Thanks Alex, feel free to create a PR if you would like to contribute on this.
Alex Ott <[email protected]> 于2019年12月8日周日 下午8:50写道: > I've created ZEPPELIN-4472 for this > > On Mon, Dec 2, 2019 at 4:25 PM Jeff Zhang <[email protected]> wrote: > > > I think it make sense to upgrade shiro, could you create a ticket for it. > > And welcome to create a PR to make contribution to Zeppelin. > > > > 한병익 <[email protected]> 于2019年12月2日周一 下午9:38写道: > > > > > According to Apache Shiro official page's security-reports, there has > > > vulnerability when using the default “Remember Me” configuration, > cookies > > > could be susceptible to a padding attack. > > > > > > Now, Zeppelin uses Apache Shiro version 1.3.2. I think it should be > > > updated to 1.4.2. > > > > > > cf) https://shiro.apache.org/security-reports.html > > > > > > > > > -- > > Best Regards > > > > Jeff Zhang > > > > > -- > With best wishes, Alex Ott > http://alexott.net/ > Twitter: alexott_en (English), alexott (Russian) > -- Best Regards Jeff Zhang
