[ANNOUNCE] Apache Shiro 2.0.1 Released!

The Apache Shiro team is pleased to announce the release of Apache Shiro version 2.0.1 Apache Shiro is a powerful and easy-to-use Java security framework that performs authentication, authorization, cryptography, and session management. With Shiro’s easy-to-understand API, you can quickly and

[RESULT][VOTE] Apache Shiro 2.0.1 release

Hi, This vote passed with the following result: +1 (binding): Lenny Primak, Jean-Baptiste Onofre, François Papon +1 (non-binding): Steinar Bang -1 (non-binding): Jakub Herkel I'm promoting the artifacts on Central and dist.apache.org I will then announce the release.

Re: [VOTE] Release Apache Shiro 2.0.1

+1 (binding) Regards JB On Sun, May 26, 2024 at 3:02 AM wrote: > > This is a call to vote in favor of releasing Apache Shiro version 2.0.1 > > Maven Staging repo: > https://repository.apache.org/content/repositories/orgapacheshiro-1061 >

Re: [VOTE] Release Apache Shiro 2.0.1

Not sure what can be done here as BC 1.77 contains a CVE. Maybe Karaf can update its versions… > On May 29, 2024, at 3:37 PM, Jakub Herkel wrote: > > -1 (non binding) > > I can see a problem with Apache Karaf 4.4.6 because Karaf contains > bouncycastle 1.77 and shiro needs the version

Re: [VOTE] Release Apache Shiro 2.0.1

-1 (non binding) I can see a problem with Apache Karaf 4.4.6 because Karaf contains bouncycastle 1.77 and shiro needs the version 1.78+. Similar problem was reported here https://github.com/apache/shiro/issues/1400. best regards Jakub Jakub On Wed, May 29, 2024 at 8:40 AM Francois Papon

Re: [VOTE] Release Apache Shiro 2.0.1

+1 (binding) regards, François On 26/05/2024 03:02, le...@flowlogix.com wrote: This is a call to vote in favor of releasing Apache Shiro version 2.0.1 Maven Staging repo: https://repository.apache.org/content/repositories/orgapacheshiro-1061

Re: [VOTE] Release Apache Shiro 2.0.1

Lenny Primak: +1 (binding) > On May 25, 2024, at 8:02 PM, le...@flowlogix.com wrote: > > This is a call to vote in favor of releasing Apache Shiro version 2.0.1 > > Maven Staging repo: > https://repository.apache.org/content/repositories/orgapacheshiro-1061 >

Re: [VOTE] Release Apache Shiro 2.0.1

I guess the release notes aren’t showing up: Here they are: Apache Shiro 2.0.1 Draft lprimak drafted this 7 hours ago · 3 commits 

[VOTE] Release Apache Shiro 2.0.1

This is a call to vote in favor of releasing Apache Shiro version 2.0.1 Maven Staging repo: https://repository.apache.org/content/repositories/orgapacheshiro-1061

Re: OTP (One Time Password) authentication with Shiro

Hi, yes, the Web filter would be the appropriate solution. Make sure your filter ordering is correct, as your filter needs to go after the Shiro filter. See https://shiro.apache.org/jakarta-ee.html ordering section for more details. > On May 9, 2024,

OTP (One Time Password) authentication with Shiro

I have a Maven project running with Tomcat 10.1.20 and JDK 21. Apache Shiro works well, but now I want to integrate an OTP (One Time Password) validation during the login phase (after the user has entered username and password) I googled and found these (very old) articles:

Re: issue with tomcat 10.1.20

Glad to hear it > On May 8, 2024, at 3:31 PM, Roberto Bottoni wrote: > > Yes, it works!!! > thank you very much :-))) > R. > > > Il 08-05-2024 22:02 le...@flowlogix.com ha scritto: >> Yes. For JSF project this will work perfectly. >> Please read the section on configuration as well so

Re: issue with tomcat 10.1.20

Yes, it works!!! thank you very much :-))) R. Il 08-05-2024 22:02 le...@flowlogix.com ha scritto: Yes. For JSF project this will work perfectly. Please read the section on configuration as well so you will have no surprises: https://shiro.apache.org/jakarta-ee.html On May 8, 2024, at

Re: issue with tomcat 10.1.20

Yes. For JSF project this will work perfectly. Please read the section on configuration as well so you will have no surprises: https://shiro.apache.org/jakarta-ee.html > On May 8, 2024, at 2:50 PM, Roberto Bottoni >

Re: issue with tomcat 10.1.20

ok, so, to use shiro and run my project, i have to put in my pom.xml just this : org.apache.shiro shiro-jakarta-ee jakarta org.apache.shiro shiro-cdi jakarta org.apache.shiro shiro-core jakarta org.apache.shiro shiro-web jakarta org.omnifaces omnifaces

Re: issue with tomcat 10.1.20

Yes, that’s correct. See https://shiro.apache.org/jakarta-ee.html Pay special attention to the BOM section as things won’t work without that. > On May 8, 2024, at 1:28 PM, Roberto Bottoni wrote: > > Hello, > i would like to integrate apache shiro

issue with tomcat 10.1.20

Hello, i would like to integrate apache shiro into my JSF Project : this is the problem : https://stackoverflow.com/questions/78449680/apache-shiro-integration-in-jsf-3-0 is it a matter of jakarta?.. thanks! Roberto.

Re: Trying to migrate Shiro 2 in Jakarta EE - getting ShiroFilter$WrappedSecurityManager instead of own implementation of Security Manager

I would say realmAccessor solution is the better of the two, so I would use that, but that’s up to you. > On Apr 19, 2024, at 1:53 PM, Andrew G10i wrote: > > Sounds great - it will help a lot! I would wait for 2.0.1 then!  > > From: lenny > Sent: Friday, April 19, 2024 20:43 > > > You are

Re: Trying to migrate Shiro 2 in Jakarta EE - getting ShiroFilter$WrappedSecurityManager instead of own implementation of Security Manager

Sounds great - it will help a lot! I would wait for 2.0.1 then!  From: lenny Sent: Friday, April 19, 2024 20:43 You are right! What you did is absolutely fine and supported. I forgot you can simply override SecurityManager instance in shiro.ini. Since you did

Re: Trying to migrate Shiro 2 in Jakarta EE - getting ShiroFilter$WrappedSecurityManager instead of own implementation of Security Manager

You are right! What you did is absolutely fine and supported. I forgot you can simply override SecurityManager instance in shiro.ini. Since you did it that way, everything should work correctly in 2.0 The realmAccessor solution should be the only thing you need. When 2.0.1 is released,

Re: Trying to migrate Shiro 2 in Jakarta EE - getting ShiroFilter$WrappedSecurityManager instead of own implementation of Security Manager

Hello, thank you so much for you reply! Let me please give some clarifications: 1) the current code works absolutely fine with Shiro 1.13 as of now; 2) as per the question "How did you put pkg.local.MySecurityManager into the system?" - approach was the following: = i) in

Re: Trying to migrate Shiro 2 in Jakarta EE - getting ShiroFilter$WrappedSecurityManager instead of own implementation of Security Manager

I have created issue https://github.com/apache/shiro/issues/1424 and PR https://github.com/apache/shiro/pull/1425 and hopefully that will make things easier in the future > On Apr 19, 2024, at 1:25 AM,

Re: Trying to migrate Shiro 2 in Jakarta EE - getting ShiroFilter$WrappedSecurityManager instead of own implementation of Security Manager

Hi, How did you put pkg.local.MySecurityManager into the system? You might have bigger issues and this is just a symptom. In order for Jakarta EE module to work correctly, any customizations need to be done in a supported way, as described in

Trying to migrate Shiro 2 in Jakarta EE - getting ShiroFilter$WrappedSecurityManager instead of own implementation of Security Manager

Trying to migrate to Shiro v2.x (from v1.13) and stuck with the following code (which was working fine in 1.13): public static MySecurityManager getSecurityManager() { return (MySecurityManager) org.apache.shiro.SecurityUtils.getSecurityManager(); } Getting the following exception:

Re: [Discussion] Future version support of Java and Jakarta EE in Shiro

I see… Spring Framework isn’t EOL until sometime this year though (soon), do you plan to use commercial support to extend its life? Or just plan to see how long you can “take” the staleness before upgrading to Jakarta namespace? Thanks for the great feedback, it’s very valuable. > On Apr 4,

Re: [Discussion] Future version support of Java and Jakarta EE in Shiro

- Spring MVC 5.3 - Combination of legacy JSP, JSTL, Thymeleaf and JSF/Tiles (that probably begs questions; multiple apps developed over several decades and limited resources to address tech debt) - A number of 3rd party library dependencies; some having migrated to Jakarta-EE

Re: [Discussion] Future version support of Java and Jakarta EE in Shiro

Thanks for your feedback. What’s the rest of your stack look like?If you are using Spring how is the lack of support for Spring 2 handled?Or do you use something else?. JSF? Vaadin?On Apr 4, 2024, at 3:57 PM, Steve Lopez via user wrote:I would be curious how many shiro projects are still on

Re: [Discussion] Future version support of Java and Jakarta EE in Shiro

I would be curious how many shiro projects are still on Tomcat 9 given the heavy lift to migrate to Jakarta-EE. We're on Java 17, Tomcat 9 & Shiro 1.13. While we plan to migrate to Jakarta-EE (and Tomcat 10) it'll likely be at least a year before it can fit in the roadmap. So we would need to

Re: [Discussion] Future version support of Java and Jakarta EE in Shiro

Looks like just one comment so far > On Apr 4, 2024, at 9:48 AM, Jean-Baptiste Onofré wrote: > > Hi Lenny, > > Did you receive comments on this thread ? > > Regards > JB > > On Fri, Mar 15, 2024 at 5:10 AM wrote: >> >> Hi, >> >> Since Shiro 2.0-alpha and 2.0 Final has been released, most,

Re: [Discussion] Future version support of Java and Jakarta EE in Shiro

Hi Lenny, Did you receive comments on this thread ? Regards JB On Fri, Mar 15, 2024 at 5:10 AM wrote: > > Hi, > > Since Shiro 2.0-alpha and 2.0 Final has been released, most, if not all > questions we have been getting are about Jakarta EE integration. > Mostly regarding shaded artifacts and

Participate in the ASF 25th Anniversary Campaign

Hi everyone, As part of The ASF’s 25th anniversary campaign[1], we will be celebrating projects and communities in multiple ways. We invite all projects and contributors to participate in the following ways: * Individuals - submit your first contribution:

Community Over Code NA 2024 Travel Assistance Applications now open!

Hello to all users, contributors and Committers! [ You are receiving this email as a subscriber to one or more ASF project dev or user mailing lists and is not being sent to you directly. It is important that we reach all of our users and contributors/committers so that they may get a chance

Re: Shiro and Maven

Glad to help! > On Mar 24, 2024, at 1:45 PM, Jacques Le Roux > wrote: > > It was that. > > In Gradle I used > org.apache.shiro:shiro-crypto:2.0.0 > instead of > org.apache.shiro:shiro-crypto-cipher:2.0.0 > I started from https://mvnrepository.com/artifact/org.apache.shiro >

Re: Shiro and Maven

It was that. In Gradle I used org.apache.shiro:shiro-crypto:2.0.0 instead of org.apache.shiro:shiro-crypto-cipher:2.0.0 I started from https://mvnrepository.com/artifact/org.apache.shiro using core then switched to crypto, forgoting cipher. I don't work how that worked in a situation (w/ OFBiz

Re: Shiro and Maven

Make sure to look at the dependency tree, I bet you are pulling in the old version somewhere unexpectedly. > On Mar 24, 2024, at 11:32 AM, Jacques Le Roux > wrote: > > Thanks Lenny, > > Oops, indeed it should be 2.0.0 everywhere. Else nothing would work ;) > > I did not want to repeat all

Re: Shiro and Maven

Thanks Lenny, Oops, indeed it should be 2.0.0 everywhere. Else nothing would work ;) I did not want to repeat all what's in links, that why I just put links. Anyway, I'll have a look at Crypto classes’ package names, easier than anything else. I'm though surprised that it works with current

Re: Shiro and Maven

I am not quite sure that there enough information here to help… First, you mention shiro-core 2.2.0 (vs. 2.0.0) are you sure you have the correct version? Crypto classes’ package names have changed. All you would need to do is change Java source to reflect this. > On Mar 24, 2024, at 3:51 AM,

Shiro and Maven

Hi, We (the Apache OFBiz project) use Shiro mostly for ciphering. We use Gradle and refer to Maven for dependencies. We recently upgraded from 1.13.0 to 2.0.0 https://issues.apache.org/jira/browse/OFBIZ-12961 As we we had only this dependency, I started by replacing shiro-core:1.13.0 by

Re: [Discussion] Future version support of Java and Jakarta EE in Shiro

Thank you for your input Emond! Unfortunately I don’t think our small volunteer team can handle two major versions that are in sync. Anyone else think differently? > On Mar 15, 2024, at 5:42 AM, Emond Papegaaij > wrote: > > Op vr 15 mrt 2024 om 05:10 schreef >: >

Re: [Discussion] Future version support of Java and Jakarta EE in Shiro

Op vr 15 mrt 2024 om 05:10 schreef : > Since Shiro 2.0-alpha and 2.0 Final has been released, most, if not all > questions we have been getting are about Jakarta EE integration. > Mostly regarding shaded artifacts and their usage, i.e. jakarta.* > namespace. > These and other discussion warrant a

[Discussion] Future version support of Java and Jakarta EE in Shiro

Hi, Since Shiro 2.0-alpha and 2.0 Final has been released, most, if not all questions we have been getting are about Jakarta EE integration. Mostly regarding shaded artifacts and their usage, i.e. jakarta.* namespace. These and other discussion warrant a few question worth discussing. Please

Re: Jakarta EE 10 support

Hi Lenny, > Shiro moved to using GitHub Issues and away from JIRA. Please feel free to > create an issue there. > That explains why I couldn't report an issue. I've created https://github.com/apache/shiro/issues/1351 > Yes, multiple dependencies are required. However, it’s not a showstopper >

Re: Jakarta EE 10 support

Hi, Shiro moved to using GitHub Issues and away from JIRA. Please feel free to create an issue there. Yes, multiple dependencies are required. However, it’s not a showstopper by any means, and is clearly documented here: https://shiro.apache.org/jakarta-ee.html

Re: Jakarta EE 10 support

Op ma 11 mrt 2024 om 13:37 schreef Francois Papon < francois.pa...@openobject.fr>: > Most of the dependencies are linked to Shiro-core, this is why we didn't > add exclusion on this one: > > > https://github.com/apache/shiro/blob/36cad481dd1f58f7f0263981d7f4a61dd39dbd8c/bom/pom.xml#L36 > Yes, I

Re: Jakarta EE 10 support

Hi, Most of the dependencies are linked to Shiro-core, this is why we didn't add exclusion on this one: https://github.com/apache/shiro/blob/36cad481dd1f58f7f0263981d7f4a61dd39dbd8c/bom/pom.xml#L36 For the shiro-lang javax dependencies, it's not normal, we missed it (issue and PR are

Re: Jakarta EE 10 support

Hi François, Thanks for your reply. This BOM simply excludes every shiro dependency. That makes the problem even worse, because then you have to manually add every single shiro dependency back into your project. Also, it seems shiro-lang still has a dependency on the Servlet JSP API and no

Re: Jakarta EE 10 support

Hi, You need to use the Shiro BOM to not have to deal with the exclusions: https://github.com/apache/shiro/blob/main/bom/pom.xml regards, François On 11/03/2024 11:01, Emond Papegaaij wrote: Hi all, Our application uses Jakarta EE 10. We've been using transformed artifacts for Shiro 1.x

Jakarta EE 10 support

Hi all, Our application uses Jakarta EE 10. We've been using transformed artifacts for Shiro 1.x and now I'm trying to migrate to 2.0.0. Shiro 2.0.0 seems to have pre-transformed jars for jakarta with a different classifier. This does not work at all. All dependencies (both from third party

[ANNOUNCE] Apache Shiro 2.0.0 release

The Apache Shiro team is pleased to announce the release of Apache Shiro version 2.0.0. Apache Shiro is a powerful and easy-to-use Java security framework that performs authentication, authorization, cryptography, and session management. With Shiro’s easy-to-understand API, you can quickly

[ANNOUNCE]

The Apache Shiro team is pleased to announce the release of Apache Shiro version 2.0.0. Apache Shiro is a powerful and easy-to-use Java security framework that performs authentication, authorization, cryptography, and session management. With Shiro’s easy-to-understand API, you can quickly

[RESULT][VOTE] Apache Shiro 2.0.0 release

Hi, This vote passed with the following result: +1 (binding): Lenny Primak, Jean-Baptiste Onofre, Benjamin Marwell, François Papon +1 (non-binding): Jakub Herkel I'm promoting the artifacts on Central and dist.apache.org I will then announce the release. Thanks all

Re: [VOTE] Release Apache Shiro 2.0.0

Here's my late +1 Thanks Hervé for checking reproducible builds! Am Fr., 23. Feb. 2024 um 09:35 Uhr schrieb Francois Papon : > > +1 (binding) > > Thanks Lenny for this major release! > > Regards, > > François > > On 20/02/2024 23:35, le...@flowlogix.com wrote: > > This is a call to vote in

Re: [VOTE] Release Apache Shiro 2.0.0

+1 (binding) Thanks Lenny for this major release! Regards, François On 20/02/2024 23:35, le...@flowlogix.com wrote: This is a call to vote in favor of releasing Apache Shiro version 2.0.0 Maven Staging repo: https://repository.apache.org/content/repositories/orgapacheshiro-1059

Re: [VOTE] Release Apache Shiro 2.0.0

+1 (non-binding) best regards Jakub On Wed, Feb 21, 2024 at 10:20 AM Jean-Baptiste Onofré wrote: > > +1 (binding) > > Regards > JB > > On Tue, Feb 20, 2024 at 11:35 PM wrote: > > > > This is a call to vote in favor of releasing Apache Shiro version 2.0.0 > > > > Maven Staging repo: > >

Re: [VOTE] Release Apache Shiro 2.0.0

+1 (binding) Regards JB On Tue, Feb 20, 2024 at 11:35 PM wrote: > > This is a call to vote in favor of releasing Apache Shiro version 2.0.0 > > Maven Staging repo: > https://repository.apache.org/content/repositories/orgapacheshiro-1059 >

Re: [VOTE] Release Apache Shiro 2.0.0

Lenny Primak: +1 (binding) > On Feb 20, 2024, at 3:35 PM, le...@flowlogix.com wrote: > > This is a call to vote in favor of releasing Apache Shiro version 2.0.0 > > Maven Staging repo: > https://repository.apache.org/content/repositories/orgapacheshiro-1059 >

Community Over Code Asia 2024 Travel Assistance Applications now open!

Hello to all users, contributors and Committers! The Travel Assistance Committee (TAC) are pleased to announce that travel assistance applications for Community over Code Asia 2024 are now open! We will be supporting Community over Code Asia, Hangzhou, China July 26th - 28th, 2024. TAC exists

Re: Shiro 2.0 release: beta or final?

I'm no longer an active user but still watch this list. +1 for final for what my opinion is worth.  On Fri, Feb 16, 2024 at 1:53 AM Francois Papon wrote: > +1 for final. > > On 12/02/2024 15:52, Lenny Primak wrote: > > Hi, > > > > I am thinking we go straight to final release of 2.0 and bypass

Re: Shiro 2.0 release: beta or final?

+1 for final. On 12/02/2024 15:52, Lenny Primak wrote: Hi, I am thinking we go straight to final release of 2.0 and bypass the beta entirely. IMHO it’s been in Alpha long enough. What do you think?

Re: Proposal: Release Shiro 2.0 Beta

+1 Still asking for help with the docs, though. Am Fr., 9. Feb. 2024 um 15:39 Uhr schrieb Brian Demers : > > +1 > > On Thu, Feb 8, 2024 at 1:59 AM Francois Papon > wrote: >> >> +1 >> >> On 07/02/2024 01:55, le...@flowlogix.com wrote: >> >> Proposal: Release Shiro 2.x Beta >> Since docs are

Re: Proposal: Release Shiro 2.0 Beta

+1 On Thu, Feb 8, 2024 at 1:59 AM Francois Papon wrote: > +1 > On 07/02/2024 01:55, le...@flowlogix.com wrote: > > Proposal: Release Shiro 2.x Beta > Since docs are well on their way and there are no more showstoppers… > What do you think? > >

Re: Proposal: Release Shiro 2.0 Beta

+1 On 07/02/2024 01:55, le...@flowlogix.com wrote: Proposal: Release Shiro 2.x Beta Since docs are well on their way and there are no more showstoppers… What do you think?

Community over Code EU 2024 Travel Assistance Applications now open!

Hello to all users, contributors and Committers! The Travel Assistance Committee (TAC) are pleased to announce that travel assistance applications for Community over Code EU 2024 are now open! We will be supporting Community over Code EU, Bratislava, Slovakia, June 3th - 5th, 2024. TAC exists

[no subject]

Hello to all users, contributors and Committers! The Travel Assistance Committee (TAC) are pleased to announce that travel assistance applications for Community over Code EU 2024 are now open! We will be supporting Community over Code EU, Bratislava, Slovakia, June 3th - 5th, 2024. TAC exists

Re: CVE-2023-46749: Apache Shiro before 1.130 or 2.0.0-alpha-4, may be susceptible to a path traversal attack that results in an authentication bypass when used together with path rewriting

On 19.01.24 16:24, Brian Demers wrote: We are looking into getting this corrected. Thanks for letting us know! Looks like you were partially successful, thanks. https://www.cve.org/CVERecord?id=CVE-2023-46749 now correctly states "1.13.0" in the description and it's got the affected version

Re: CVE-2023-46749: Apache Shiro before 1.130 or 2.0.0-alpha-4, may be susceptible to a path traversal attack that results in an authentication bypass when used together with path rewriting

We are looking into getting this corrected. Thanks for letting us know! On Fri, Jan 19, 2024 at 4:01 AM Marcel Stör wrote: > > The description in the NVD is not correct. It says "Apache Shiro before > 1.130" - note the missing dot. Furthermore, it's missing a "Known > Affected Software

RE: CVE-2023-46749: Apache Shiro before 1.130 or 2.0.0-alpha-4, may be susceptible to a path traversal attack that results in an authentication bypass when used together with path rewriting

The description in the NVD is not correct. It says "Apache Shiro before 1.130" - note the missing dot. Furthermore, it's missing a "Known Affected Software Configurations" (listing CPEs) that formally declares that 1.13.0 is safe. Without it, no tool can reliably report that my project using

CVE-2023-46749: Apache Shiro before 1.130 or 2.0.0-alpha-4, may be susceptible to a path traversal attack that results in an authentication bypass when used together with path rewriting

Severity: low Affected versions: - Apache Shiro before 1.13.0 - Apache Shiro 2.0.0-alpha-1 before 2.0.0-alpha-4 Description: Apache Shiro before 1.130 or 2.0.0-alpha-4, may be susceptible to a path traversal attack that results in an authentication bypass when used together with path

CVE-2023-46750: Apache Shiro: URL Redirection to Untrusted Site ('Open Redirect') vulnerability in FORM authentication feature Apache Shiro.

Severity: moderate Affected versions: - Apache Shiro before 1.13.0 - Apache Shiro 2.0.0-alpha-1 before 2.0.0-alpha-4 Description: URL Redirection to Untrusted Site ('Open Redirect') vulnerability when "form" authentication is used in Apache Shiro. Mitigation: Update to Apache Shiro 1.13.0+ or

[ANNOUNCE] Apache Shiro 2.0.0-alpha-4 with fix CVE-2023-46750

The Apache Shiro team is pleased to announce the release of Apache Shiro version 2.0.0-alpha-4 Apache Shiro is a powerful and easy-to-use Java security framework that performs authentication, authorization, cryptography, and session management. With Shiro’s easy-to-understand API, you can

[RESULT][VOTE] Apache Shiro 2.0.0-alpha-4 release

Hi, This vote passed with the following result: +1 (binding): Jean-Baptiste Onofre, Benjamin Marwell, François Papon, Lenny Primak I'm promoting the artifacts on Central and dist.apache.org, I will then announce the release. Thanks all for your vote!

[ANNOUNCE] Apache Shiro 1.13.0 with fix CVE-2023-46750

The Apache Shiro team is pleased to announce the release of Apache Shiro version 1.13.0. Apache Shiro is a powerful and easy-to-use Java security framework that performs authentication, authorization, cryptography, and session management. With Shiro’s easy-to-understand API, you can quickly

Re: [SUCCESS][VOTE] Release Apache Shiro 2.0.0-alpha-4

2.0.0-alpha-4 has been published! Thank you everyone! > On Nov 9, 2023, at 4:00 AM, Benjamin Marwell wrote: > > +1 > > > > > On Tue, 7 Nov 2023, 23:56 , > wrote: > This is a call to vote in favor of releasing Apache Shiro version > 2.0.0-alpha-4 > > Maven

Re: [VOTE] Release Apache Shiro 2.0.0-alpha-4

+1 On Tue, 7 Nov 2023, 23:56 , wrote: > This is a call to vote in favor of releasing Apache Shiro version > 2.0.0-alpha-4 > > Maven Staging repo: > https://repository.apache.org/content/repositories/orgapacheshiro-1057 > >

Re: [VOTE] Release Apache Shiro 2.0.0-alpha-4

Lenny Primak: +1 > On Nov 7, 2023, at 4:55 PM, le...@flowlogix.com wrote: > > This is a call to vote in favor of releasing Apache Shiro version > 2.0.0-alpha-4 > > Maven Staging repo: > https://repository.apache.org/content/repositories/orgapacheshiro-1057 >

Re: [VOTE] Release Apache Shiro 2.0.0-alpha-4

+1 (binding) Regards JB On Tue, Nov 7, 2023 at 11:55 PM wrote: > > This is a call to vote in favor of releasing Apache Shiro version > 2.0.0-alpha-4 > > Maven Staging repo: > https://repository.apache.org/content/repositories/orgapacheshiro-1057 >

[VOTE] Release Apache Shiro 2.0.0-alpha-4

This is a call to vote in favor of releasing Apache Shiro version 2.0.0-alpha-4 Maven Staging repo: https://repository.apache.org/content/repositories/orgapacheshiro-1057

Re: [VOTE] Apache Shiro 1.13.0 release (#2)

Great idea! On Fri, Nov 3, 2023 at 4:17 PM Francois Papon wrote: > Hi Brian, > > Very nice maven cmd to verify the stagging release! > > I will add it into the release guide on ASF Confluence :) > > regards, > > François > > On 02/11/2023 18:49, Brian Demers wrote: > > mvn install

Re: [VOTE] Apache Shiro 1.13.0 release (#2)

Hi Brian, Very nice maven cmd to verify the stagging release! I will add it into the release guide on ASF Confluence :) regards, François On 02/11/2023 18:49, Brian Demers wrote: mvn install artifact:compare -Pdocs,apache-release -DskipITs -DskipTests

[RESULT][VOTE] Apache Shiro 1.13.0 release

Hi, This vote passed with the following result: +1 (binding): Lenny Primak, Jean-Baptiste Onofre, Benjamin Marwell, Brian Demers, François Papon I'm promoting the artifacts on Central and dist.apache.org, I will then announce the release. Thanks all for your vote! -- -- François

Re: [VOTE] Apache Shiro 1.13.0 release (#2)

+1 (binding) I checked the build for reproducibility (based on recommendations from Hervé Boutemy at Community Over Code - ApacheCon). Assuming I ran the command correctly, I checked the 1.13.0 tag and source dist by running: mvn install artifact:compare -Pdocs,apache-release -DskipITs

Re: [VOTE] Apache Shiro 1.13.0 release (#2)

+1 (binding) Regards JB On Tue, Oct 31, 2023 at 10:13 AM fpapon wrote: > > Hi everyone, > > I submit Apache Shiro 1.13.0 release to your vote. > > Release Notes: > https://github.com/apache/shiro/releases/tag/shiro-root-1.13.0 > > Staging Maven repository: >

Re: [VOTE] Apache Shiro 1.13.0 release (#2)

Lenny Primak: +1 Thank you!!! > On Oct 31, 2023, at 4:13 AM, fpapon wrote: > > Hi everyone, > > I submit Apache Shiro 1.13.0 release to your vote. > > Release Notes: > https://github.com/apache/shiro/releases/tag/shiro-root-1.13.0 > > Staging Maven repository: >

[VOTE] Apache Shiro 1.13.0 release (#2)

Hi everyone, I submit Apache Shiro 1.13.0 release to your vote. Release Notes: https://github.com/apache/shiro/releases/tag/shiro-root-1.13.0 Staging Maven repository: https://repository.apache.org/content/repositories/orgapacheshiro-1056 Staging dist repository:

[CANCEL][VOTE] Apache Shiro 1.13.0 release

Hi, As raise by Lenny, I cancel this vote because of a missing cherry-pick patches. I will relaunch the release process with the patches. Sorry about that. regards, -- -- François

Re: [VOTE] Apache Shiro 1.13.0 release

Lenny Primak: -1 Patches unfortunately were not cherry-picked (discussed in the security slack) > On Oct 29, 2023, at 5:47 AM, fpapon wrote: > > Hi everyone, > > I submit Apache Shiro 1.13.0 release to your vote. > > Release Notes: >

Re: [VOTE] Apache Shiro 1.13.0 release

Hi, May be this is but it was "draft", I published it so it should be available now, but I don't know if people new to be login into Github. regards, On 29/10/2023 11:56, Tamás Cservenák wrote: Release notes are 404 :( T On Sun, Oct 29, 2023, 11:47 fpapon wrote: Hi everyone, I submit

Re: [VOTE] Apache Shiro 1.13.0 release

Release notes are 404 :( T On Sun, Oct 29, 2023, 11:47 fpapon wrote: > Hi everyone, > > I submit Apache Shiro 1.13.0 release to your vote. > > Release Notes: > https://github.com/apache/shiro/releases/tag/untagged-f9fada1d9554474d63b5 > > Staging Maven repository: >

[VOTE] Apache Shiro 1.13.0 release

Hi everyone, I submit Apache Shiro 1.13.0 release to your vote. Release Notes: https://github.com/apache/shiro/releases/tag/untagged-f9fada1d9554474d63b5 Staging Maven repository: https://repository.apache.org/content/repositories/orgapacheshiro-1054 Staging dist repository:

Re: Access to BCryptHash from BCryptProvider (shiro 2 alpha)

Hi, Thanks for response, I understand now. I try to describe what I want to do: I try to use a new shiro 2.0 but we want to have a possibility that admin can change a hash algorithm and parameters for this algorithm. Migration between different algorithms will be done via hashing old hash from

Re: Access to BCryptHash from BCryptProvider (shiro 2 alpha)

Hi Jakub, they should not be accessible from anywhere. It possibly slipped through reviews. The new hash dependencies are thought to be runtime dependencies. You should never ever need them in your classpath while compiling, only while testing and running the actual application. Does that help?

Re: Access to BCryptHash from BCryptProvider (shiro 2 alpha)

One correction, I meant a signature of method fromString was changed from Hash fromString(String string); to public BCryptHash fromString(String string); Jakub On Wed, Oct 11, 2023 at 11:48 AM Jakub Herkel wrote: > > Hello, > > I would like to ask if there is a way how to decode hash

Access to BCryptHash from BCryptProvider (shiro 2 alpha)

Hello, I would like to ask if there is a way how to decode hash parameters from a hash string. For example for bcrypt. I know that I can use BCryptProvider and there is a method fromString that returns a BCryptHash class. But the BCryphHash isn't public class. Also BCryptProvider changes a

Registration open for Community Over Code North America

Hello! Registration is still open for the upcoming Community Over Code NA event in Halifax, NS! We invite you to register for the event https://communityovercode.org/registration/ Apache Committers, note that you have a special discounted rate for the conference at US$250. To take advantage of

[SUCCESS][VOTE] Release Apache Shiro 2.0.0-alpha-3 (take 2)

Shiro 2.0.0-alpha-3 will be scheduled for release to maven central. Thank you! Vote Summary: François Papon: +1 Jean-Babtiste Onofré: +1 Lenny Primak: +1 > On Jul 27, 2023, at 1:13 AM, Jean-Baptiste Onofré wrote: > > +1 (binding) > > Regards > JB > > On Wed, Jul 26, 2023 at 10:13 AM

Re: [VOTE] Release Apache Shiro 2.0.0-alpha-3 (take 2)

+1 (binding) Regards JB On Wed, Jul 26, 2023 at 10:13 AM Francois Papon wrote: > > +1 (binding) > > Thanks Lenny! > > regards, > > François > > On 25/07/2023 23:28, le...@flowlogix.com wrote: > > This is a call to vote in favor of releasing Apache Shiro version > > 2.0.0-alpha-3 > > > > Maven

Re: [VOTE] Release Apache Shiro 2.0.0-alpha-3 (take 2)

+1 (binding) Thanks Lenny! regards, François On 25/07/2023 23:28, le...@flowlogix.com wrote: This is a call to vote in favor of releasing Apache Shiro version 2.0.0-alpha-3 Maven Staging repo: https://repository.apache.org/content/repositories/orgapacheshiro-1053

Re: [VOTE] Release Apache Shiro 2.0.0-alpha-3 (take 2)

Lenny Primak: +1 > On Jul 25, 2023, at 4:28 PM, le...@flowlogix.com wrote: > > This is a call to vote in favor of releasing Apache Shiro version > 2.0.0-alpha-3 > > Maven Staging repo: > https://repository.apache.org/content/repositories/orgapacheshiro-1053 >

Re: [VOTE] Release Apache Shiro 2.0.0-alpha-3 (take 2)

Release Notes: Release Notes - Shiro - Version 2.0.0-alpha-3 * New Contributors: - Edgar Ramirez Fuentes * New Features: [#943] replace logback with log4j [#947] rewrite java tests to Junit-Jupiter [GH-904] Add Spring 6-related exclusions to Shiro BOM enh: added JPMS module names to JAR

[VOTE] Release Apache Shiro 2.0.0-alpha-3 (take 2)

This is a call to vote in favor of releasing Apache Shiro version 2.0.0-alpha-3 Maven Staging repo: https://repository.apache.org/content/repositories/orgapacheshiro-1053

  1   2   3   4   5   6   7   8   9   10   >