shiro-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bdem...@apache.org
Subject [shiro-site] 01/01: Add news snippet and security-report for Shiro 1.5.2
Date Wed, 25 Mar 2020 15:12:08 GMT
This is an automated email from the ASF dual-hosted git repository.

bdemers pushed a commit to branch news-1.5.2
in repository https://gitbox.apache.org/repos/asf/shiro-site.git

commit d165123587fe52f6898c58314626341d29412277
Author: Brian Demers <bdemers@apache.org>
AuthorDate: Wed Mar 25 11:11:18 2020 -0400

    Add news snippet and security-report for Shiro 1.5.2
---
 index.html          |  8 ++++----
 news.html           | 30 ++++++++++++++++++++++++++++++
 security-reports.md |  3 +++
 3 files changed, 37 insertions(+), 4 deletions(-)

diff --git a/index.html b/index.html
index 8383545..a92ce6c 100644
--- a/index.html
+++ b/index.html
@@ -25,6 +25,10 @@
 
                 <div class="panel-body">
                     <div>
+                        <a href="news.html">Release and CVE</a>
+                        <p><small>1.5.2 available with fix CVE-2020-1957 (2020-3-23)</small></p>
+                    </div>
+                    <div>
                         <a href="news.html">Release</a>
                         <p><small>1.5.1 available! (2020-2-23)</small></p>
                     </div>
@@ -36,10 +40,6 @@
                         <a href="news.html">Release and CVE</a>
                         <p><small>1.4.2 available with fix CVE-2019-12422 (2019-11-18)</small></p>
                     </div>
-                    <div>
-                        <a href="news.html">Release</a>
-                        <p><small>1.4.1 available! (2019-5-1)</small></p>
-                    </div>
                 </div>
             </div>
 
diff --git a/news.html b/news.html
index 7dde9ab..58c1296 100644
--- a/news.html
+++ b/news.html
@@ -14,6 +14,36 @@ For more information on Shiro, please read the documentation.</p>
 <div class="blog-post-listing">
 
     <div class="logo-heading-block">
+        <a class="blogHeading" id="1.5.2-released" href="#1.5.2-released">Apache Shiro
1.5.2 Released</a>
+    </div>
+
+    <div class="news-content">
+        <p>The Shiro team is pleased to announce the release of Apache Shiro version
1.5.2. This is a feature release for 1.x.</p>
+
+        <p>This release includes 3 issues resolved since the 1.5.1 release and is available
for Download now.</p>
+
+        <p>Of Note:
+        <ul>
+            <li>Fixes authentication bypass issue: <a href="security-reports.html">CVE-2020-1957</a></li>
+            <li>FirstSuccessfulStrategy will short circuit correctly now.</li>
+        </ul>
+
+        You can learn more on <a href="https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12310950&version=12346483"
target="_blank">Jira</a>
+        </p>
+
+        <p>Release binaries (.jars) are also available through Maven Central and source
bundles through Apache distribution mirrors.</p>
+
+        <p>For more information on <a href="documentation.html">Shiro, please
read the documentation.</a></p>
+
+        <p>Enjoy!</p>
+
+        <p>The Apache Shiro Team</p>
+    </div>
+</div>
+
+<div class="blog-post-listing">
+
+    <div class="logo-heading-block">
         <a class="blogHeading" id="1.5.1-released" href="#1.5.1-released">Apache Shiro
1.5.1 Released</a>
     </div>
 
diff --git a/security-reports.md b/security-reports.md
index 2b571c1..f039de7 100644
--- a/security-reports.md
+++ b/security-reports.md
@@ -25,6 +25,9 @@ A [more detailed description of the process](http://www.apache.org/security/comm
 Apache Shiro Vulnerability Reports
 ----------------------------------
 
+###[CVE-2020-1957](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1957)
+Apache Shiro before 1.5.2, when using Apache Shiro with Spring dynamic controllers, a specially
crafted request may cause an authentication bypass.
+
 ###[CVE-2019-12422](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12422)
 Apache Shiro before 1.4.2, when using the default "remember me" configuration, cookies could
be susceptible to a padding attack.
 


Mime
View raw message