Fork me on GitHub

Apache Shiro Logo Simple. Java. Security. Apache Software Foundation Event Banner

1.13.0 available with fix CVE-2023-46750

Published by Francois Papon on the

The Apache Shiro team is pleased to announce the release of Apache Shiro version 1.13.0. This is a feature release for 1.x.

This release solves 2 issues since the 1.13.0 release and is available for download now.

All changes

You can learn more on GitHub, Release 1.13.0.

CVE-2023-46750

URL Redirection to Untrusted Site ('Open Redirect') vulnerability when "form" authentication is used in Apache Shiro.

Mitigation: Update to Apache Shiro 1.13.0+ or 2.0.0-alpha-4+.

Download

Download and verification instructions are available on our download page.

Documentation

For more information on Shiro, please read the documentation.

Enjoy!

The Apache Shiro Team