[jira] [Created] (SENTRY-1994) Bump Shiro dependency version to 1.4.0

JIRA Mon, 16 Oct 2017 14:09:14 -0700

Sergio Peña created SENTRY-1994:
-----------------------------------

             Summary: Bump Shiro dependency version to 1.4.0
                 Key: SENTRY-1994
                 URL: https://issues.apache.org/jira/browse/SENTRY-1994
             Project: Sentry
          Issue Type: Bug
          Components: Sentry
    Affects Versions: 2.0.0
            Reporter: Sergio Peña



A CVE security issue exists on our current shiro dependency 1.2.3 
See 
[CVE-2016-4437|https://cve.mitre.org/cgi-bin/cvename.cgi?name=%20CVE-2016-4437].
 

We should bump the version to the latest one tha is 1.4.0



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Created] (SENTRY-1994) Bump Shiro dependency version to 1.4.0

Reply via email to