Details
-
Request
-
Status: Resolved
-
Major
-
Resolution: Resolved
-
1.4.1
-
None
-
None
Description
As a User of Shiro
I want Shiro to pass security scans
So that it doesn't break my pipeline
The latest version of Shrio includes the risk from CVE-2019-10086. This has been fixed in SHIRO-720 and is in master. However there is no release available that includes the August Merge Request.
ref:
https://github.com/apache/shiro/pull/167
https://issues.apache.org/jira/browse/SHIRO-720
https://nvd.nist.gov/vuln/detail/CVE-2019-10086