Uploaded image for project: 'Shiro'
  1. Shiro
  2. SHIRO-723

Provide Minor Shiro Release that includes CVE-2019-10086 Fix

    XMLWordPrintableJSON

    Details

    • Type: Request
    • Status: Resolved
    • Priority: Major
    • Resolution: Resolved
    • Affects Version/s: 1.4.1
    • Fix Version/s: 1.5.0
    • Component/s: None
    • Labels:
      None

      Description

      As a User of Shiro
      I want Shiro to pass security scans
      So that it doesn't break my pipeline

      The latest version of Shrio includes the risk from CVE-2019-10086. This has been fixed in SHIRO-720 and is in master. However there is no release available that includes the August Merge Request.

      ref:
      https://github.com/apache/shiro/pull/167
      https://issues.apache.org/jira/browse/SHIRO-720
      https://nvd.nist.gov/vuln/detail/CVE-2019-10086

        Attachments

          Activity

            People

            • Assignee:
              fpapon Francois Papon
              Reporter:
              mdenihan Mark Denihan
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: