+ <meta name="keywords" content='blog,release'>
+ <meta name="generator" content="JBake">
+ <meta name="google-site-verification"
content="QIax6uT5UX3enoU0G8Pz2pXbQ45KaQuHZ3nCh9V27mw">
+ <meta name="google-site-verification"
content="ecFap6dWJgS_GCCtxmJQJ_nFYQhM6EgSpBPZDU7xsCE">
+ <meta name="google-site-verification"
content="gBTYOG8lMfNb_jrWrH3kFbudpEs_WrAJ2lb2-zLRaso"/>
+ <meta name="msvalidate.01" content="0B57EB46CBFAD8FD45008D2DB6B6C68C">
+
+ <meta property="og:title" content="1.10.0 available with fix
CVE-2022-40664 | Apache Shiro"/>
+ <meta property="article:published_time" content="2022-10-10T00:00:00Z"/>
+ <meta name="publish_date" property="og:publish_date"
content="2022-10-10T00:00:00Z"/>
+ <meta name="twitter:creator" content="@briandemers" />
+ <meta property="profile:first_name" content="Brian" />
+ <meta property="profile:last_name" content="Demers" />
+ <meta property="og:type" content="article"/>
+ <meta name="twitter:card" content="summary" />
+ <meta name="twitter:site" content="@ApacheShiro" />
+ <meta property="article:modification_time" content="2022-10-10T00:00:00Z"/>
+ <meta property="article:tag" content='blog'/>
+ <meta property="article:tag" content='release'/>
+ <meta property="og:locale" content="en_US" />
+ <meta property="og:url"
content='https://shiro.apache.org/blog/2022/10/10/2022/apache-shiro-1101-released.html'/>
+ <meta property="og:image"
content='../../../../../images/shiro-featured-image.png'/>
+ <meta property="og:image:width" content='1200'/>
+ <meta property="og:image:height" content='628'/>
+ <meta property="og:site_name" content="Apache Shiro"/>
+
+ <!-- Le styles -->
+ <link href="../../../../../css/bootstrap.min.css" rel="stylesheet">
+ <link href="../../../../../bootstrap-icons-1.5.0/bootstrap-icons.css"
rel="stylesheet">
+ <link href="../../../../../css/asciidoctor.css" rel="stylesheet">
+ <link href="../../../../../css/base.css" rel="stylesheet">
+ <link href="../../../../../highlight.js-11.2.0/styles/default.min.css"
rel="stylesheet">
+ <link href="../../../../../css/gh-pages/gh-fork-ribbon.css"
rel="stylesheet"/>
+
+ <!-- Fav and touch icons -->
+ <!--<link rel="apple-touch-icon-precomposed" sizes="144x144"
href="../assets/ico/apple-touch-icon-144-precomposed.png">
+ <link rel="apple-touch-icon-precomposed" sizes="114x114"
href="../assets/ico/apple-touch-icon-114-precomposed.png">
+ <link rel="apple-touch-icon-precomposed" sizes="72x72"
href="../assets/ico/apple-touch-icon-72-precomposed.png">
+ <link rel="apple-touch-icon-precomposed"
href="../assets/ico/apple-touch-icon-57-precomposed.png">-->
+ <link rel="shortcut icon" href="../../../../../favicon.ico">
+
+ <!-- Matomo -->
+ <script>
+ var _paq = window._paq = window._paq || [];
+ /* tracker methods like "setCustomDimension" should be called before
"trackPageView" */
+ _paq.push(['disableCookies']);
+ _paq.push(['trackPageView']);
+ _paq.push(['enableLinkTracking']);
+ (function() {
+ var u="//matomo.privacy.apache.org/";
+ _paq.push(['setTrackerUrl', u+'matomo.php']);
+ _paq.push(['setSiteId', '2']);
+ var d=document, g=d.createElement('script'),
s=d.getElementsByTagName('script')[0];
+ g.async=true; g.src=u+'matomo.js'; s.parentNode.insertBefore(g,s);
+ })();
+ </script>
+ <!-- End Matomo Code -->
+ </head>
+ <body>
+ <div id="top-bar"></div>
+ <a class="github-fork-ribbon right-top"
href="https://github.com/apache/shiro"; title="Fork me on GitHub">Fork me on
GitHub</a>
+
+ <div id="wrap">
+
+ <div class="masthead">
+ <p class="lead">
+ <a href="../../../../../index.html"><img
src="../../../../../images/apache-shiro-logo.png" style="height:100px;
width:auto; vertical-align: bottom; margin-top: 20px;" alt="Apache Shiro
Logo"></a>
+ <span class="tagline">Simple. Java. Security.</span>
+ <a class="pull-right"
href="https://www.apache.org/events/current-event.html";>
+ <img style="padding-top: 8px"
src="https://www.apache.org/events/current-event-125x125.png"; alt="Apache
Software Foundation Event Banner"/>
+ </a>
+ </p>
+ </div>
+
+ <!-- Fixed navbar -->
+ <nav class="navbar navbar-expand-lg navbar-light bg-light shadow-sm mb-4">
+ <div class="container-fluid">
+ <button class="navbar-toggler" type="button" data-bs-toggle="collapse"
data-bs-target="#navbarSupportedContent" aria-controls="navbarSupportedContent"
aria-expanded="false" aria-label="Toggle navigation">
+ <span class="navbar-toggler-icon"></span>
+ </button>
+
+ <div class="collapse navbar-collapse" id="navbarSupportedContent">
+ <ul class="navbar-nav me-auto mb-2 mb-lg-0">
+ <li class="nav-item">
+ <a class="nav-link" href="../../../../../get-started.html">Get
Started</a>
+ </li>
+ <li class="nav-item">
+ <a class="nav-link"
href="../../../../../documentation.html">Docs</a>
+ </li>
+
+ <li class="nav-item dropdown">
+ <a class="nav-link dropdown-toggle" href="#"
id="navbarDropdown-webapps" role="button" data-bs-toggle="dropdown"
aria-expanded="false">
+ Web Apps
+ </a>
+ <ul class="dropdown-menu"
aria-labelledby="navbarDropdown-webapps">
+ <li><a class="dropdown-item"
href="../../../../../web.html">General</a></li>
+ <li><a class="dropdown-item"
href="../../../../../jaxrs.html">JAX-RS</a></li>
+ <li><hr class="dropdown-divider"></li>
+ <li><a class="dropdown-item"
href="../../../../../web-features.html">Features</a></li>
+ </ul>
+ </li>
+
+ <li><a class="nav-link"
href="../../../../../features.html">Features</a></li>
+
+ <!-- integrations -->
+ <li class="nav-item dropdown">
+ <a class="nav-link dropdown-toggle" href="#"
id="navbarDropdown-integrations" role="button" data-bs-toggle="dropdown"
aria-expanded="false">
+ Integrations
+ </a>
+ <ul class="dropdown-menu"
aria-labelledby="navbarDropdown-integrations">
+ <li><a class="dropdown-item"
href="../../../../../spring-boot.html">Spring</a></li>
+ <li><a class="dropdown-item"
href="../../../../../guice.html">Guice</a></li>
+ <li><hr class="dropdown-divider"></li>
+ <li><a class="dropdown-item"
href="../../../../../integration.html">Third-Party Integrations</a></li>
+ </ul>
+ </li>
+
+ <!-- Community -->
+ <li class="nav-item dropdown">
+ <a class="nav-link dropdown-toggle" href="#"
id="navbarDropdown-community" role="button" data-bs-toggle="dropdown"
aria-expanded="false">
+ Community
+ </a>
+ <ul class="dropdown-menu"
aria-labelledby="navbarDropdown-community">
+ <li><a class="dropdown-item"
href="../../../../../forums.html">Community Forums</a></li>
+ <li><a class="dropdown-item"
href="../../../../../mailing-lists.html">Mailing Lists</a></li>
+ <li><a class="dropdown-item"
href="../../../../../articles.html">Articles</a></li>
+ <li><a class="dropdown-item"
href="../../../../../news.html">News</a></li>
+ <li><a class="dropdown-item"
href="../../../../../events.html">Events</a></li>
+ <li><hr class="dropdown-divider"></li>
+ <li><a class="dropdown-item"
href="../../../../../community.html">More</a></li>
+ </ul>
+ </li>
+
+ <!-- About -->
+ <li class="nav-item dropdown">
+ <a class="nav-link dropdown-toggle" href="#"
id="navbarDropdown-about" role="button" data-bs-toggle="dropdown"
aria-expanded="false">
+ About
+ </a>
+ <ul class="dropdown-menu" aria-labelledby="navbarDropdown-about">
+ <li><a class="dropdown-item"
href="../../../../../about.html">About</a></li>
+ <li><a class="dropdown-item"
href="../../../../../privacy-policy.html">Privacy Policy</a></li>
+ <li><a class="dropdown-item"
href="../../../../../security-reports.html">Vulnerability Reports</a></li>
+ </ul>
+ </li>
+ </ul>
+
+ <ul class="d-flex justify-content-end navbar-nav mb-2 mb-lg-0">
+ <!-- The ASF -->
+ <li class="nav-item dropdown">
+ <a class="nav-link dropdown-toggle" href="#"
id="navbarDropdown-asf" role="button" data-bs-toggle="dropdown"
aria-expanded="false">
+ Apache Software Foundation
+ </a>
+ <ul class="dropdown-menu" aria-labelledby="navbarDropdown-asf">
+ <li><a class="dropdown-item"
href="http://www.apache.org/";>Apache Homepage</a></li>
+ <li><a class="dropdown-item"
href="http://www.apache.org/licenses/";>License</a></li>
+ <li><a class="dropdown-item"
href="http://www.apache.org/foundation/sponsorship.html";>Sponsorship</a></li>
+ <li><a class="dropdown-item"
href="http://www.apache.org/foundation/thanks.html";>Thanks</a></li>
+ <li><a class="dropdown-item"
href="http://www.apache.org/security/";>Security</a></li>
+ </ul>
+ </li>
+ </ul>
+ </div>
+ </div>
+ </nav>
+
+ <div class="page-header">
+ <h1>1.10.0 available with fix CVE-2022-40664</h1>
+ </div>
+
+
+ <p>
+ <em>Published by <a rel="author"
href="https://twitter.com/@briandemers";>Brian Demers</a> on the
+ <time datetime="2022-10-10T00:00:00Z">10th of October,
2022</time>
+ </em>
+ </p>
+
+ <div id="preamble">
+<div class="sectionbody">
+<div class="paragraph">
+<p>The Shiro team is pleased to announce the release of Apache Shiro version
1.10.0.
+This is a feature release for 1.x.</p>
+</div>
+<div class="paragraph">
+<p>This release solves 7 issues since the 1.9.1 release and is available for
download now.</p>
+</div>
+</div>
+</div>
+<div class="sect1">
+<h2 id="all_changes">All changes</h2>
+<div class="sectionbody">
+<div class="paragraph">
+<p>You can learn more on <a
href="https://issues.apache.org/jira/projects/SHIRO/versions/12351946";>Jira,
Release 1.10.0</a>.</p>
+</div>
+<div class="sect2">
+<h3 id="cve_2022_40664">CVE-2022-40664</h3>
+<div class="paragraph">
+<p>Apache Shiro before 1.10.0, Authentication Bypass Vulnerability in Shiro
when forwarding or including via RequestDispatcher.</p>
+</div>
+<div class="paragraph">
+<p>Credit:
+Apache Shiro would like to thank Y4tacker for reporting this issue.</p>
+</div>
+</div>
+<div class="sect2">
+<h3 id="bug">Bug</h3>
+<div class="ulist">
+<ul>
+<li>
+<p>[<a href="https://issues.apache.org/jira/browse/SHIRO-512";>SHIRO-512</a>] -
Race condition in Shiro’s web container session timeout handling</p>
+</li>
+<li>
+<p>[<a href="https://issues.apache.org/jira/browse/SHIRO-887";>SHIRO-887</a>] -
FormAuthenticationFilter trims passwords which start and/or end with one or
more space character(s)</p>
+</li>
+</ul>
+</div>
+</div>
+<div class="sect2">
+<h3 id="improvement">Improvement</h3>
+<div class="ulist">
+<ul>
+<li>
+<p>[<a href="https://issues.apache.org/jira/browse/SHIRO-891";>SHIRO-891</a>] -
fix source jar Reproducible Builds issue</p>
+</li>
+<li>
+<p>[<a href="https://issues.apache.org/jira/browse/SHIRO-884";>SHIRO-884</a>] -
fix source jar Reproducible Builds issue</p>
+</li>
+<li>
+<p>[<a href="https://issues.apache.org/jira/browse/SHIRO-885";>SHIRO-885</a>] -
Use OWASP Java Encoder with OSGi manifest</p>
+</li>
+<li>
+<p>[<a href="https://issues.apache.org/jira/browse/SHIRO-890";>SHIRO-890</a>] -
Avoid another proxy creator when @EnableAspectJAutoProxy enabled</p>
+</li>
+<li>
+<p>[<a href="https://issues.apache.org/jira/browse/SHIRO-891";>SHIRO-891</a>] -
Allow for direct configuration of ShiroFilter through WebEnvironment</p>
+</li>
+</ul>
+</div>
+</div>
+<div class="sect2">
+<h3 id="dependency_upgrade">Dependency upgrade</h3>
+<div class="ulist">
+<ul>
+<li>
+<p>Many dependency updates</p>
+</li>
+</ul>
+</div>
+</div>
+<div class="sect2">
+<h3 id="behavior_changes">Behavior Changes</h3>
+<div class="paragraph">
+<p>As of 1.10.0, Shiro may filter a request multiple times, e.g. when
including or forwarding requests.</p>
+</div>
+<div class="paragraph">
+<p>This behavior can be reverted by setting the following property:
<code>shiro.filterOncePerRequest=true</code></p>
+</div>
+</div>
+</div>
+</div>
+<div class="sect1">
+<h2 id="download">Download</h2>
+<div class="sectionbody">
+<div class="paragraph">
+<p>Download and verification instructions are available <a
href="/download.html">on our download page</a>.</p>
+</div>
+</div>
+</div>
+<div class="sect1">
+<h2 id="documentation">Documentation</h2>
+<div class="sectionbody">
+<div class="paragraph">
+<p>For more information on <a href="/documentation.html">Shiro, please read
the documentation.</a></p>
+</div>
+<div class="paragraph">
+<p>Enjoy!</p>
+</div>
+<div class="paragraph">
+<p>The Apache Shiro Team</p>
+</div>
+</div>
+</div>
+
+ <hr />
+
+</div>
+
+ <div class="footer-padding"></div>
+
+ <div class="container-fluid pt-2 border-top" id="custom-footer">
+ <footer class="row justify-content-between align-items-center">
+ <div class=" col-md-5">
+ <div class="copyright-footer justify-content-start">
+ <a
href="https://www.apache.org/foundation/contributing.html";>Donate to the
ASF</a> |
+ <a
href="https://www.apache.org/licenses/LICENSE-2.0.html";>License</a>
+ <p class="text-muted">Copyright © 2008-2022 The Apache
Software Foundation</p>
+ </div>
+ </div>
+
+ <div class="d-flex justify-content-center col-md-1">
+ <a class="btn btn-social"><span class="social-icon
social-twitter"><i class="bi bi-twitter"></i></span></a>
+ <a class="btn btn-social"><span class="social-icon
social-facebook"><i class="bi bi-facebook"></i></span></a>
+ <a class="btn btn-social"><span class="social-icon
social-linkedin"><i class="bi bi-linkedin"></i></span></a>
+ </div>
+
+ <div class="d-flex justify-content-end col-md-4" id="editThisPage">
+ <input type="hidden" id="ghEditPage"
value="https://github.com/apache/shiro-site/edit/main/src/site/content/blog/2022/10/10/2022/apache-shiro-1101-released.adoc"/>
+ </div>
+
+ <div class="d-flex col-md-2 justify-content-end" style="position:
relative">
+ <div class="footer-shield"></div>
+ </div>
+ </footer>
+ </div>
+
+
+ <!-- Le javascript
+ ================================================== -->
+ <!-- Placed at the end of the document so the pages load faster -->
+ <script src="../../../../../js/bootstrap.min.js"></script>
+ <script src="../../../../../highlight.js-11.2.0/highlight.min.js"></script>
+ <script src="../../../../../js/shiro.js"></script>
+
+ <script>
+ docReady(
+ addPageEditLink()
+ );
+ </script>
+ <script>hljs.highlightAll();</script>
+
+ </body>
+</html>
diff --git a/feed.xml b/feed.xml
index b9de8dcef..14bf7ff60 100644
--- a/feed.xml
+++ b/feed.xml
@@ -4,7 +4,7 @@
<subtitle>Simple. Java. Security.</subtitle>
<link href="https://shiro.apache.org/"/>
<link rel="self" href="https://shiro.apache.org/feed.xml"; />
- <updated>2022-10-11T03:11:39Z</updated>
+ <updated>2022-10-12T02:45:47Z</updated>
<author>
<name>Les Hazlewood</name>
@@ -31,6 +31,123 @@
<icon>/images/favicon128.png</icon>
<logo>/images/apache-shiro-logo.png</logo>
+ <entry>
+ <title>1.10.0 available with fix CVE-2022-40664</title>
+ <link
href="https://shiro.apache.org/blog/2022/10/10/2022/apache-shiro-1101-released.html"/>
+
<id>https://shiro.apache.org/blog/2022/10/10/2022/apache-shiro-1101-released.html</id>
+ <updated>2022-10-10T00:00:00Z</updated>
+ <author>
+ <name>Brian Demers</name>
+ </author>
+ <content type="html">
+ <div id="preamble">
+<div class="sectionbody">
+<div class="paragraph">
+<p>The Shiro team is pleased to announce the release of Apache Shiro
version 1.10.0.
+This is a feature release for 1.x.</p>
+</div>
+<div class="paragraph">
+<p>This release solves 7 issues since the 1.9.1 release and is available
for download now.</p>
+</div>
+</div>
+</div>
+<div class="sect1">
+<h2 id="all_changes">All changes</h2>
+<div class="sectionbody">
+<div class="paragraph">
+<p>You can learn more on <a
href="https://issues.apache.org/jira/projects/SHIRO/versions/12351946">Jira,
Release 1.10.0</a>.</p>
+</div>
+<div class="sect2">
+<h3 id="cve_2022_40664">CVE-2022-40664</h3>
+<div class="paragraph">
+<p>Apache Shiro before 1.10.0, Authentication Bypass Vulnerability in
Shiro when forwarding or including via RequestDispatcher.</p>
+</div>
+<div class="paragraph">
+<p>Credit:
+Apache Shiro would like to thank Y4tacker for reporting this issue.</p>
+</div>
+</div>
+<div class="sect2">
+<h3 id="bug">Bug</h3>
+<div class="ulist">
+<ul>
+<li>
+<p>[<a
href="https://issues.apache.org/jira/browse/SHIRO-512">SHIRO-512</a>]
- Race condition in Shiro&#8217;s web container session timeout
handling</p>
+</li>
+<li>
+<p>[<a
href="https://issues.apache.org/jira/browse/SHIRO-887">SHIRO-887</a>]
- FormAuthenticationFilter trims passwords which start and/or end with one or
more space character(s)</p>
+</li>
+</ul>
+</div>
+</div>
+<div class="sect2">
+<h3 id="improvement">Improvement</h3>
+<div class="ulist">
+<ul>
+<li>
+<p>[<a
href="https://issues.apache.org/jira/browse/SHIRO-891">SHIRO-891</a>]
- fix source jar Reproducible Builds issue</p>
+</li>
+<li>
+<p>[<a
href="https://issues.apache.org/jira/browse/SHIRO-884">SHIRO-884</a>]
- fix source jar Reproducible Builds issue</p>
+</li>
+<li>
+<p>[<a
href="https://issues.apache.org/jira/browse/SHIRO-885">SHIRO-885</a>]
- Use OWASP Java Encoder with OSGi manifest</p>
+</li>
+<li>
+<p>[<a
href="https://issues.apache.org/jira/browse/SHIRO-890">SHIRO-890</a>]
- Avoid another proxy creator when @EnableAspectJAutoProxy enabled</p>
+</li>
+<li>
+<p>[<a
href="https://issues.apache.org/jira/browse/SHIRO-891">SHIRO-891</a>]
- Allow for direct configuration of ShiroFilter through
WebEnvironment</p>
+</li>
+</ul>
+</div>
+</div>
+<div class="sect2">
+<h3 id="dependency_upgrade">Dependency upgrade</h3>
+<div class="ulist">
+<ul>
+<li>
+<p>Many dependency updates</p>
+</li>
+</ul>
+</div>
+</div>
+<div class="sect2">
+<h3 id="behavior_changes">Behavior Changes</h3>
+<div class="paragraph">
+<p>As of 1.10.0, Shiro may filter a request multiple times, e.g. when
including or forwarding requests.</p>
+</div>
+<div class="paragraph">
+<p>This behavior can be reverted by setting the following property:
<code>shiro.filterOncePerRequest=true</code></p>
+</div>
+</div>
+</div>
+</div>
+<div class="sect1">
+<h2 id="download">Download</h2>
+<div class="sectionbody">
+<div class="paragraph">
+<p>Download and verification instructions are available <a
href="/download.html">on our download page</a>.</p>
+</div>
+</div>
+</div>
+<div class="sect1">
+<h2 id="documentation">Documentation</h2>
+<div class="sectionbody">
+<div class="paragraph">
+<p>For more information on <a
href="/documentation.html">Shiro, please read the
documentation.</a></p>
+</div>
+<div class="paragraph">
+<p>Enjoy!</p>
+</div>
+<div class="paragraph">
+<p>The Apache Shiro Team</p>
+</div>
+</div>
+</div>
+ </content>
+ </entry>
+
<entry>
<title>Ongoing work on the Jakarta namespace transition</title>
<link href="https://shiro.apache.org/blog/2022/06/30/jakarta-work.html"/>
@@ -773,52 +890,5 @@ This is a feature release for 1.x.</p>
</content>
</entry>
- <entry>
- <title>Apache Shiro 1.5.1 Released</title>
- <link
href="https://shiro.apache.org/blog/2020/02/23/apache-shiro-151-released.html"/>
-
<id>https://shiro.apache.org/blog/2020/02/23/apache-shiro-151-released.html</id>
- <updated>2020-02-23T00:00:00Z</updated>
- <content type="html">
- <div class="paragraph">
-<p>The Shiro team is pleased to announce the release of Apache Shiro
version 1.5.1.
-This is a feature release for 1.x.</p>
-</div>
-<div class="paragraph">
-<p>This release includes 5 issues resolved since the 1.5.0 release and
is available for Download now.</p>
-</div>
-<div class="paragraph">
-<p>Of Note:</p>
-</div>
-<div class="ulist">
-<ul>
-<li>
-<p>DefaultCipherInstance is an alias which is not available in every JVM
or JCA Provider.</p>
-</li>
-<li>
-<p>Bean reflection property failed with Enum values.</p>
-</li>
-<li>
-<p>Matching of / (root) is broken.</p>
-</li>
-</ul>
-</div>
-<div class="paragraph">
-<p>You can learn more on <a
href="https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12310950&amp;version=12346483">Jira</a></p>
-</div>
-<div class="paragraph">
-<p>Release binaries (.jars) are also available through Maven Central and
source bundles through Apache distribution mirrors.</p>
-</div>
-<div class="paragraph">
-<p>For more information on <a
href="/documentation.html">Shiro, please read the
documentation.</a></p>
-</div>
-<div class="paragraph">
-<p>Enjoy!</p>
-</div>
-<div class="paragraph">
-<p>The Apache Shiro Team</p>
-</div>
- </content>
- </entry>
-
</feed>
diff --git a/index.html b/index.html
index cabe57ef5..97d679d15 100644
--- a/index.html
+++ b/index.html
@@ -289,6 +289,10 @@
</div>
<div class="card-body">
+ <div>
+ <a href="blog/2022/10/10/2022/apache-shiro-1101-released.html"><h4
class="news-title">1.10.0 available with fix CVE-2022-40664</h4></a>
+ <p><small>by Brian Demers on 2022-10-10</small></p>
+ </div>
<div>
<a href="blog/2022/06/30/jakarta-work.html"><h4
class="news-title">Ongoing work on the Jakarta namespace transition</h4></a>
<p><small>by Richard Zowalla on 2022-06-30</small></p>
@@ -305,10 +309,6 @@
<a href="blog/2022/02/09/new-shiro-website.html"><h4
class="news-title">The new Apache Shiro website is live!</h4></a>
<p><small>by Benjamin Marwell on 2022-02-09</small></p>
</div>
- <div>
- <a href="blog/2021/v1.8.0.html"><h4 class="news-title">Apache
Shiro v1.8.0 released</h4></a>
- <p><small>by Benjamin Marwell on 2021-08-26</small></p>
- </div>
<hr/>
<nav class="" aria-label="News Pagination">
diff --git a/news.html b/news.html
index 1fa8db01e..3511a916b 100644
--- a/news.html
+++ b/news.html
@@ -178,9 +178,14 @@
</div>
<!--<ul>-->
- <h4>June 2022</h4>
+ <h4>October 2022</h4>
<ul>
+ <li>10 - <a
href="blog/2022/10/10/2022/apache-shiro-1101-released.html">1.10.0 available
with fix CVE-2022-40664</a></li>
+ </ul>
+ <h4>June 2022</h4>
+ <ul>
+
<li>30 - <a href="blog/2022/06/30/jakarta-work.html">Ongoing work on the
Jakarta namespace transition</a></li>
<li>28 - <a href="blog/2022/06/28/apache-shiro-191-released.html">1.9.1
available with fix CVE-2022-32532</a></li>
diff --git a/security-reports.html b/security-reports.html
index e9eccfe03..67ace97d1 100644
--- a/security-reports.html
+++ b/security-reports.html
@@ -192,6 +192,7 @@
<li><a href="#vulnerability_handling_process">Vulnerability Handling
Process</a></li>
<li><a href="#apache_shiro_vulnerability_reports">Apache Shiro Vulnerability
Reports</a>
<ul class="sectlevel2">
+<li><a href="#cve_2022_40664">CVE-2022-40664</a></li>
<li><a href="#cve_2022_32532">CVE-2022-32532</a></li>
<li><a href="#cve_2021_41303">CVE-2021-41303</a></li>
<li><a href="#cve_2020_17523">CVE-2020-17523</a></li>
@@ -254,6 +255,12 @@ We cannot accept regular bug reports or other queries at
this address.</p>
<h2 id="apache_shiro_vulnerability_reports">Apache Shiro Vulnerability
Reports</h2>
<div class="sectionbody">
<div class="sect2">
+<h3 id="cve_2022_40664"><a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40664";>CVE-2022-40664</a></h3>
+<div class="paragraph">
+<p>Apache Shiro before 1.10.0, Authentication Bypass Vulnerability in Shiro
when forwarding or including via RequestDispatcher.</p>
+</div>
+</div>
+<div class="sect2">
<h3 id="cve_2022_32532"><a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32532";>CVE-2022-32532</a></h3>
<div class="paragraph">
<p>Apache Shiro before 1.9.1, A RegexRequestMatcher can be misconfigured to be
bypassed on some servlet containers. Applications using RegExPatternMatcher
with <code>.</code> in the regular expression are possibly vulnerable to an
authorization bypass.</p>
diff --git a/sitemap.xml b/sitemap.xml
index 6de42ba54..803ca1779 100644
--- a/sitemap.xml
+++ b/sitemap.xml
@@ -8,34 +8,6 @@
<loc>https://shiro.apache.org/10-minute-tutorial.html</loc>
<lastmod>2016-10-23</lastmod>
</url>
- <url>
- <loc>https://shiro.apache.org/web-features.html</loc>
- <lastmod>2010-03-18</lastmod>
- </url>
- <url>
- <loc>https://shiro.apache.org/spring-framework.html</loc>
- <lastmod>2010-03-18</lastmod>
- </url>
- <url>
- <loc>https://shiro.apache.org/reference.html</loc>
- <lastmod>2010-03-18</lastmod>
- </url>
- <url>
- <loc>https://shiro.apache.org/jsp-tag-library.html</loc>
- <lastmod>2010-03-18</lastmod>
- </url>
- <url>
- <loc>https://shiro.apache.org/how-to-contribute.html</loc>
- <lastmod>2010-03-18</lastmod>
- </url>
- <url>
- <loc>https://shiro.apache.org/developers.html</loc>
- <lastmod>2010-03-18</lastmod>
- </url>
- <url>
- <loc>https://shiro.apache.org/commercial-support.html</loc>
- <lastmod>2010-03-18</lastmod>
- </url>
<url>
<loc>https://shiro.apache.org/tutorial.html</loc>
<lastmod>2010-03-18</lastmod>
@@ -64,10 +36,6 @@
<loc>https://shiro.apache.org/command-line-hasher.html</loc>
<lastmod>2010-03-18</lastmod>
</url>
- <url>
- <loc>https://shiro.apache.org/authentication.html</loc>
- <lastmod>2010-03-18</lastmod>
- </url>
<url>
<loc>https://shiro.apache.org/tools.html</loc>
<lastmod>2010-03-18</lastmod>
@@ -80,6 +48,10 @@
<loc>https://shiro.apache.org/guice.html</loc>
<lastmod>2010-03-18</lastmod>
</url>
+ <url>
+ <loc>https://shiro.apache.org/authentication.html</loc>
+ <lastmod>2010-03-18</lastmod>
+ </url>
<url>
<loc>https://shiro.apache.org/testing.html</loc>
<lastmod>2010-03-18</lastmod>
@@ -100,10 +72,6 @@
<loc>https://shiro.apache.org/cas.html</loc>
<lastmod>2010-03-18</lastmod>
</url>
- <url>
- <loc>https://shiro.apache.org/authentication-features.html</loc>
- <lastmod>2010-03-18</lastmod>
- </url>
<url>
<loc>https://shiro.apache.org/terminology.html</loc>
<lastmod>2010-03-18</lastmod>
@@ -133,7 +101,7 @@
<lastmod>2010-03-18</lastmod>
</url>
<url>
- <loc>https://shiro.apache.org/articles.html</loc>
+ <loc>https://shiro.apache.org/authentication-features.html</loc>
<lastmod>2010-03-18</lastmod>
</url>
<url>
@@ -157,7 +125,7 @@
<lastmod>2010-03-18</lastmod>
</url>
<url>
- <loc>https://shiro.apache.org/architecture.html</loc>
+ <loc>https://shiro.apache.org/articles.html</loc>
<lastmod>2010-03-18</lastmod>
</url>
<url>
@@ -177,7 +145,7 @@
<lastmod>2010-03-18</lastmod>
</url>
<url>
- <loc>https://shiro.apache.org/adoption.html</loc>
+ <loc>https://shiro.apache.org/architecture.html</loc>
<lastmod>2010-03-18</lastmod>
</url>
<url>
@@ -205,7 +173,7 @@
<lastmod>2010-03-18</lastmod>
</url>
<url>
- <loc>https://shiro.apache.org/about.html</loc>
+ <loc>https://shiro.apache.org/adoption.html</loc>
<lastmod>2010-03-18</lastmod>
</url>
<url>
@@ -229,7 +197,7 @@
<lastmod>2010-03-18</lastmod>
</url>
<url>
- <loc>https://shiro.apache.org/authorization.html</loc>
+ <loc>https://shiro.apache.org/about.html</loc>
<lastmod>2010-03-18</lastmod>
</url>
<url>
@@ -256,10 +224,46 @@
<loc>https://shiro.apache.org/community.html</loc>
<lastmod>2010-03-18</lastmod>
</url>
+ <url>
+ <loc>https://shiro.apache.org/authorization.html</loc>
+ <lastmod>2010-03-18</lastmod>
+ </url>
+ <url>
+ <loc>https://shiro.apache.org/web-features.html</loc>
+ <lastmod>2010-03-18</lastmod>
+ </url>
+ <url>
+ <loc>https://shiro.apache.org/spring-framework.html</loc>
+ <lastmod>2010-03-18</lastmod>
+ </url>
+ <url>
+ <loc>https://shiro.apache.org/reference.html</loc>
+ <lastmod>2010-03-18</lastmod>
+ </url>
+ <url>
+ <loc>https://shiro.apache.org/jsp-tag-library.html</loc>
+ <lastmod>2010-03-18</lastmod>
+ </url>
+ <url>
+ <loc>https://shiro.apache.org/how-to-contribute.html</loc>
+ <lastmod>2010-03-18</lastmod>
+ </url>
+ <url>
+ <loc>https://shiro.apache.org/developers.html</loc>
+ <lastmod>2010-03-18</lastmod>
+ </url>
+ <url>
+ <loc>https://shiro.apache.org/commercial-support.html</loc>
+ <lastmod>2010-03-18</lastmod>
+ </url>
<url>
<loc>https://shiro.apache.org/authorization-features.html</loc>
<lastmod>2010-03-18</lastmod>
</url>
+ <url>
+
<loc>https://shiro.apache.org/blog/2022/10/10/2022/apache-shiro-1101-released.html</loc>
+ <lastmod>2022-10-10</lastmod>
+ </url>
<url>
<loc>https://shiro.apache.org/blog/2022/06/30/jakarta-work.html</loc>
<lastmod>2022-06-30</lastmod>
![https://www.apache.org/events/current-event-125x125.png"](https://www.apache.org/events/current-event-125x125.png"){kind=link}