GitHub user lprimak added a comment to the discussion: [Discussion] How to systematically deal with "auth bypass" issues
Do we have any way to verify backwards-compatibility of any changes such as this? How about secure-by-default and ability to disable either URLdecode or special character rejection via a flag to the filter, specified in shiro.ini? Basically a feature flag that can be disabled? GitHub link: https://github.com/apache/shiro/discussions/2412#discussioncomment-15168135 ---- This is an automatically sent email for [email protected]. To unsubscribe, please send an email to: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
