Uploaded image for project: 'Shiro'
  1. Shiro
  2. SHIRO-842

shiro-web depends on older log4j

    XMLWordPrintableJSON

Details

    • Dependency upgrade
    • Status: Resolved
    • Major
    • Resolution: Resolved
    • 1.8.0
    • 2.0.0, 1.9.0
    • Web
    • None

    Description

      shiro-web has a very old log4j dependency  (log4j:log4j)

      Snyk is reporting as a critical security issue (not sure it's actually is)

      Shiro should upgrade to the latest 1.x (or 2.x) if necessary

      Attachments

        Issue Links

          Activity

            People

              bmarwell Benjamin Marwell
              lprimak Lenny Primak
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Time Tracking

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - 0h
                  0h
                  Logged:
                  Time Spent - 50m
                  50m