A quick update,
First, the Apache Shiro team wants to thank qianji @ OPPO ZIWU Cyber
Security Lab for reporting the issue responsibly [0]
Second, if you are NOT using Shiro’s Spring Boot Starter
(`shiro-spring-boot-web-starter`), you must configure add the
ShiroRequestMappingConfig auto
The Shiro team is pleased to announce the release of Apache Shiro version 1.7.0.
This security release contains 7 fixes since the 1.6.0 release and is available
for Download now [1].
CVE-2020-17510:
Apache Shiro before 1.7.0, when using Apache Shiro with Spring, a specially
crafted