Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Shiro 1.4.0 has component vulnerability, please upgrade it to >= 1.4.2 #102

Open
keyihao opened this issue Jan 24, 2024 · 1 comment
Open

Shiro 1.4.0 has component vulnerability, please upgrade it to >= 1.4.2 #102

keyihao opened this issue Jan 24, 2024 · 1 comment
Assignees
@tvc12
Labels
dependencies Pull requests that update a dependency file enhancement New feature or request good first issue Good for newcomers

Comments

@keyihao
Copy link

keyihao commented Jan 24, 2024

We tried the pre-built docker image and our corp vulnerability system warns that Shiro 1.4.0 has Padding Vulnerability [https://issues.apache.org/jira/browse/SHIRO-721]. Please help upgrade the Shiro version to >= 1.4.2. Thanks.
@tvc12 tvc12 self-assigned this Jan 26, 2024
@tvc12 tvc12 added the dependencies Pull requests that update a dependency file label Jan 26, 2024
@tvc12
Copy link
Member

tvc12 commented Jan 26, 2024

hi @keyihao ,
Thank you for the issue, for a better way. You can manually upgrade Shiro in the pom.xml file. We will release an upgrade in the next release.

@tvc12 tvc12 added enhancement New feature or request good first issue Good for newcomers labels Jan 26, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@tvc12 tvc12

Labels
dependencies Pull requests that update a dependency file enhancement New feature or request good first issue Good for newcomers
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@keyihao @tvc12