GitHub user bmarwell added a comment to the discussion: [Discussion] How to systematically deal with "auth bypass" issues
It's been a while, but I think making a Library/toolkit/framework like shiro "secure-by-default" is so reasonable, that's good enough for making it a breaking change. At least in the next major version, but maybe earlier. Maybe emit a warning for two versions: "attention, the default behaviour will change and affect you". GitHub link: https://github.com/apache/shiro/discussions/2412#discussioncomment-15168137 ---- This is an automatically sent email for [email protected]. To unsubscribe, please send an email to: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
