+1
On 8/31/20, 7:19 PM, "Owen Nichols" wrote:
Recently shiro-1.5.3.jar is getting flagged for ‘high’ security
vulnerability CVE-2020-13933.
Analysis shows that Geode does not use Shiro in a manner that would expose
this vulnerability.
The risk of bringing GEODE-8456 is low
Sarah Abbey wrote:
>
> > +1
> >
> > From: Ju@N
> > Sent: Tuesday, September 1, 2020 4:10 AM
> > To: dev@geode.apache.org
> > Subject: Re: Proposal to bring GEODE-8456 (shiro upgrade) to support
> > Sent: Tuesday, September 1, 2020 4:10 AM
> > To: dev@geode.apache.org
> > Subject: Re: Proposal to bring GEODE-8456 (shiro upgrade) to support
> > branches
> >
> > +1
> >
> > On Tue, 1 Sep 2020 at 01:11, Donal Evans wrote:
> >
> > &
+1
On Tue, Sep 1, 2020 at 6:19 AM Sarah Abbey wrote:
> +1
>
> From: Ju@N
> Sent: Tuesday, September 1, 2020 4:10 AM
> To: dev@geode.apache.org
> Subject: Re: Proposal to bring GEODE-8456 (shiro upgrade) to support
> branches
>
> +1
&
+1
From: Ju@N
Sent: Tuesday, September 1, 2020 4:10 AM
To: dev@geode.apache.org
Subject: Re: Proposal to bring GEODE-8456 (shiro upgrade) to support branches
+1
On Tue, 1 Sep 2020 at 01:11, Donal Evans wrote:
> +1
>
> We still have outstandin
+1
On Tue, 1 Sep 2020 at 01:11, Donal Evans wrote:
> +1
>
> We still have outstanding release blockers for 1.13, so getting this fix
> in now just prevents extra work in the future without slowing us down now.
>
> From: Owen Nichols
> Sent: Monday, August 31,
+1
We still have outstanding release blockers for 1.13, so getting this fix in now
just prevents extra work in the future without slowing us down now.
From: Owen Nichols
Sent: Monday, August 31, 2020 4:19 PM
To: dev@geode.apache.org
Subject: Proposal to bring
