CVE-2023-34478: Apache Shiro before 1.12.0, or 2.0.0-alpha-3, may be susceptible to a path traversal attack when used together with APIs or other web frameworks that route requests based on non-normal

Severity: important Affected versions: - Apache Shiro before 1.12.0 - Apache Shiro before 2.0.0-alpha-3 Description: Apache Shiro, before 1.12.0 or 2.0.0-alpha-3, may be susceptible to a path traversal attack that results in an authentication bypass when used together with APIs or other web

Re: [VOTE] Release Apache Shiro 2.0.0-alpha-3

+1 (binding) Thanks Lenny! regards, François On 21/07/2023 22:20, le...@flowlogix.com wrote: This is a call to vote in favor of releasing Apache Shiro version 2.0.0-alpha-3 Maven Staging repo: https://repository.apache.org/content/repositories/orgapacheshiro-1052