src/site/content/blog/2023/11/10/apache-shiro-1130-released.adoc - shiro-site - Git at Google

 ////
 # Licensed to the Apache Software Foundation (ASF) under one
 # or more contributor license agreements.  See the NOTICE file
 # distributed with this work for additional information
 # regarding copyright ownership.  The ASF licenses this file
 # to you under the Apache License, Version 2.0 (the
 # "License"); you may not use this file except in compliance
 # with the License.  You may obtain a copy of the License at
 #
 #   http://www.apache.org/licenses/LICENSE-2.0
 #
 # Unless required by applicable law or agreed to in writing,
 # software distributed under the License is distributed on an
 # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
 # KIND, either express or implied.  See the License for the
 # specific language governing permissions and limitations
 # under the License.
 ////

 = 1.13.0 available with fix CVE-2023-46750
 :jbake-author: Francois Papon
 :jbake-date: 2023-11-10 00:00:00
 :jbake-type: post
 :jbake-status: published
 :jbake-tags: blog, release
 :idprefix:
 :icons: font

 The Apache Shiro team is pleased to announce the release of Apache Shiro version 1.13.0.
 This is a feature release for 1.x.

 This release solves 2 issues since the 1.13.0 release and is available for download now.

 == All changes

 You can learn more on link:https://github.com/apache/shiro/releases/tag/shiro-root-1.13.0[GitHub, Release 1.13.0].

 === link:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46750[CVE-2023-46750]

 URL Redirection to Untrusted Site ('Open Redirect') vulnerability when "form" authentication is used in Apache Shiro.

 **Mitigation:** Update to Apache Shiro 1.13.0+ or 2.0.0-alpha-4+.

 == Download

 Download and verification instructions are available link:/download.html[on our download page].

 == Documentation

 For more information on link:/documentation.html[Shiro, please read the documentation.]

 Enjoy!

 The Apache Shiro Team
	////
	# Licensed to the Apache Software Foundation (ASF) under one
	# or more contributor license agreements. See the NOTICE file
	# distributed with this work for additional information
	# regarding copyright ownership. The ASF licenses this file
	# to you under the Apache License, Version 2.0 (the
	# "License"); you may not use this file except in compliance
	# with the License. You may obtain a copy of the License at
	#
	# http://www.apache.org/licenses/LICENSE-2.0
	#
	# Unless required by applicable law or agreed to in writing,
	# software distributed under the License is distributed on an
	# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
	# KIND, either express or implied. See the License for the
	# specific language governing permissions and limitations
	# under the License.
	////

	= 1.13.0 available with fix CVE-2023-46750
	:jbake-author: Francois Papon
	:jbake-date: 2023-11-10 00:00:00
	:jbake-type: post
	:jbake-status: published
	:jbake-tags: blog, release
	:idprefix:
	:icons: font

	The Apache Shiro team is pleased to announce the release of Apache Shiro version 1.13.0.
	This is a feature release for 1.x.

	This release solves 2 issues since the 1.13.0 release and is available for download now.

	== All changes

	You can learn more on link:https://github.com/apache/shiro/releases/tag/shiro-root-1.13.0[GitHub, Release 1.13.0].

	=== link:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46750[CVE-2023-46750]

	URL Redirection to Untrusted Site ('Open Redirect') vulnerability when "form" authentication is used in Apache Shiro.

	Mitigation: Update to Apache Shiro 1.13.0+ or 2.0.0-alpha-4+.

	== Download

	Download and verification instructions are available link:/download.html[on our download page].

	== Documentation

	For more information on link:/documentation.html[Shiro, please read the documentation.]

	Enjoy!

	The Apache Shiro Team