[
https://issues.apache.org/jira/browse/SHIRO-876?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Brian Demers resolved SHIRO-876.
--------------------------------
Resolution: Incomplete
Hi [~boyqian]!
In general opening, an issue isn't the ideal way to ask a question, reach out
to the mailing list
https://shiro.apache.org/mailing-lists.html
It's hard to say if your application that users Shiro is affected or not, your
best course of action is to follow the information provided by the Spring team:
https://spring.io/blog/2022/03/31/spring-framework-rce-early-announcement
As with other 3rd party libraries, the Shiro project will update to newer
versions, but your application should be managing its direct dependencies
If you are a Maven user see:
https://maven.apache.org/guides/introduction/introduction-to-dependency-mechanism.html
TL;DR - Keep your dependencies updated.
> Does CVE-2010-1622 affect shiro?
> --------------------------------
>
> Key: SHIRO-876
> URL: https://issues.apache.org/jira/browse/SHIRO-876
> Project: Shiro
> Issue Type: Question
> Reporter: boyqian
> Priority: Major
>
> I want to know if the current spring vulnerability affects Apache shiro? The
> current version is 1.8.0.
> Will shiro upgrade the spring-beans version?
> And Other old versions is affect it? such as 1.6.0 to 1.8.0
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
