| <?xml version="1.0" encoding="utf-8"?> |
| <feed xmlns="http://www.w3.org/2005/Atom"> |
| <title>Apache Shiro | The Apache Software Foundation</title> |
| <subtitle>Simple. Java. Security.</subtitle> |
| <link href="https://shiro.apache.org/"/> |
| <link rel="self" href="https://shiro.apache.org/feed.xml" /> |
| <updated>2024-02-28T20:20:16Z</updated> |
| |
| <author> |
| <name>Les Hazlewood</name> |
| <uri>https://twitter.com/@lhazlewood</uri> |
| </author> |
| <author> |
| <name>Benjamin Marwell</name> |
| <uri>https://twitter.com/@bmarwell</uri> |
| </author> |
| <author> |
| <name>Lenny Primak</name> |
| <uri>https://twitter.com/@lprimak</uri> |
| </author> |
| <author> |
| <name>François Papon</name> |
| <uri>https://twitter.com/@fpapon2</uri> |
| </author> |
| <author> |
| <name>Richard Zowalla</name> |
| <uri>https://twitter.com/@zowalla</uri> |
| </author> |
| <author> |
| <name>Brian Demers</name> |
| <uri>https://twitter.com/@briandemers</uri> |
| </author> |
| <id>https://shiro.apache.org/</id> |
| <generator uri="https://jbake.org/">JBake.org</generator> |
| <icon>/images/favicon128.png</icon> |
| <logo>/images/apache-shiro-logo.png</logo> |
| |
| <entry> |
| <title>2.0.0 available</title> |
| <link href="https://shiro.apache.org/blog/2024/02/apache-shiro-200-released.html"/> |
| <id>https://shiro.apache.org/blog/2024/02/apache-shiro-200-released.html</id> |
| <updated>2024-02-28T00:00:00Z</updated> |
| <author> |
| <name>Lenny Primak</name> |
| </author> |
| <content type="html"> |
| <div id="preamble"> |
| <div class="sectionbody"> |
| <div class="paragraph"> |
| <p>The Apache Shiro team is pleased to announce the release of Apache Shiro version 2.0.0. |
| This is the first major release for Shiro 2.x</p> |
| </div> |
| <div class="paragraph"> |
| <p>This release is available for download now.</p> |
| </div> |
| </div> |
| </div> |
| <div class="sect1"> |
| <h2 id="release_highlights">Release Highlights</h2> |
| <div class="sectionbody"> |
| <div class="ulist"> |
| <ul> |
| <li> |
| <p>Java 11 is the minimum supported JVM version</p> |
| </li> |
| <li> |
| <p>Jakarta EE 10 support (Java/Jakarta EE 8 is also supported)</p> |
| </li> |
| <li> |
| <p>New Jakarta EE integration module (see <a href="https://shiro.apache.org/jakarta-ee.html">Jakarta EE Integration</a> for more information)</p> |
| </li> |
| <li> |
| <p>SpringBoot 3.x support (SpringBoot 2.x is also supported)</p> |
| </li> |
| <li> |
| <p>Automatic form resubmission when session expired (Jakarta EE only)</p> |
| </li> |
| </ul> |
| </div> |
| </div> |
| </div> |
| <div class="sect1"> |
| <h2 id="all_changes">All changes</h2> |
| <div class="sectionbody"> |
| <div class="paragraph"> |
| <p>You can learn more on <a href="https://github.com/apache/shiro/releases/tag/shiro-root-2.0.0">GitHub, Release 2.0.0</a>.</p> |
| </div> |
| </div> |
| </div> |
| <div class="sect1"> |
| <h2 id="download">Download</h2> |
| <div class="sectionbody"> |
| <div class="paragraph"> |
| <p>Download and verification instructions are available <a href="/download.html">on our download page</a>.</p> |
| </div> |
| </div> |
| </div> |
| <div class="sect1"> |
| <h2 id="documentation">Documentation</h2> |
| <div class="sectionbody"> |
| <div class="paragraph"> |
| <p>For more information on <a href="/documentation.html">Shiro, please read the documentation.</a></p> |
| </div> |
| <div class="paragraph"> |
| <p>Enjoy!</p> |
| </div> |
| <div class="paragraph"> |
| <p>The Apache Shiro Team</p> |
| </div> |
| </div> |
| </div> |
| </content> |
| </entry> |
| |
| <entry> |
| <title>1.13.0 available with fix CVE-2023-46750</title> |
| <link href="https://shiro.apache.org/blog/2023/11/10/apache-shiro-1130-released.html"/> |
| <id>https://shiro.apache.org/blog/2023/11/10/apache-shiro-1130-released.html</id> |
| <updated>2023-11-10T00:00:00Z</updated> |
| <author> |
| <name>Francois Papon</name> |
| </author> |
| <content type="html"> |
| <div id="preamble"> |
| <div class="sectionbody"> |
| <div class="paragraph"> |
| <p>The Apache Shiro team is pleased to announce the release of Apache Shiro version 1.13.0. |
| This is a feature release for 1.x.</p> |
| </div> |
| <div class="paragraph"> |
| <p>This release solves 2 issues since the 1.13.0 release and is available for download now.</p> |
| </div> |
| </div> |
| </div> |
| <div class="sect1"> |
| <h2 id="all_changes">All changes</h2> |
| <div class="sectionbody"> |
| <div class="paragraph"> |
| <p>You can learn more on <a href="https://github.com/apache/shiro/releases/tag/shiro-root-1.13.0">GitHub, Release 1.13.0</a>.</p> |
| </div> |
| <div class="sect2"> |
| <h3 id="cve_2023_46750"><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46750">CVE-2023-46750</a></h3> |
| <div class="paragraph"> |
| <p>URL Redirection to Untrusted Site ('Open Redirect') vulnerability when "form" authentication is used in Apache Shiro.</p> |
| </div> |
| <div class="paragraph"> |
| <p><strong>Mitigation:</strong> Update to Apache Shiro 1.13.0+ or 2.0.0-alpha-4+.</p> |
| </div> |
| </div> |
| </div> |
| </div> |
| <div class="sect1"> |
| <h2 id="download">Download</h2> |
| <div class="sectionbody"> |
| <div class="paragraph"> |
| <p>Download and verification instructions are available <a href="/download.html">on our download page</a>.</p> |
| </div> |
| </div> |
| </div> |
| <div class="sect1"> |
| <h2 id="documentation">Documentation</h2> |
| <div class="sectionbody"> |
| <div class="paragraph"> |
| <p>For more information on <a href="/documentation.html">Shiro, please read the documentation.</a></p> |
| </div> |
| <div class="paragraph"> |
| <p>Enjoy!</p> |
| </div> |
| <div class="paragraph"> |
| <p>The Apache Shiro Team</p> |
| </div> |
| </div> |
| </div> |
| </content> |
| </entry> |
| |
| <entry> |
| <title>1.12.0 available with fix CVE-2023-34478</title> |
| <link href="https://shiro.apache.org/blog/2023/07/18/apache-shiro-1120-released.html"/> |
| <id>https://shiro.apache.org/blog/2023/07/18/apache-shiro-1120-released.html</id> |
| <updated>2023-07-18T00:00:00Z</updated> |
| <author> |
| <name>Francois Papon</name> |
| </author> |
| <content type="html"> |
| <div id="preamble"> |
| <div class="sectionbody"> |
| <div class="paragraph"> |
| <p>The Apache Shiro team is pleased to announce the release of Apache Shiro version 1.12.0. |
| This is a feature release for 1.x.</p> |
| </div> |
| <div class="paragraph"> |
| <p>This release solves 2 issues since the 1.12.0 release and is available for download now.</p> |
| </div> |
| </div> |
| </div> |
| <div class="sect1"> |
| <h2 id="all_changes">All changes</h2> |
| <div class="sectionbody"> |
| <div class="paragraph"> |
| <p>You can learn more on <a href="https://issues.apache.org/jira/projects/SHIRO/versions/12353403">Jira, Release 1.12.0</a>.</p> |
| </div> |
| <div class="sect2"> |
| <h3 id="cve_2023_34478"><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-34478">CVE-2023-34478</a></h3> |
| <div class="paragraph"> |
| <p>Apache Shiro, before 1.12.0 or 2.0.0-alpha-3, may be susceptible to a path traversal attack that results in an authentication bypass when used together with APIs or other web frameworks that route requests based on non-normalized requests.</p> |
| </div> |
| <div class="paragraph"> |
| <p><strong>Mitigation:</strong> Update to Apache Shiro 1.12.0+ or 2.0.0-alpha-3+.</p> |
| </div> |
| <div class="paragraph"> |
| <p><strong>Credit:</strong> |
| Apache Shiro would like to thank <strong>swifty tk</strong> for reporting this issue.</p> |
| </div> |
| </div> |
| <div class="sect2"> |
| <h3 id="improvement">Improvement</h3> |
| <div class="ulist"> |
| <ul> |
| <li> |
| <p>[<a href="https://issues.apache.org/jira/browse/SHIRO-816">SHIRO-816</a>] - Update shiro-hazelcast to support Hazelcast 5.x</p> |
| </li> |
| </ul> |
| </div> |
| </div> |
| <div class="sect2"> |
| <h3 id="task">Task</h3> |
| <div class="ulist"> |
| <ul> |
| <li> |
| <p>[<a href="https://issues.apache.org/jira/browse/SHIRO-849">SHIRO-849</a>] - Add support for JCache</p> |
| </li> |
| </ul> |
| </div> |
| </div> |
| </div> |
| </div> |
| <div class="sect1"> |
| <h2 id="download">Download</h2> |
| <div class="sectionbody"> |
| <div class="paragraph"> |
| <p>Download and verification instructions are available <a href="/download.html">on our download page</a>.</p> |
| </div> |
| </div> |
| </div> |
| <div class="sect1"> |
| <h2 id="documentation">Documentation</h2> |
| <div class="sectionbody"> |
| <div class="paragraph"> |
| <p>For more information on <a href="/documentation.html">Shiro, please read the documentation.</a></p> |
| </div> |
| <div class="paragraph"> |
| <p>Enjoy!</p> |
| </div> |
| <div class="paragraph"> |
| <p>The Apache Shiro Team</p> |
| </div> |
| </div> |
| </div> |
| </content> |
| </entry> |
| |
| <entry> |
| <title>2.0.0-alpha available</title> |
| <link href="https://shiro.apache.org/blog/2023/05/04/apache-shiro-200-alpha-1-released.html"/> |
| <id>https://shiro.apache.org/blog/2023/05/04/apache-shiro-200-alpha-1-released.html</id> |
| <updated>2023-05-04T00:00:00Z</updated> |
| <author> |
| <name>Lenny Primak</name> |
| </author> |
| <content type="html"> |
| <div id="preamble"> |
| <div class="sectionbody"> |
| <div class="paragraph"> |
| <p>The Apache Shiro team is pleased to announce the release of Apache Shiro version 2.0.0-alpha.</p> |
| </div> |
| </div> |
| </div> |
| <div class="sect1"> |
| <h2 id="all_changes">All changes</h2> |
| <div class="sectionbody"> |
| <div class="paragraph"> |
| <p>You can learn more on <a href="https://issues.apache.org/jira/projects/SHIRO/versions/12315455">Jira, Release 2.0.0-alpha</a>.</p> |
| </div> |
| <div class="paragraph"> |
| <p>Release Notes - Shiro - Version 2.0.0-alpha</p> |
| </div> |
| <div class="sect2"> |
| <h3 id="sub_tasks">Sub-tasks</h3> |
| <div class="ulist"> |
| <ul> |
| <li> |
| <p>[<a href="https://issues.apache.org/jira/browse/SHIRO-772">SHIRO-772</a>] - |
| PowerMock blocks JDK 11+ builds</p> |
| </li> |
| <li> |
| <p>[<a href="https://issues.apache.org/jira/browse/SHIRO-773">SHIRO-773</a>] - |
| Outdated Groovy version does not work with JDK14</p> |
| </li> |
| <li> |
| <p>[<a href="https://issues.apache.org/jira/browse/SHIRO-775">SHIRO-775</a>] - |
| Excessive logging in jetty ContainerITs</p> |
| </li> |
| </ul> |
| </div> |
| </div> |
| <div class="sect2"> |
| <h3 id="bugs">Bugs</h3> |
| <div class="ulist"> |
| <ul> |
| <li> |
| <p>[<a href="https://issues.apache.org/jira/browse/SHIRO-349">SHIRO-349</a>] - |
| Security: Byte arrays (and other memory) holding sensitive data (even |
| temporarily) should be zerod-out</p> |
| </li> |
| <li> |
| <p>[<a href="https://issues.apache.org/jira/browse/SHIRO-512">SHIRO-512</a>] - Race |
| condition in Shiro&#8217;s web container session timeout handling</p> |
| </li> |
| <li> |
| <p>[<a href="https://issues.apache.org/jira/browse/SHIRO-537">SHIRO-537</a>] - Class |
| load issue in OSGI in ClassUtils</p> |
| </li> |
| <li> |
| <p>[<a href="https://issues.apache.org/jira/browse/SHIRO-610">SHIRO-610</a>] - |
| Incorrect filterchainResolver in 1.4.0-RC2</p> |
| </li> |
| <li> |
| <p>[<a href="https://issues.apache.org/jira/browse/SHIRO-632">SHIRO-632</a>] - |
| org.apache.felix:maven-bundle-plugin causing duplicate class problems |
| between core and lang</p> |
| </li> |
| <li> |
| <p>[<a href="https://issues.apache.org/jira/browse/SHIRO-646">SHIRO-646</a>] - Unable |
| to login a DelegatingSubject on a DefaultWebSecurityManager</p> |
| </li> |
| <li> |
| <p>[<a href="https://issues.apache.org/jira/browse/SHIRO-654">SHIRO-654</a>] - |
| Multiple shiro OSGi bundles export the same packages</p> |
| </li> |
| <li> |
| <p>[<a href="https://issues.apache.org/jira/browse/SHIRO-678">SHIRO-678</a>] - Strings |
| garbled when POST without JSESSIONID cookie</p> |
| </li> |
| <li> |
| <p>[<a href="https://issues.apache.org/jira/browse/SHIRO-761">SHIRO-761</a>] - Bad |
| OSGi import for javax.annotation in shiro-guice</p> |
| </li> |
| <li> |
| <p>[<a href="https://issues.apache.org/jira/browse/SHIRO-762">SHIRO-762</a>] - |
| SecurityUtils.securityManager should be volatile</p> |
| </li> |
| <li> |
| <p>[<a href="https://issues.apache.org/jira/browse/SHIRO-766">SHIRO-766</a>] - |
| ArrayIndexOutOfBoundsException in Base64#decode</p> |
| </li> |
| <li> |
| <p>[<a href="https://issues.apache.org/jira/browse/SHIRO-767">SHIRO-767</a>] - |
| org.apache.shiro.util.ClassUtil cannot load the array of Primitive |
| DataType when use undertown as web container</p> |
| </li> |
| <li> |
| <p>[<a href="https://issues.apache.org/jira/browse/SHIRO-774">SHIRO-774</a>] - Remove |
| wrong usage of prerequisites in pom.xml</p> |
| </li> |
| <li> |
| <p>[<a href="https://issues.apache.org/jira/browse/SHIRO-778">SHIRO-778</a>] - onInit |
| method on AuthenticatingRealm is called twice</p> |
| </li> |
| <li> |
| <p>[<a href="https://issues.apache.org/jira/browse/SHIRO-792">SHIRO-792</a>] - |
| ShiroWebFilterConfiguration seems to conflict with other |
| FilterRegistrationBean</p> |
| </li> |
| <li> |
| <p>[<a href="https://issues.apache.org/jira/browse/SHIRO-797">SHIRO-797</a>] - Shiro |
| 1.7.0 is lower than using springboot version 2.0.7 dependency error</p> |
| </li> |
| <li> |
| <p>[<a href="https://issues.apache.org/jira/browse/SHIRO-812">SHIRO-812</a>] - Key |
| value separator in config is broken with escape char</p> |
| </li> |
| <li> |
| <p>[<a href="https://issues.apache.org/jira/browse/SHIRO-817">SHIRO-817</a>] - |
| CommonsInterpolator does not follow javadoc</p> |
| </li> |
| <li> |
| <p>[<a href="https://issues.apache.org/jira/browse/SHIRO-818">SHIRO-818</a>] - JAX-RS |
| ExceptionMapper returns wrong status code</p> |
| </li> |
| <li> |
| <p>[<a href="https://issues.apache.org/jira/browse/SHIRO-819">SHIRO-819</a>] - Hasher |
| Utility not executable</p> |
| </li> |
| <li> |
| <p>[<a href="https://issues.apache.org/jira/browse/SHIRO-825">SHIRO-825</a>] - |
| Trailing slash in URI results in "IllegalArgumentException: There is no |
| configured chain under the name/key"</p> |
| </li> |
| <li> |
| <p>[<a href="https://issues.apache.org/jira/browse/SHIRO-845">SHIRO-845</a>] - |
| Dependencies for test-jars missing</p> |
| </li> |
| <li> |
| <p>[<a href="https://issues.apache.org/jira/browse/SHIRO-899">SHIRO-899</a>] - Jakarta |
| 9+ fails with Shiro native sesions</p> |
| </li> |
| <li> |
| <p>[<a href="https://issues.apache.org/jira/browse/SHIRO-902">SHIRO-902</a>] - |
| Separator conflict between PermissionUtils.resolveDelimitedPermissions() |
| and WildcardPermission.SUBPART_DIVIDER_TOKEN</p> |
| </li> |
| </ul> |
| </div> |
| </div> |
| <div class="sect2"> |
| <h3 id="epic">Epic</h3> |
| <div class="ulist"> |
| <ul> |
| <li> |
| <p>[<a href="https://issues.apache.org/jira/browse/SHIRO-897">SHIRO-897</a>] - Group |
| all Jakarta-EE related issues here</p> |
| </li> |
| </ul> |
| </div> |
| </div> |
| <div class="sect2"> |
| <h3 id="new_features">New Features</h3> |
| <div class="ulist"> |
| <ul> |
| <li> |
| <p>[<a href="https://issues.apache.org/jira/browse/SHIRO-206">SHIRO-206</a>] - Support |
| for JSF/Facelets</p> |
| </li> |
| <li> |
| <p>[<a href="https://issues.apache.org/jira/browse/SHIRO-290">SHIRO-290</a>] - Create |
| a BCrypt Hash implementation</p> |
| </li> |
| <li> |
| <p>[<a href="https://issues.apache.org/jira/browse/SHIRO-337">SHIRO-337</a>] - adding |
| support for CDI</p> |
| </li> |
| <li> |
| <p>[<a href="https://issues.apache.org/jira/browse/SHIRO-789">SHIRO-789</a>] - Also |
| add cookie SameSite option to Spring</p> |
| </li> |
| <li> |
| <p>[<a href="https://issues.apache.org/jira/browse/SHIRO-898">SHIRO-898</a>] - Migrate |
| Jakarta EE support from FlowLogix to Shiro</p> |
| </li> |
| </ul> |
| </div> |
| </div> |
| <div class="sect2"> |
| <h3 id="improvements">Improvements</h3> |
| <div class="ulist"> |
| <ul> |
| <li> |
| <p>[<a href="https://issues.apache.org/jira/browse/SHIRO-216">SHIRO-216</a>] - Add |
| @Documented to Shiro authorization annotations</p> |
| </li> |
| <li> |
| <p>[<a href="https://issues.apache.org/jira/browse/SHIRO-398">SHIRO-398</a>] - |
| Inconsistent name for session validation interval property in different |
| implementations</p> |
| </li> |
| <li> |
| <p>[<a href="https://issues.apache.org/jira/browse/SHIRO-478">SHIRO-478</a>] - Upgrade |
| dependencies on trunk</p> |
| </li> |
| <li> |
| <p>[<a href="https://issues.apache.org/jira/browse/SHIRO-551">SHIRO-551</a>] - |
| DelegatingSubject should implement toString()</p> |
| </li> |
| <li> |
| <p>[<a href="https://issues.apache.org/jira/browse/SHIRO-671">SHIRO-671</a>] - Add |
| support for javax.annotation.security.RolesAllowed, PermitAll, and |
| DenyAll</p> |
| </li> |
| <li> |
| <p>[<a href="https://issues.apache.org/jira/browse/SHIRO-679">SHIRO-679</a>] - Shiro |
| modules have split packages</p> |
| </li> |
| <li> |
| <p>[<a href="https://issues.apache.org/jira/browse/SHIRO-708">SHIRO-708</a>] - Remove |
| deprecated shiro-cas module</p> |
| </li> |
| <li> |
| <p>[<a href="https://issues.apache.org/jira/browse/SHIRO-740">SHIRO-740</a>] - |
| SslFilter with HTTP Strict Transport Security (HSTS)</p> |
| </li> |
| <li> |
| <p>[<a href="https://issues.apache.org/jira/browse/SHIRO-750">SHIRO-750</a>] - Migrate |
| to jakarta APIs</p> |
| </li> |
| <li> |
| <p>[<a href="https://issues.apache.org/jira/browse/SHIRO-764">SHIRO-764</a>] - Add |
| IpFilter for restricting access IP ranges</p> |
| </li> |
| <li> |
| <p>[<a href="https://issues.apache.org/jira/browse/SHIRO-770">SHIRO-770</a>] - Remove |
| Base64</p> |
| </li> |
| <li> |
| <p>[<a href="https://issues.apache.org/jira/browse/SHIRO-771">SHIRO-771</a>] - Add |
| OpenJDK-OpenJ9 travis builds</p> |
| </li> |
| <li> |
| <p>[<a href="https://issues.apache.org/jira/browse/SHIRO-795">SHIRO-795</a>] - Disable |
| session path rewriting by default</p> |
| </li> |
| <li> |
| <p>[<a href="https://issues.apache.org/jira/browse/SHIRO-804">SHIRO-804</a>] - Avoid |
| conflicts with spring boot aop</p> |
| </li> |
| <li> |
| <p>[<a href="https://issues.apache.org/jira/browse/SHIRO-806">SHIRO-806</a>] - Remove |
| deprecated DefaultLdapContextFactory</p> |
| </li> |
| <li> |
| <p>[<a href="https://issues.apache.org/jira/browse/SHIRO-807">SHIRO-807</a>] - Remove |
| deprecated getLdapContext(String username, String password)</p> |
| </li> |
| <li> |
| <p>[<a href="https://issues.apache.org/jira/browse/SHIRO-811">SHIRO-811</a>] - Convert |
| AuthorizationFilterTest to using Mockito</p> |
| </li> |
| <li> |
| <p>[<a href="https://issues.apache.org/jira/browse/SHIRO-836">SHIRO-836</a>] - Delete |
| jsecurty-sample.jks</p> |
| </li> |
| <li> |
| <p>[<a href="https://issues.apache.org/jira/browse/SHIRO-838">SHIRO-838</a>] - Create |
| SHA512-Hashes</p> |
| </li> |
| <li> |
| <p>[<a href="https://issues.apache.org/jira/browse/SHIRO-840">SHIRO-840</a>] - Java 17 |
| compatibility</p> |
| </li> |
| <li> |
| <p>[<a href="https://issues.apache.org/jira/browse/SHIRO-846">SHIRO-846</a>] - |
| Creation of site takes very long time</p> |
| </li> |
| <li> |
| <p>[<a href="https://issues.apache.org/jira/browse/SHIRO-848">SHIRO-848</a>] - |
| Relative Path in pom.xml is not needed</p> |
| </li> |
| <li> |
| <p>[<a href="https://issues.apache.org/jira/browse/SHIRO-850">SHIRO-850</a>] - The |
| profile name jdk19-plus is misleading</p> |
| </li> |
| <li> |
| <p>[<a href="https://issues.apache.org/jira/browse/SHIRO-851">SHIRO-851</a>] - |
| Handling properties for compile/enconding vs. default configurations of |
| plugins</p> |
| </li> |
| <li> |
| <p>[<a href="https://issues.apache.org/jira/browse/SHIRO-852">SHIRO-852</a>] - |
| Configuration for maven-release-plugin prepationGoal should be changed</p> |
| </li> |
| <li> |
| <p>[<a href="https://issues.apache.org/jira/browse/SHIRO-853">SHIRO-853</a>] - |
| Versions of maven-surefire/failsafe/report plugin are not in sync</p> |
| </li> |
| <li> |
| <p>[<a href="https://issues.apache.org/jira/browse/SHIRO-854">SHIRO-854</a>] - |
| Konfiguration includes/excludes maven-failsafe-plugin can be reduced to |
| default</p> |
| </li> |
| <li> |
| <p>[<a href="https://issues.apache.org/jira/browse/SHIRO-860">SHIRO-860</a>] - update |
| logback to 1.2.10</p> |
| </li> |
| <li> |
| <p>[<a href="https://issues.apache.org/jira/browse/SHIRO-862">SHIRO-862</a>] - Replace |
| Google Analytics with Matomo for new Javadocs</p> |
| </li> |
| <li> |
| <p>[<a href="https://issues.apache.org/jira/browse/SHIRO-871">SHIRO-871</a>] - |
| ActiveDirectoryRealm - append suffix only if missing from username</p> |
| </li> |
| <li> |
| <p>[<a href="https://issues.apache.org/jira/browse/SHIRO-872">SHIRO-872</a>] - fix |
| Reproducible Builds issues</p> |
| </li> |
| <li> |
| <p>[<a href="https://issues.apache.org/jira/browse/SHIRO-884">SHIRO-884</a>] - fix |
| source jar Reproducible Builds issue</p> |
| </li> |
| <li> |
| <p>[<a href="https://issues.apache.org/jira/browse/SHIRO-885">SHIRO-885</a>] - Use |
| OWASP Java Encoder with OSGi manifest</p> |
| </li> |
| <li> |
| <p>[<a href="https://issues.apache.org/jira/browse/SHIRO-889">SHIRO-889</a>] - Provide |
| Jakarta jar modules</p> |
| </li> |
| <li> |
| <p>[<a href="https://issues.apache.org/jira/browse/SHIRO-890">SHIRO-890</a>] - Avoid |
| another proxy creator when @EnableAspectJAutoProxy enabled</p> |
| </li> |
| <li> |
| <p>[<a href="https://issues.apache.org/jira/browse/SHIRO-900">SHIRO-900</a>] - |
| Refactor of root POM (and update groovy to apache)</p> |
| </li> |
| </ul> |
| </div> |
| </div> |
| <div class="sect2"> |
| <h3 id="tests">Tests</h3> |
| <div class="ulist"> |
| <ul> |
| <li> |
| <p>[<a href="https://issues.apache.org/jira/browse/SHIRO-776">SHIRO-776</a>] - JUnit |
| update to version 5</p> |
| </li> |
| <li> |
| <p>[<a href="https://issues.apache.org/jira/browse/SHIRO-777">SHIRO-777</a>] - Remove |
| PowerMock and update the enforcer exclusion list</p> |
| </li> |
| </ul> |
| </div> |
| </div> |
| <div class="sect2"> |
| <h3 id="wishe">Wishe</h3> |
| <div class="ulist"> |
| <ul> |
| <li> |
| <p>[<a href="https://issues.apache.org/jira/browse/SHIRO-780">SHIRO-780</a>] - NOTICE |
| files of shiro components don&#8217;t match NOTICE in source code repository</p> |
| </li> |
| </ul> |
| </div> |
| </div> |
| <div class="sect2"> |
| <h3 id="tasks">Tasks</h3> |
| <div class="ulist"> |
| <ul> |
| <li> |
| <p>[<a href="https://issues.apache.org/jira/browse/SHIRO-39">SHIRO-39</a>] - JEE |
| integration</p> |
| </li> |
| <li> |
| <p>[<a href="https://issues.apache.org/jira/browse/SHIRO-573">SHIRO-573</a>] - Remove |
| shiro-cas from master (2.0)</p> |
| </li> |
| <li> |
| <p>[<a href="https://issues.apache.org/jira/browse/SHIRO-768">SHIRO-768</a>] - Remove |
| the shiro-all module</p> |
| </li> |
| <li> |
| <p>[<a href="https://issues.apache.org/jira/browse/SHIRO-793">SHIRO-793</a>] - |
| deleteMe cookie should use the defined "sameSite"</p> |
| </li> |
| <li> |
| <p>[<a href="https://issues.apache.org/jira/browse/SHIRO-805">SHIRO-805</a>] - |
| Spelling</p> |
| </li> |
| <li> |
| <p>[<a href="https://issues.apache.org/jira/browse/SHIRO-841">SHIRO-841</a>] - |
| NullPointerException from SessionsSecurityManager.start()</p> |
| </li> |
| <li> |
| <p>[<a href="https://issues.apache.org/jira/browse/SHIRO-849">SHIRO-849</a>] - Add |
| support for JCache</p> |
| </li> |
| <li> |
| <p>[<a href="https://issues.apache.org/jira/browse/SHIRO-904">SHIRO-904</a>] - Make |
| JDK 11 base compatibility in Shiro 2.0</p> |
| </li> |
| </ul> |
| </div> |
| </div> |
| <div class="sect2"> |
| <h3 id="dependency_upgrades">Dependency upgrades</h3> |
| <div class="ulist"> |
| <ul> |
| <li> |
| <p>[<a href="https://issues.apache.org/jira/browse/SHIRO-765">SHIRO-765</a>] - Upgrade |
| to Apache Pom Parent 23</p> |
| </li> |
| <li> |
| <p>[<a href="https://issues.apache.org/jira/browse/SHIRO-785">SHIRO-785</a>] - Upgrade |
| to maven-bundle-plugin 5.1.1</p> |
| </li> |
| <li> |
| <p>[<a href="https://issues.apache.org/jira/browse/SHIRO-786">SHIRO-786</a>] - Upgrade |
| to Spring 5.2.8.RELEASE and Spring boot 2.3.2.RELEASE</p> |
| </li> |
| <li> |
| <p>[<a href="https://issues.apache.org/jira/browse/SHIRO-828">SHIRO-828</a>] - |
| aspectj-maven-plugin 1.14.0</p> |
| </li> |
| <li> |
| <p>[<a href="https://issues.apache.org/jira/browse/SHIRO-842">SHIRO-842</a>] - |
| shiro-web depends on older log4j</p> |
| </li> |
| <li> |
| <p>[<a href="https://issues.apache.org/jira/browse/SHIRO-878">SHIRO-878</a>] - Update |
| Spring Dependencies to 5.2.20</p> |
| </li> |
| <li> |
| <p>[<a href="https://issues.apache.org/jira/browse/SHIRO-882">SHIRO-882</a>] - Upgrade |
| to apache pom parent 26</p> |
| </li> |
| <li> |
| <p>[<a href="https://issues.apache.org/jira/browse/SHIRO-886">SHIRO-886</a>] - Upgrade |
| to commons configuration 2.8.0</p> |
| </li> |
| </ul> |
| </div> |
| </div> |
| <div class="sect2"> |
| <h3 id="question">Question</h3> |
| <div class="ulist"> |
| <ul> |
| <li> |
| <p>[<a href="https://issues.apache.org/jira/browse/SHIRO-784">SHIRO-784</a>] - Error |
| creating bean with name |
| 'org.apache.shiro.spring.web.config.ShiroWebFilterConfiguration': |
| Unsatisfied dependency expressed through field 'filterMap';</p> |
| </li> |
| </ul> |
| </div> |
| </div> |
| <div class="sect2"> |
| <h3 id="dependency">Dependency</h3> |
| <div class="ulist"> |
| <ul> |
| <li> |
| <p>[<a href="https://issues.apache.org/jira/browse/SHIRO-881">SHIRO-881</a>] - pom.xml |
| in samples/web may lack dependency</p> |
| </li> |
| </ul> |
| </div> |
| </div> |
| </div> |
| </div> |
| <div class="sect1"> |
| <h2 id="download">Download</h2> |
| <div class="sectionbody"> |
| <div class="paragraph"> |
| <p>Download and verification instructions are available <a href="/download.html">on our download page</a>.</p> |
| </div> |
| </div> |
| </div> |
| <div class="sect1"> |
| <h2 id="documentation">Documentation</h2> |
| <div class="sectionbody"> |
| <div class="paragraph"> |
| <p>For more information on <a href="/documentation.html">Shiro, please read the documentation.</a></p> |
| </div> |
| <div class="paragraph"> |
| <p>Enjoy!</p> |
| </div> |
| <div class="paragraph"> |
| <p>The Apache Shiro Team</p> |
| </div> |
| </div> |
| </div> |
| </content> |
| </entry> |
| |
| <entry> |
| <title>1.11.0 available with fix CVE-2023-22602</title> |
| <link href="https://shiro.apache.org/blog/2023/01/13/apache-shiro-1110-released.html"/> |
| <id>https://shiro.apache.org/blog/2023/01/13/apache-shiro-1110-released.html</id> |
| <updated>2023-01-13T00:00:00Z</updated> |
| <author> |
| <name>Brian Demers</name> |
| </author> |
| <content type="html"> |
| <div id="preamble"> |
| <div class="sectionbody"> |
| <div class="paragraph"> |
| <p>The Apache Shiro team is pleased to announce the release of Apache Shiro version 1.11.0. |
| This is a feature release for 1.x.</p> |
| </div> |
| <div class="paragraph"> |
| <p>This release solves 3 issues since the 1.11.0 release and is available for download now.</p> |
| </div> |
| </div> |
| </div> |
| <div class="sect1"> |
| <h2 id="all_changes">All changes</h2> |
| <div class="sectionbody"> |
| <div class="paragraph"> |
| <p>You can learn more on <a href="https://issues.apache.org/jira/projects/SHIRO/versions/12352377">Jira, Release 1.11.0</a>.</p> |
| </div> |
| <div class="paragraph"> |
| <p>This release includes classifiers for the Jakarta namespace.</p> |
| </div> |
| <div class="sect2"> |
| <h3 id="cve_2023_22602"><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22602">CVE-2023-22602</a></h3> |
| <div class="paragraph"> |
| <p>When using Apache Shiro before 1.11.0 together with Spring Boot 2.6+, a specially crafted HTTP request may cause an authentication bypass. |
| The authentication bypass occurs when Shiro and Spring Boot are using different pattern-matching techniques. Both Shiro and Spring Boot &lt; 2.6 default to Ant style pattern matching.</p> |
| </div> |
| <div class="paragraph"> |
| <p><strong>Mitigation:</strong> Update to Apache Shiro 1.11.0, or set the following Spring Boot configuration value:</p> |
| </div> |
| <div class="listingblock"> |
| <div class="content"> |
| <pre class="highlightjs highlight"><code class="language-properties hljs" data-lang="properties">spring.mvc.pathmatch.matching-strategy = ant_path_matcher</code></pre> |
| </div> |
| </div> |
| <div class="paragraph"> |
| <p><strong>Credit:</strong> |
| Apache Shiro would like to thank v3ged0ge and Adamytd for reporting this issue.</p> |
| </div> |
| </div> |
| <div class="sect2"> |
| <h3 id="bug">Bug</h3> |
| <div class="ulist"> |
| <ul> |
| <li> |
| <p>[<a href="https://issues.apache.org/jira/browse/SHIRO-903">SHIRO-903</a>] - Shiro must use ant pattern matching with Spring</p> |
| </li> |
| <li> |
| <p>[<a href="https://issues.apache.org/jira/browse/SHIRO-899">SHIRO-899</a>] - Jakarta 9+ fails with Shiro native sessions</p> |
| </li> |
| </ul> |
| </div> |
| </div> |
| <div class="sect2"> |
| <h3 id="improvement">Improvement</h3> |
| <div class="ulist"> |
| <ul> |
| <li> |
| <p>[<a href="https://issues.apache.org/jira/browse/SHIRO-889">SHIRO-889</a>] - Provide Jakarta jar modules</p> |
| </li> |
| </ul> |
| </div> |
| </div> |
| </div> |
| </div> |
| <div class="sect1"> |
| <h2 id="download">Download</h2> |
| <div class="sectionbody"> |
| <div class="paragraph"> |
| <p>Download and verification instructions are available <a href="/download.html">on our download page</a>.</p> |
| </div> |
| </div> |
| </div> |
| <div class="sect1"> |
| <h2 id="documentation">Documentation</h2> |
| <div class="sectionbody"> |
| <div class="paragraph"> |
| <p>For more information on <a href="/documentation.html">Shiro, please read the documentation.</a></p> |
| </div> |
| <div class="paragraph"> |
| <p>Enjoy!</p> |
| </div> |
| <div class="paragraph"> |
| <p>The Apache Shiro Team</p> |
| </div> |
| </div> |
| </div> |
| </content> |
| </entry> |
| |
| <entry> |
| <title>Apache Shiro 1.10.1 available</title> |
| <link href="https://shiro.apache.org/blog/2022/11/19/apache-shiro-1101-released.html"/> |
| <id>https://shiro.apache.org/blog/2022/11/19/apache-shiro-1101-released.html</id> |
| <updated>2022-11-19T00:00:00Z</updated> |
| <author> |
| <name>Benjamin Marwell</name> |
| </author> |
| <content type="html"> |
| <div id="preamble"> |
| <div class="sectionbody"> |
| <div class="paragraph"> |
| <p>The Apache Shiro team is pleased to announce the release of Apache Shiro version 1.10.1. |
| This is a feature release for 1.x.</p> |
| </div> |
| <div class="paragraph"> |
| <p>This release solves 5 issues since the 1.10.0 release and is available for download now.</p> |
| </div> |
| </div> |
| </div> |
| <div class="sect1"> |
| <h2 id="all_changes">All changes</h2> |
| <div class="sectionbody"> |
| <div class="paragraph"> |
| <p>You can learn more on <a href="https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12310950&amp;version=12352460">Jira, Release 1.10.1</a>.</p> |
| </div> |
| <div class="paragraph"> |
| <p>This release does not include classifiers for the Jakarta namespace, yet.</p> |
| </div> |
| <div class="sect2"> |
| <h3 id="bug">Bug</h3> |
| <div class="ulist"> |
| <ul> |
| <li> |
| <p>[<a href="https://issues.apache.org/jira/browse/SHIRO-892">SHIRO-892</a>] - No Guice binding for newly introduced ShiroFilterConfiguration</p> |
| </li> |
| <li> |
| <p>[<a href="https://issues.apache.org/jira/browse/SHIRO-893">SHIRO-893</a>] - NPE caused by lack of default ShiroFilterConfiguration</p> |
| </li> |
| </ul> |
| </div> |
| </div> |
| <div class="sect2"> |
| <h3 id="test">Test</h3> |
| <div class="ulist"> |
| <ul> |
| <li> |
| <p>[<a href="https://issues.apache.org/jira/browse/SHIRO-895">SHIRO-895</a>] - Work around Guice 4&#8217;s Java 17 compatibliity for Java 17-based tests</p> |
| </li> |
| </ul> |
| </div> |
| </div> |
| <div class="sect2"> |
| <h3 id="dependency_upgrade">Dependency upgrade</h3> |
| <div class="ulist"> |
| <ul> |
| <li> |
| <p>[<a href="https://issues.apache.org/jira/browse/SHIRO-894">SHIRO-894</a>] - EasyMock 5.0.1 for Java 17 compatibility</p> |
| </li> |
| <li> |
| <p>[<a href="https://issues.apache.org/jira/browse/SHIRO-896">SHIRO-896</a>] - HSQLDB 2.7.1</p> |
| </li> |
| </ul> |
| </div> |
| </div> |
| <div class="sect2"> |
| <h3 id="behavior_changes">Behavior Changes</h3> |
| <div class="paragraph"> |
| <p>As of 1.10.1, the Guice injection will be fixed as we introduced a regression with 1.10.0 when using Guice with <code>binder().requireExplicitBindings();</code>.</p> |
| </div> |
| </div> |
| </div> |
| </div> |
| <div class="sect1"> |
| <h2 id="download">Download</h2> |
| <div class="sectionbody"> |
| <div class="paragraph"> |
| <p>Download and verification instructions are available <a href="/download.html">on our download page</a>.</p> |
| </div> |
| </div> |
| </div> |
| <div class="sect1"> |
| <h2 id="documentation">Documentation</h2> |
| <div class="sectionbody"> |
| <div class="paragraph"> |
| <p>For more information on <a href="/documentation.html">Shiro, please read the documentation.</a></p> |
| </div> |
| <div class="paragraph"> |
| <p>Enjoy!</p> |
| </div> |
| <div class="paragraph"> |
| <p>The Apache Shiro Team</p> |
| </div> |
| </div> |
| </div> |
| </content> |
| </entry> |
| |
| <entry> |
| <title>1.10.0 available with fix CVE-2022-40664</title> |
| <link href="https://shiro.apache.org/blog/2022/10/10/apache-shiro-1100-released.html"/> |
| <id>https://shiro.apache.org/blog/2022/10/10/apache-shiro-1100-released.html</id> |
| <updated>2022-10-10T00:00:00Z</updated> |
| <author> |
| <name>Brian Demers</name> |
| </author> |
| <content type="html"> |
| <div id="preamble"> |
| <div class="sectionbody"> |
| <div class="paragraph"> |
| <p>The Shiro team is pleased to announce the release of Apache Shiro version 1.10.0. |
| This is a feature release for 1.x.</p> |
| </div> |
| <div class="paragraph"> |
| <p>This release solves 7 issues since the 1.9.1 release and is available for download now.</p> |
| </div> |
| </div> |
| </div> |
| <div class="sect1"> |
| <h2 id="all_changes">All changes</h2> |
| <div class="sectionbody"> |
| <div class="paragraph"> |
| <p>You can learn more on <a href="https://issues.apache.org/jira/projects/SHIRO/versions/12351946">Jira, Release 1.10.0</a>.</p> |
| </div> |
| <div class="sect2"> |
| <h3 id="cve_2022_40664">CVE-2022-40664</h3> |
| <div class="paragraph"> |
| <p>Apache Shiro before 1.10.0, Authentication Bypass Vulnerability in Shiro when forwarding or including via RequestDispatcher.</p> |
| </div> |
| <div class="paragraph"> |
| <p>Credit: |
| Apache Shiro would like to thank Y4tacker for reporting this issue.</p> |
| </div> |
| </div> |
| <div class="sect2"> |
| <h3 id="bug">Bug</h3> |
| <div class="ulist"> |
| <ul> |
| <li> |
| <p>[<a href="https://issues.apache.org/jira/browse/SHIRO-512">SHIRO-512</a>] - Race condition in Shiro&#8217;s web container session timeout handling</p> |
| </li> |
| <li> |
| <p>[<a href="https://issues.apache.org/jira/browse/SHIRO-887">SHIRO-887</a>] - FormAuthenticationFilter trims passwords which start and/or end with one or more space character(s)</p> |
| </li> |
| </ul> |
| </div> |
| </div> |
| <div class="sect2"> |
| <h3 id="improvement">Improvement</h3> |
| <div class="ulist"> |
| <ul> |
| <li> |
| <p>[<a href="https://issues.apache.org/jira/browse/SHIRO-891">SHIRO-891</a>] - fix source jar Reproducible Builds issue</p> |
| </li> |
| <li> |
| <p>[<a href="https://issues.apache.org/jira/browse/SHIRO-884">SHIRO-884</a>] - fix source jar Reproducible Builds issue</p> |
| </li> |
| <li> |
| <p>[<a href="https://issues.apache.org/jira/browse/SHIRO-885">SHIRO-885</a>] - Use OWASP Java Encoder with OSGi manifest</p> |
| </li> |
| <li> |
| <p>[<a href="https://issues.apache.org/jira/browse/SHIRO-890">SHIRO-890</a>] - Avoid another proxy creator when @EnableAspectJAutoProxy enabled</p> |
| </li> |
| <li> |
| <p>[<a href="https://issues.apache.org/jira/browse/SHIRO-891">SHIRO-891</a>] - Allow for direct configuration of ShiroFilter through WebEnvironment</p> |
| </li> |
| </ul> |
| </div> |
| </div> |
| <div class="sect2"> |
| <h3 id="dependency_upgrade">Dependency upgrade</h3> |
| <div class="ulist"> |
| <ul> |
| <li> |
| <p>Many dependency updates</p> |
| </li> |
| </ul> |
| </div> |
| </div> |
| <div class="sect2"> |
| <h3 id="behavior_changes">Behavior Changes</h3> |
| <div class="paragraph"> |
| <p>As of 1.10.0, Shiro may filter a request multiple times, e.g. when including or forwarding requests.</p> |
| </div> |
| <div class="paragraph"> |
| <p>This behavior can be reverted by setting the following property: <code>shiro.filterOncePerRequest=true</code></p> |
| </div> |
| </div> |
| </div> |
| </div> |
| <div class="sect1"> |
| <h2 id="download">Download</h2> |
| <div class="sectionbody"> |
| <div class="paragraph"> |
| <p>Download and verification instructions are available <a href="/download.html">on our download page</a>.</p> |
| </div> |
| </div> |
| </div> |
| <div class="sect1"> |
| <h2 id="documentation">Documentation</h2> |
| <div class="sectionbody"> |
| <div class="paragraph"> |
| <p>For more information on <a href="/documentation.html">Shiro, please read the documentation.</a></p> |
| </div> |
| <div class="paragraph"> |
| <p>Enjoy!</p> |
| </div> |
| <div class="paragraph"> |
| <p>The Apache Shiro Team</p> |
| </div> |
| </div> |
| </div> |
| </content> |
| </entry> |
| |
| <entry> |
| <title>Ongoing work on the Jakarta namespace transition</title> |
| <link href="https://shiro.apache.org/blog/2022/06/30/jakarta-work.html"/> |
| <id>https://shiro.apache.org/blog/2022/06/30/jakarta-work.html</id> |
| <updated>2022-06-30T00:00:00Z</updated> |
| <author> |
| <name>Richard Zowalla</name> |
| </author> |
| <content type="html"> |
| <div id="preamble"> |
| <div class="sectionbody"> |
| <div class="paragraph"> |
| <p>The Apache Shiro team is pleased to announce the ongoing work on the javax &#8594; jakarta namespace transition!</p> |
| </div> |
| <div class="paragraph"> |
| <p>We aim to provide first jakarta artifacts of Shiro with the release of <strong>1.10.0</strong> going the same route as other Apache projects by using relocations. The resulting jakarta artifacts are later distributed via Maven classifiers.</p> |
| </div> |
| </div> |
| </div> |
| <div class="sect1"> |
| <h2 id="feedback_appreciated">Feedback appreciated!</h2> |
| <div class="sectionbody"> |
| <div class="paragraph"> |
| <p>We need <strong>your</strong> help in testing our relocated artifacts. Feel free to try <a href="https://repository.apache.org/content/groups/snapshots/org/apache/shiro/">our nightly snapshots</a>, to <a href="/issues.html">open an issue</a>, or to write us a message to the <a href="/mailing-lists.html">developer&#8217;s mailing list</a>!</p> |
| </div> |
| </div> |
| </div> |
| </content> |
| </entry> |
| |
| <entry> |
| <title>1.9.1 available with fix CVE-2022-32532</title> |
| <link href="https://shiro.apache.org/blog/2022/06/28/apache-shiro-191-released.html"/> |
| <id>https://shiro.apache.org/blog/2022/06/28/apache-shiro-191-released.html</id> |
| <updated>2022-06-28T00:00:00Z</updated> |
| <author> |
| <name>Brian Demers</name> |
| </author> |
| <content type="html"> |
| <div id="preamble"> |
| <div class="sectionbody"> |
| <div class="paragraph"> |
| <p>The Shiro team is pleased to announce the release of Apache Shiro version 1.9.1. |
| This is a feature release for 1.x.</p> |
| </div> |
| <div class="paragraph"> |
| <p>This release solves 6 issues since the 1.9.1 release and is available for download now.</p> |
| </div> |
| </div> |
| </div> |
| <div class="sect1"> |
| <h2 id="all_changes">All changes</h2> |
| <div class="sectionbody"> |
| <div class="paragraph"> |
| <p>You can learn more on <a href="https://issues.apache.org/jira/projects/SHIRO/versions/12351487">Jira, Release 1.9.1</a>.</p> |
| </div> |
| <div class="sect2"> |
| <h3 id="cve_2022_32532">CVE-2022-32532</h3> |
| <div class="paragraph"> |
| <p>Apache Shiro before 1.9.1, A RegexRequestMatcher can be misconfigured to be bypassed on some servlet containers. Applications using RegExPatternMatcher with <code>.</code> in the regular expression are possibly vulnerable to an authorization bypass.</p> |
| </div> |
| <div class="paragraph"> |
| <p>Credit: |
| Apache Shiro would like the thank 4ra1n for reporting this issue.</p> |
| </div> |
| </div> |
| <div class="sect2"> |
| <h3 id="bug">Bug</h3> |
| <div class="ulist"> |
| <ul> |
| <li> |
| <p>[<a href="https://issues.apache.org/jira/browse/SHIRO-829">SHIRO-829</a>] - |
| beanPostProcessor and FactoryBean cause aop to fail in the same |
| Configuration</p> |
| </li> |
| <li> |
| <p>[<a href="https://issues.apache.org/jira/browse/SHIRO-845">SHIRO-845</a>] - |
| Dependencies for test-jars missing</p> |
| </li> |
| </ul> |
| </div> |
| </div> |
| <div class="sect2"> |
| <h3 id="improvement">Improvement</h3> |
| <div class="ulist"> |
| <ul> |
| <li> |
| <p>[<a href="https://issues.apache.org/jira/browse/SHIRO-871">SHIRO-871</a>] - ActiveDirectoryRealm - append suffix only if missing from username</p> |
| </li> |
| <li> |
| <p>[<a href="https://issues.apache.org/jira/browse/SHIRO-872">SHIRO-872</a>] - fix Reproducible Builds issues</p> |
| </li> |
| <li> |
| <p>[<a href="https://issues.apache.org/jira/browse/SHIRO-883">SHIRO-883</a>] - Add support for case insensitive regex path matching</p> |
| </li> |
| </ul> |
| </div> |
| </div> |
| <div class="sect2"> |
| <h3 id="dependency_upgrade">Dependency upgrade</h3> |
| <div class="ulist"> |
| <ul> |
| <li> |
| <p>[<a href="https://issues.apache.org/jira/browse/SHIRO-878">SHIRO-878</a>] - Update Spring Dependencies to 5.2.20</p> |
| </li> |
| <li> |
| <p>[<a href="https://issues.apache.org/jira/browse/SHIRO-882">SHIRO-882</a>] - Upgrade to apache pom parent 26</p> |
| </li> |
| <li> |
| <p>[<a href="https://issues.apache.org/jira/browse/SHIRO-881">SHIRO-881</a>] - pom.xml in samples/web may lack dependency</p> |
| </li> |
| </ul> |
| </div> |
| </div> |
| </div> |
| </div> |
| <div class="sect1"> |
| <h2 id="download">Download</h2> |
| <div class="sectionbody"> |
| <div class="paragraph"> |
| <p>Download and verification instructions are available <a href="/download.html">on our download page</a>.</p> |
| </div> |
| </div> |
| </div> |
| <div class="sect1"> |
| <h2 id="documentation">Documentation</h2> |
| <div class="sectionbody"> |
| <div class="paragraph"> |
| <p>For more information on <a href="/documentation.html">Shiro, please read the documentation.</a></p> |
| </div> |
| <div class="paragraph"> |
| <p>Enjoy!</p> |
| </div> |
| <div class="paragraph"> |
| <p>The Apache Shiro Team</p> |
| </div> |
| </div> |
| </div> |
| </content> |
| </entry> |
| |
| <entry> |
| <title>Apache Shiro 1.9.0 Released</title> |
| <link href="https://shiro.apache.org/blog/2022/03/22/apache-shiro-190-released.html"/> |
| <id>https://shiro.apache.org/blog/2022/03/22/apache-shiro-190-released.html</id> |
| <updated>2022-03-22T21:39:37Z</updated> |
| <author> |
| <name>Benjamin Marwell</name> |
| </author> |
| <content type="html"> |
| <div id="preamble"> |
| <div class="sectionbody"> |
| <div class="paragraph"> |
| <p>The Shiro team is pleased to announce the release of Apache Shiro version 1.9.0. |
| This is a feature release for 1.x.</p> |
| </div> |
| <div class="paragraph"> |
| <p>This release solves 20 issues since the 1.8.0 release and is available for download now.</p> |
| </div> |
| </div> |
| </div> |
| <div class="sect1"> |
| <h2 id="breaking_changes">Breaking changes</h2> |
| <div class="sectionbody"> |
| <div class="ulist"> |
| <ul> |
| <li> |
| <p>We fixed [<a href="https://issues.apache.org/jira/browse/SHIRO-829">SHIRO-829</a>] by changing the class signature of the class <code>ShiroFilterFactoryBean</code>:</p> |
| <div class="listingblock"> |
| <div class="content"> |
| <pre class="highlightjs highlight"><code class="language-diff hljs" data-lang="diff">-public class ShiroFilterFactoryBean implements FactoryBean, BeanPostProcessor { |
| +public class ShiroFilterFactoryBean implements FactoryBean&lt;AbstractShiroFilter&gt;, BeanPostProcessor {</code></pre> |
| </div> |
| </div> |
| <div class="paragraph"> |
| <p>and the method signature of <code>public Class&lt;?&gt; getObjectType</code>:</p> |
| </div> |
| <div class="listingblock"> |
| <div class="content"> |
| <pre class="highlightjs highlight"><code class="language-diff hljs" data-lang="diff">- public Class getObjectType() { |
| - return SpringShiroFilter.class; |
| + public Class&lt;?&gt; getObjectType() { |
| + return AbstractShiroFilter.class;</code></pre> |
| </div> |
| </div> |
| </li> |
| </ul> |
| </div> |
| <div class="paragraph"> |
| <p>While we do not expect to break any builds or runtimes, these changes are (strictly speaking) breaking changes as they introduce Generics to this class.</p> |
| </div> |
| </div> |
| </div> |
| <div class="sect1"> |
| <h2 id="all_changes">All changes</h2> |
| <div class="sectionbody"> |
| <div class="paragraph"> |
| <p>You can learn more on <a href="https://issues.apache.org/jira/projects/SHIRO/versions/12350639">Jira, Release 1.9.0</a>.</p> |
| </div> |
| <div class="sect2"> |
| <h3 id="bug">Bug</h3> |
| <div class="ulist"> |
| <ul> |
| <li> |
| <p>[<a href="https://issues.apache.org/jira/browse/SHIRO-829">SHIRO-829</a>] - |
| beanPostProcessor and FactoryBean cause aop to fail in the same |
| Configuration</p> |
| </li> |
| <li> |
| <p>[<a href="https://issues.apache.org/jira/browse/SHIRO-845">SHIRO-845</a>] - |
| Dependencies for test-jars missing</p> |
| </li> |
| </ul> |
| </div> |
| </div> |
| <div class="sect2"> |
| <h3 id="improvement">Improvement</h3> |
| <div class="ulist"> |
| <ul> |
| <li> |
| <p>[<a href="https://issues.apache.org/jira/browse/SHIRO-804">SHIRO-804</a>] - Avoid |
| conflicts with spring boot aop</p> |
| </li> |
| <li> |
| <p>[<a href="https://issues.apache.org/jira/browse/SHIRO-836">SHIRO-836</a>] - Delete |
| jsecurty-sample.jks</p> |
| </li> |
| <li> |
| <p>[<a href="https://issues.apache.org/jira/browse/SHIRO-838">SHIRO-838</a>] - Create |
| SHA512-Hashes</p> |
| </li> |
| <li> |
| <p>[<a href="https://issues.apache.org/jira/browse/SHIRO-846">SHIRO-846</a>] - |
| Creation of site takes very long time</p> |
| </li> |
| <li> |
| <p>[<a href="https://issues.apache.org/jira/browse/SHIRO-848">SHIRO-848</a>] - |
| Relative Path in pom.xml is not needed</p> |
| </li> |
| <li> |
| <p>[<a href="https://issues.apache.org/jira/browse/SHIRO-850">SHIRO-850</a>] - The |
| profile name jdk19-plus is misleading</p> |
| </li> |
| <li> |
| <p>[<a href="https://issues.apache.org/jira/browse/SHIRO-851">SHIRO-851</a>] - |
| Handling properties for compile/enconding vs. default configurations of |
| plugins</p> |
| </li> |
| <li> |
| <p>[<a href="https://issues.apache.org/jira/browse/SHIRO-852">SHIRO-852</a>] - |
| Configuration for maven-release-plugin prepationGoal should be changed</p> |
| </li> |
| <li> |
| <p>[<a href="https://issues.apache.org/jira/browse/SHIRO-853">SHIRO-853</a>] - |
| Versions of maven-surefire/failsafe/report plugin are not in sync</p> |
| </li> |
| <li> |
| <p>[<a href="https://issues.apache.org/jira/browse/SHIRO-854">SHIRO-854</a>] - |
| Konfiguration includes/excludes maven-failsafe-plugin can be reduced to |
| default</p> |
| </li> |
| <li> |
| <p>[<a href="https://issues.apache.org/jira/browse/SHIRO-860">SHIRO-860</a>] - update |
| logback to 1.2.10</p> |
| </li> |
| <li> |
| <p>[<a href="https://issues.apache.org/jira/browse/SHIRO-862">SHIRO-862</a>] - Replace |
| Google Analytics with Matomo for new Javadocs</p> |
| </li> |
| </ul> |
| </div> |
| </div> |
| <div class="sect2"> |
| <h3 id="task">Task</h3> |
| <div class="ulist"> |
| <ul> |
| <li> |
| <p>[<a href="https://issues.apache.org/jira/browse/SHIRO-841">SHIRO-841</a>] - |
| NullPointerException from SessionsSecurityManager.start()</p> |
| </li> |
| <li> |
| <p>[<a href="https://issues.apache.org/jira/browse/SHIRO-867">SHIRO-867</a>] - Skip Deployment of integration-test and samples artifacts</p> |
| </li> |
| </ul> |
| </div> |
| </div> |
| <div class="sect2"> |
| <h3 id="dependency_upgrade">Dependency upgrade</h3> |
| <div class="ulist"> |
| <ul> |
| <li> |
| <p>[<a href="https://issues.apache.org/jira/browse/SHIRO-828">SHIRO-828</a>] - |
| aspectj-maven-plugin 1.14.0</p> |
| </li> |
| <li> |
| <p>[<a href="https://issues.apache.org/jira/browse/SHIRO-842">SHIRO-842</a>] - |
| shiro-web depends on older log4j</p> |
| </li> |
| <li> |
| <p>[<a href="https://issues.apache.org/jira/browse/SHIRO-843">SHIRO-843</a>] - Update |
| maven-project-info-reports</p> |
| </li> |
| <li> |
| <p>[<a href="https://issues.apache.org/jira/browse/SHIRO-844">SHIRO-844</a>] - Update |
| maven-javadoc-plugin to 3.3.1</p> |
| </li> |
| </ul> |
| </div> |
| </div> |
| </div> |
| </div> |
| <div class="sect1"> |
| <h2 id="download">Download</h2> |
| <div class="sectionbody"> |
| <div class="paragraph"> |
| <p>Download and verification instructions are available <a href="/download.html">on our download page</a>.</p> |
| </div> |
| </div> |
| </div> |
| <div class="sect1"> |
| <h2 id="documentation">Documentation</h2> |
| <div class="sectionbody"> |
| <div class="paragraph"> |
| <p>For more information on <a href="/documentation.html">Shiro, please read the documentation.</a></p> |
| </div> |
| <div class="paragraph"> |
| <p>Enjoy!</p> |
| </div> |
| <div class="paragraph"> |
| <p>The Apache Shiro Team</p> |
| </div> |
| </div> |
| </div> |
| </content> |
| </entry> |
| |
| <entry> |
| <title>The new Apache Shiro website is live!</title> |
| <link href="https://shiro.apache.org/blog/2022/02/09/new-shiro-website.html"/> |
| <id>https://shiro.apache.org/blog/2022/02/09/new-shiro-website.html</id> |
| <updated>2022-02-09T15:43:22Z</updated> |
| <author> |
| <name>Benjamin Marwell</name> |
| </author> |
| <content type="html"> |
| <div id="preamble"> |
| <div class="sectionbody"> |
| <div class="paragraph"> |
| <p>The Shiro team is pleased to announce the release of the new Apache Shiro website!</p> |
| </div> |
| </div> |
| </div> |
| <div class="sect1"> |
| <h2 id="new_technology_stack">New technology stack</h2> |
| <div class="sectionbody"> |
| <div class="paragraph"> |
| <p>The new website is built using <a href="https://jbake.org/">jbake</a> now. |
| Before that, we used <a href="https://github.com/lhazlewood/scms">SCMS</a> to build the site, which we did not maintain anymore. |
| Due to this change, the website can now be built using Apache Maven.</p> |
| </div> |
| <div class="paragraph"> |
| <p>The new website allows us to use variables more easily throughout the site and to use <a href="https://asciidoctor.org/">asciidoctor</a> everywhere.</p> |
| </div> |
| <div class="paragraph"> |
| <p>The new site also uses <a href="https://getbootstrap.com/">bootstrap 5</a> instead of bootstrap 3, which is much more mobile friendly and allows us to discard the jQuery library.</p> |
| </div> |
| </div> |
| </div> |
| <div class="sect1"> |
| <h2 id="screenshots">Screenshots</h2> |
| <div class="sectionbody"> |
| <div class="dlist"> |
| <dl> |
| <dt class="hdlist1">Desktop site</dt> |
| <dd> |
| <p><span class="image"><img src="2022-02-08T110829_screenshot.png" alt="Apache Shiro website since January 2022" width="480" height="240"></span></p> |
| </dd> |
| <dt class="hdlist1">Mobile site</dt> |
| <dd> |
| <p><span class="image"><img src="2022-02-08T111522_screenshot_mobile.png" alt="Apache Shiro mobile website" width="270" height="400"></span></p> |
| </dd> |
| </dl> |
| </div> |
| </div> |
| </div> |
| <div class="sect1"> |
| <h2 id="ongoing_restructuring">Ongoing restructuring</h2> |
| <div class="sectionbody"> |
| <div class="paragraph"> |
| <p>In the future, we might move some pages to a <a href="https://issues.apache.org/jira/browse/SHIRO-858"><code>/v1/&lt;category&gt;</code> subfolder</a>. |
| Of course the old URLs will be redirected.</p> |
| </div> |
| <div class="paragraph"> |
| <p>The feed is also not working yet and will be made available later this month.</p> |
| </div> |
| </div> |
| </div> |
| <div class="sect1"> |
| <h2 id="feedback_appreciated">Feedback appreciated!</h2> |
| <div class="sectionbody"> |
| <div class="paragraph"> |
| <p>If you have any suggestions regarding the site, feel free to <a href="/issues.html">open an issue</a> or write us a message to the <a href="/mailing-lists.html">developer&#8217;s mailing list</a>!</p> |
| </div> |
| </div> |
| </div> |
| </content> |
| </entry> |
| |
| <entry> |
| <title>Apache Shiro v1.8.0 released</title> |
| <link href="https://shiro.apache.org/blog/2021/v1.8.0.html"/> |
| <id>https://shiro.apache.org/blog/2021/v1.8.0.html</id> |
| <updated>2021-08-26T00:00:00Z</updated> |
| <author> |
| <name>Benjamin Marwell</name> |
| </author> |
| <content type="html"> |
| <div id="preamble"> |
| <div class="sectionbody"> |
| <div class="paragraph"> |
| <p>The Shiro team is pleased to announce the release of Apache Shiro version 1.8.0. This is a feature release for 1.x.</p> |
| </div> |
| </div> |
| </div> |
| <div class="sect1"> |
| <h2 id="changes_in_1_8_0">Changes in 1.8.0</h2> |
| <div class="sectionbody"> |
| <div class="paragraph"> |
| <p>This changelog is also available <a href="https://issues.apache.org/jira/secure/ReleaseNote.jspa?version=12350384&amp;projectId=12310950">on Jira</a>.</p> |
| </div> |
| <div class="sect2"> |
| <h3 id="bug">Bug</h3> |
| <div class="ulist"> |
| <ul> |
| <li> |
| <p>[<a href="https://issues.apache.org/jira/browse/SHIRO-678">SHIRO-678</a>] - Strings |
| garbled when POST without JSESSIONID cookie</p> |
| </li> |
| <li> |
| <p>[<a href="https://issues.apache.org/jira/browse/SHIRO-812">SHIRO-812</a>] - Key |
| value separator in config is broken with escape char</p> |
| </li> |
| <li> |
| <p>[<a href="https://issues.apache.org/jira/browse/SHIRO-825">SHIRO-825</a>] - |
| Trailing slash in URI results in "IllegalArgumentException: There is no |
| configured chain under the name/key"</p> |
| </li> |
| </ul> |
| </div> |
| </div> |
| <div class="sect2"> |
| <h3 id="improvement">Improvement</h3> |
| <div class="ulist"> |
| <ul> |
| <li> |
| <p>[<a href="https://issues.apache.org/jira/browse/SHIRO-216">SHIRO-216</a>] - Add |
| @Documented to Shiro authorization annotations</p> |
| </li> |
| </ul> |
| </div> |
| </div> |
| </div> |
| </div> |
| <div class="sect1"> |
| <h2 id="download">Download</h2> |
| <div class="sectionbody"> |
| <div class="paragraph"> |
| <p>Download and verification instructions are available <a href="/download.html">on our download page</a>.</p> |
| </div> |
| </div> |
| </div> |
| <div class="sect1"> |
| <h2 id="documentation">Documentation</h2> |
| <div class="sectionbody"> |
| <div class="paragraph"> |
| <p>For more information on <a href="/documentation.html">Shiro, please read the documentation</a>.</p> |
| </div> |
| <div class="paragraph"> |
| <p>Enjoy!</p> |
| </div> |
| <div class="paragraph"> |
| <p>The Apache Shiro Team</p> |
| </div> |
| </div> |
| </div> |
| </content> |
| </entry> |
| |
| |
| </feed> |