GitHub user fpapon added a comment to the discussion: [Discussion] How to systematically deal with "auth bypass" issues
Yes I think the feature flag can be a good option. When I am talking about backward compatibility it's about the behavior with the same ini config file for the user. Agreed with the secure-by-default, it's a good way but any default changes should be well documented and a part of a major version. Thoughts? GitHub link: https://github.com/apache/shiro/discussions/2412#discussioncomment-15168136 ---- This is an automatically sent email for [email protected]. To unsubscribe, please send an email to: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
