| = Apache Shiro 1.3.2 Released |
| Brian Demers |
| :jbake-date: 2016-09-09 00:00:00 |
| :jbake-type: post |
| :jbake-status: published |
| :jbake-tags: blog |
| :idprefix: |
| :icons: font |
| |
| The Shiro team is pleased to announce the release of Apache Shiro version 1.3.2. |
| |
| This security release contains 1 fix since the 1.3.1 release. |
| |
| https://www.cve.org/CVERecord?id=CVE-2016-6802[CVE-2016-6802]: |
| |
| Apache Shiro before 1.3.2, when using a non-root servlet context path, specifically crafted requests can be used to by pass some security servlet filters, resulting in unauthorized access. |
| |
| Release binaries (.jars) are also available through Maven Central and source bundles through Apache distribution mirrors. |
| |
| For more information on link:/documentation.html[Shiro, please read the documentation.] |
| |
| The Apache Shiro Team |