Jacques Le Roux created OFBIZ-7373:
--------------------------------------
Summary: Update Shiro to 12.5 (CVE-2016-4437)
Key: OFBIZ-7373
URL: https://issues.apache.org/jira/browse/OFBIZ-7373
Project: OFBiz
Issue Type: Sub-task
Components: framework
Affects Versions: Release Branch 15.12, Trunk
Reporter: Jacques Le Roux
Fix For: 15.12.01
Apache Shiro before 1.2.5, when a cipher key has not been configured for the
"remember me" feature, allows remote attackers to execute arbitrary code or
bypass intended access restrictions via an unspecified request parameter.
Details at https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4437
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
