[jira] [Updated] (SENTRY-1994) Bump Shiro dependency version to 1.4.0

JIRA Tue, 17 Oct 2017 08:07:04 -0700

     [ 
https://issues.apache.org/jira/browse/SENTRY-1994?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Sergio Peña updated SENTRY-1994:
--------------------------------
       Resolution: Fixed
    Fix Version/s: 2.0.0
           Status: Resolved  (was: Patch Available)

> Bump Shiro dependency version to 1.4.0
> --------------------------------------
>
>                 Key: SENTRY-1994
>                 URL: https://issues.apache.org/jira/browse/SENTRY-1994
>             Project: Sentry
>          Issue Type: Bug
>          Components: Sentry
>    Affects Versions: 2.0.0
>            Reporter: Sergio Peña
>            Assignee: Sergio Peña
>             Fix For: 2.0.0
>
>         Attachments: SENTRY-1994.1.patch
>
>
> A CVE security issue exists on our current shiro dependency 1.2.3 
> See 
> [CVE-2016-4437|https://cve.mitre.org/cgi-bin/cvename.cgi?name=%20CVE-2016-4437].
>  
> We should bump the version to the latest one tha is 1.4.0



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Updated] (SENTRY-1994) Bump Shiro dependency version to 1.4.0

Reply via email to