[jira] [Updated] (SENTRY-1994) Bump Shiro dependency version to 1.4.0

JIRA Mon, 16 Oct 2017 14:09:14 -0700

     [ 
https://issues.apache.org/jira/browse/SENTRY-1994?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Sergio Peña updated SENTRY-1994:
--------------------------------
    Attachment: SENTRY-1994.1.patch

> Bump Shiro dependency version to 1.4.0
> --------------------------------------
>
>                 Key: SENTRY-1994
>                 URL: https://issues.apache.org/jira/browse/SENTRY-1994
>             Project: Sentry
>          Issue Type: Bug
>          Components: Sentry
>    Affects Versions: 2.0.0
>            Reporter: Sergio Peña
>         Attachments: SENTRY-1994.1.patch
>
>
> A CVE security issue exists on our current shiro dependency 1.2.3 
> See 
> [CVE-2016-4437|https://cve.mitre.org/cgi-bin/cvename.cgi?name=%20CVE-2016-4437].
>  
> We should bump the version to the latest one tha is 1.4.0



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Updated] (SENTRY-1994) Bump Shiro dependency version to 1.4.0

Reply via email to