Simple. Java. Security.
1.7.0 available with fix CVE-2020-17510
Published by François Papon on the
The Shiro team is pleased to announce the release of Apache Shiro version 1.7.0. This is a feature release for 1.x.
This release includes 7 issues resolved since the 1.6.0 release and is available for Download now.
Of Note:
-
Disable session path rewriting by default.
-
Add system property to enable backslash path normalization.
-
DeleteMe cookie should use the defined "sameSite".
-
Also add cookie SameSite option to Spring.
-
SslFilter with HTTP Strict Transport Security (HSTS).
You can learn more on Jira.
Release binaries (.jars) are also available through Maven Central and source bundles through Apache distribution mirrors.
For more information on Shiro, please read the documentation.
Enjoy!
The Apache Shiro Team