[jira] [Commented] (SHIRO-730) Updates the default Cipher mode to GCM in AesCipherService

Brian Demers (Jira) Thu, 09 Jan 2020 12:38:35 -0800


    [ 
https://issues.apache.org/jira/browse/SHIRO-730?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17012212#comment-17012212
 ]


Brian Demers commented on SHIRO-730:
------------------------------------

Hi [~prebholz]

This was fixed in SHIRO-721 for CVE-2019-12422
see:  https://shiro.apache.org/news.html#1.4.2-released

You should be able to change the cipher mode back to CBC in your `shiro.ini` 
(or similar config) to regain the previous behavior (obviously we do not 
recommend that)

> Updates the default Cipher mode to GCM in AesCipherService
> ----------------------------------------------------------
>
>                 Key: SHIRO-730
>                 URL: https://issues.apache.org/jira/browse/SHIRO-730
>             Project: Shiro
>          Issue Type: Improvement
>            Reporter: Francois Papon
>            Priority: Major
>             Fix For: 1.4.2, 1.5.0
>
>         Attachments: ShiroUpgradeTest.java
>
>




--
This message was sent by Atlassian Jira
(v8.3.4#803005)

[jira] [Commented] (SHIRO-730) Updates the default Cipher mode to GCM in AesCipherService

Reply via email to