Published by Francois Papon on the
The Apache Shiro team is pleased to announce the release of Apache Shiro version 1.12.0. This is a feature release for 1.x.
This release solves 2 issues since the 1.12.0 release and is available for download now.
You can learn more on Jira, Release 1.12.0.
Apache Shiro, before 1.12.0 or 2.0.0-alpha-3, may be susceptible to a path traversal attack that results in an authentication bypass when used together with APIs or other web frameworks that route requests based on non-normalized requests.
Mitigation: Update to Apache Shiro 1.12.0+ or 2.0.0-alpha-3+.
Credit: Apache Shiro would like to thank swifty tk for reporting this issue.
[SHIRO-816] - Update shiro-hazelcast to support Hazelcast 5.x
[SHIRO-849] - Add support for JCache
Download and verification instructions are available on our download page.
For more information on Shiro, please read the documentation.
The Apache Shiro Team