For that version, users are expected to update to a newer minor version. On Wed, Jul 19, 2023 at 4:43 PM Mihir Chhaya <mihir.chh...@gmail.com> wrote:
> Thank you for your response. Following is the link I am referring to for > the Shiro Vulnerabilities associated with respective versions. > > https://mvnrepository.com/artifact/org.apache.shiro/shiro-core > > For example - following are reported in version 1.9. > CVE-2022-40664 > <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40664> > CVE-2022-32532 > <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32532> > > Thank you, > -Mihir. > > On Wed, Jul 19, 2023 at 1:59 PM <le...@flowlogix.com> wrote: > >> Hi, Mihir, >> >> I am not quite sure what you are asking. Can you clarify what exact >> vulnerabilities you are referring to? >> Perhaps a link or two? >> >> Thank you >> >> On Jul 18, 2023, at 7:39 AM, Mihir Chhaya <mihir.chh...@gmail.com> wrote: >> >> Hello, >> >> I see the Authentication bypass vulnerability existing in almost every >> release of the Apache Shiro. >> >> Is there any solution for this? We are evaluating the options to >> implement the security and not able to decide if these vulnerabilities will >> ever get resolved. >> >> Any suggestions? >> >> Thank you, >> -Mihir. >> >> >>