Bump. On Tue, Dec 22, 2020 at 09:30:47AM -0500, Roberto C. Sánchez wrote: > On Mon, Dec 21, 2020 at 09:33:44PM +0100, Benjamin Marwell wrote: > > Hi Roberto, > > > > after talking to the PMC chair, I can give you three commit links. > > > > https://github.com/apache/shiro/commit/042c59356cc6442345a9f935aed3e7603cb4dfad > > https://github.com/apache/shiro/commit/5b1add9a4c4ed046b52cf2132ed0f264a22caf1d > > https://github.com/apache/shiro/commit/1b9d8d99cd6d50d7114916508a13677a0fe6f345 > > > > I guess it is quite obvious what is inside these commits. > > > Hi Ben, > > This commits seem to have been made after the 1.6.0 release and before > the 1.7.0 release. My belief is that they address CVE-2020-17510. Can > you tell me if dc194fc977ab6cfbf3c1ecb085e2bac5db14af6d is the commit > that addresses CVE-2020-13933? Are there other commits that go along > with it to completely remedy CVE-2020-13933? > > Regards, > > -Roberto > > -- > Roberto C. Sánchez
-- Roberto C. Sánchez
