[AMQ-8159] Upgrade to Shiro 1.7.1 - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: 5.16.1
Fix Version/s: 5.15.15, 5.16.2, 5.17.0
Component/s: Broker
Labels:
None
Environment:

Linux Bare-Metal and Docker/Kubernetes

Description

Apache ActiveMQ v5.16.1 uses Apache Shiro v1.7.0 which has the following security issues.

I would like to find out when you will be upgrading to Apache Shiro v1.7.1, if ActiveMQ v5.16.2 will include this and if so, when 5.16.2 will be released.

Apache Shiro

1.7.0

org.apache.shiro:shiro-spring:1.7.0

HIGH

9.0

CVE-2020-17523

2021-02-03T17:15:00.000Z

Apache Shiro before 1.7.1 when using Apache Shiro with Spring a specially crafted HTTP request may cause an authentication bypass.

Attachments

Activity

People

Assignee:: Jean-Baptiste Onofré

Reporter:: Simon Billingsley

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 01/Mar/21 11:36

Updated:: 09/Mar/21 21:08

Resolved:: 09/Mar/21 21:08