[
https://issues.apache.org/jira/browse/GEODE-10559?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18065343#comment-18065343
]
ASF subversion and git services commented on GEODE-10559:
---------------------------------------------------------
Commit 1f9e9291fbcbead196e9f01511de4976521afaa0 in geode's branch
refs/heads/support/2.0 from Jinwoo Hwang
[ https://gitbox.apache.org/repos/asf?p=geode.git;h=1f9e9291fb ]
GEODE-10559: Introduction of Security Realm to Security Manager (CVE-2026-23903
remediation) (#7986)
* GEODE-10559: Upgrade Apache Shiro to 2.1.0; migrate APIs (CVE-2026-23903)
* GEODE-10559: update integration test resources after Shiro 2.1.0 bump
* Build an IniRealm
* include shiro
* remove shiro
* remove shiro
* Fix integration test snapshot: remove spurious logback-core entry
> Remediation of CVE-2026-23903
> -----------------------------
>
> Key: GEODE-10559
> URL: https://issues.apache.org/jira/browse/GEODE-10559
> Project: Geode
> Issue Type: Improvement
> Affects Versions: 2.0.0
> Reporter: Jinwoo Hwang
> Assignee: Jinwoo Hwang
> Priority: Major
>
> *Summary:*
> This ticket tracks the remediation of CVE-2026-23903.
> *Details:*
> - *CVE ID:* CVE-2026-23903
> *References:*
> - [CVE-2026-23903 Details]([https://nvd.nist.gov/vuln/detail/CVE-2026-23903])
> *Acceptance Criteria:*
> - The vulnerable component is updated to a safe version.
> - All tests pass successfully.
> - No new security issues are introduced.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
