On Mon, Dec 21, 2020 at 09:33:44PM +0100, Benjamin Marwell wrote: > Hi Roberto, > > after talking to the PMC chair, I can give you three commit links. > > https://github.com/apache/shiro/commit/042c59356cc6442345a9f935aed3e7603cb4dfad > https://github.com/apache/shiro/commit/5b1add9a4c4ed046b52cf2132ed0f264a22caf1d > https://github.com/apache/shiro/commit/1b9d8d99cd6d50d7114916508a13677a0fe6f345 > > I guess it is quite obvious what is inside these commits. > Hi Ben,
This commits seem to have been made after the 1.6.0 release and before the 1.7.0 release. My belief is that they address CVE-2020-17510. Can you tell me if dc194fc977ab6cfbf3c1ecb085e2bac5db14af6d is the commit that addresses CVE-2020-13933? Are there other commits that go along with it to completely remedy CVE-2020-13933? Regards, -Roberto -- Roberto C. Sánchez
