[
https://issues.apache.org/jira/browse/SHIRO-842?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17475985#comment-17475985
]
Benjamin Marwell commented on SHIRO-842:
----------------------------------------
Hi [~lprimak],
please report security vulnerabilities and other security related topics to
[[email protected]|mailto:[email protected]] instead.
Luckily, this only is about test dependencies, as you can see here:
[https://mvnrepository.com/artifact/org.apache.shiro/shiro-web/1.8.0]
But it is a good idea to update it anyway. :)
> shiro-web depends on older log4j
> --------------------------------
>
> Key: SHIRO-842
> URL: https://issues.apache.org/jira/browse/SHIRO-842
> Project: Shiro
> Issue Type: Dependency upgrade
> Components: Web
> Affects Versions: 1.8.0
> Reporter: Lenny Primak
> Priority: Major
>
> shiro-web has a very old log4j dependency (log4j:log4j)
> Snyk is reporting as a critical security issue (not sure it's actually is)
> Shiro should upgrade to the latest 1.x (or 2.x) if necessary
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
