Uploaded image for project: 'ActiveMQ'
  1. ActiveMQ
  2. AMQ-8159

Upgrade to Shiro 1.7.1

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 5.16.1
    • Fix Version/s: 5.17.0, 5.15.15, 5.16.2
    • Component/s: Broker
    • Labels:
      None
    • Environment:

      Linux Bare-Metal and Docker/Kubernetes

      Description

      Apache ActiveMQ v5.16.1 uses Apache Shiro v1.7.0 which has the following security issues.

      I would like to find out when you will be upgrading to Apache Shiro v1.7.1, if ActiveMQ v5.16.2 will include this and if so, when 5.16.2 will be released.

      Apache Shiro 1.7.0 org.apache.shiro:shiro-spring:1.7.0 HIGH 9.0 CVE-2020-17523 2021-02-03T17:15:00.000Z Apache Shiro before 1.7.1  when using Apache Shiro with Spring  a specially crafted HTTP request may cause an authentication bypass.

        Attachments

          Activity

            People

            • Assignee:
              jbonofre Jean-Baptiste Onofré
              Reporter:
              sishbi Simon Billingsley
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: