[ANNOUNCE][CVE-2022-32532] Apache Shiro 1.9.1 released
The Shiro team is pleased to announce the release of Apache Shiro version 1.9.1. This security release contains 6 fixes since the 1.9.0 release and is available for Download now [1]. Improvement * [SHIRO-871] - ActiveDirectoryRealm - append suffix only if missing from username * [SHIRO-872] - fix Reproducible Builds issues * [SHIRO-883] - Add support for case insensitive regex path matching Dependency upgrade * [SHIRO-878] - Update Spring Dependencies to 5.2.20 * [SHIRO-882] - Upgrade to apache pom parent 26 * [SHIRO-881] - pom.xml in samples/web may lack dependency CVE-2022-32532: Apache Shiro before 1.9.1, A RegexRequestMatcher can be misconfigured to be bypassed on some servlet containers. Applications using RegExPatternMatcher with `.` in the regular expression are possibly vulnerable to an authorization bypass. Credit: Apache Shiro would like the thank 4ra1n for reporting this issue. Release binaries (.jars) are also available through Maven Central and source bundles through Apache distribution mirrors. For more information on Shiro, please read the documentation [2]. -The Apache Shiro Team [1] http://shiro.apache.org/download.html [2] http://shiro.apache.org/documentation.html
[GitHub] [shiro-site] bdemers merged pull request #161: Add 1.9.1 release data
bdemers merged PR #161: URL: https://github.com/apache/shiro-site/pull/161 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@shiro.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: Subject: [VOTE] Release Apache Shiro 1.9.1
Hi, This vote passed with the following result: +1 (binding): Benjamin Marwell, Jean-Baptiste Onofré, and François Papon I'll finalize the release process and send the announcements soon. Thanks all for your vote! On Mon, Jun 27, 2022 at 12:26 PM Jean-Baptiste Onofré wrote: > +1 (binding) > > Regards > JB > > On Fri, Jun 24, 2022 at 9:46 PM Benjamin Marwell > wrote: > > > > +1 > > > > By the way: Not all modules are reproducible yet. > > > > Am Do., 23. Juni 2022 um 21:31 Uhr schrieb Brian Demers < > bdem...@apache.org>: > > > > > > This is a call to vote in favor of releasing Apache Shiro version > 1.9.1. > > > > > > We solved 6 Issues: > > > > > > > https://issues.apache.org/jira/issues/?jql=project%20%3D%20SHIRO%20AND%20fixVersion%20%3D%201.9.1%20AND%20(status%20!%3D%20Open%20and%20status%20!%3D%20%22In%20Progress%22)%20ORDER%20BY%20priority%20DESC > > > > > > Maven Staging repo: > > > https://repository.apache.org/content/repositories/orgapacheshiro-1041 > > > > https://repository.apache.org/service/local/repositories/orgapacheshiro-1041/content/org/apache/shiro/shiro-root/1.9.1/shiro-root-1.9.1-source-release.zip > > > > > > Dist Staging Repository: > > > https://dist.apache.org/repos/dist/dev/shiro/1.9.1 > > > > > > Project website (just for informational purposes, not to be voted > upon): > > > http://shiro.apache.org/ > > > > > > Guide to testing staged releases: > > > http://maven.apache.org/guides/development/guide-testing-releases.html > > > > > > Vote open for 72 hours. > > > > > > [ ] +1 > > > [ ] +0 > > > [ ] -1 (please include reasoning) >