shiro-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bdem...@apache.org
Subject svn commit: r1875667 - in /shiro/site/publish: index.html news.html security-reports.html
Date Wed, 25 Mar 2020 19:41:13 GMT
Author: bdemers
Date: Wed Mar 25 19:41:13 2020
New Revision: 1875667

URL: http://svn.apache.org/viewvc?rev=1875667&view=rev
Log:
adding shiro 1.5.2 release to site

Modified:
    shiro/site/publish/index.html
    shiro/site/publish/news.html
    shiro/site/publish/security-reports.html

Modified: shiro/site/publish/index.html
URL: http://svn.apache.org/viewvc/shiro/site/publish/index.html?rev=1875667&r1=1875666&r2=1875667&view=diff
==============================================================================
--- shiro/site/publish/index.html (original)
+++ shiro/site/publish/index.html Wed Mar 25 19:41:13 2020
@@ -249,6 +249,10 @@
 
                 <div class="panel-body">
                     <div>
+                        <a href="news.html">Release and CVE</a>
+                        <p><small>1.5.2 available with fix CVE-2020-1957 (2020-3-23)</small></p>
+                    </div>
+                    <div>
                         <a href="news.html">Release</a>
                         <p><small>1.5.1 available! (2020-2-23)</small></p>
                     </div>
@@ -260,10 +264,6 @@
                         <a href="news.html">Release and CVE</a>
                         <p><small>1.4.2 available with fix CVE-2019-12422 (2019-11-18)</small></p>
                     </div>
-                    <div>
-                        <a href="news.html">Release</a>
-                        <p><small>1.4.1 available! (2019-5-1)</small></p>
-                    </div>
                 </div>
             </div>
 

Modified: shiro/site/publish/news.html
URL: http://svn.apache.org/viewvc/shiro/site/publish/news.html?rev=1875667&r1=1875666&r2=1875667&view=diff
==============================================================================
--- shiro/site/publish/news.html (original)
+++ shiro/site/publish/news.html Wed Mar 25 19:41:13 2020
@@ -238,6 +238,36 @@ For more information on Shiro, please re
 <div class="blog-post-listing">
 
     <div class="logo-heading-block">
+        <a class="blogHeading" id="1.5.2-released" href="#1.5.2-released">Apache Shiro
1.5.2 Released</a>
+    </div>
+
+    <div class="news-content">
+        <p>The Shiro team is pleased to announce the release of Apache Shiro version
1.5.2. This is a feature release for 1.x.</p>
+
+        <p>This release includes 3 issues resolved since the 1.5.1 release and is available
for Download now.</p>
+
+        <p>Of Note:
+        <ul>
+            <li>Fixes authentication bypass issue: <a href="security-reports.html">CVE-2020-1957</a></li>
+            <li>FirstSuccessfulStrategy will short circuit correctly now.</li>
+        </ul>
+
+        You can learn more on <a href="https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12310950&version=12346483"
target="_blank">Jira</a>
+        </p>
+
+        <p>Release binaries (.jars) are also available through Maven Central and source
bundles through Apache distribution mirrors.</p>
+
+        <p>For more information on <a href="documentation.html">Shiro, please
read the documentation.</a></p>
+
+        <p>Enjoy!</p>
+
+        <p>The Apache Shiro Team</p>
+    </div>
+</div>
+
+<div class="blog-post-listing">
+
+    <div class="logo-heading-block">
         <a class="blogHeading" id="1.5.1-released" href="#1.5.1-released">Apache Shiro
1.5.1 Released</a>
     </div>
 

Modified: shiro/site/publish/security-reports.html
URL: http://svn.apache.org/viewvc/shiro/site/publish/security-reports.html?rev=1875667&r1=1875666&r2=1875667&view=diff
==============================================================================
--- shiro/site/publish/security-reports.html (original)
+++ shiro/site/publish/security-reports.html Wed Mar 25 19:41:13 2020
@@ -236,6 +236,8 @@
 </ul>
 <p>A <a href="http://www.apache.org/security/committers.html">more detailed description
of the process</a> has been written for committers. Reporters of security vulnerabilities
may also find it useful.</p>
 <h2><a href="#apache-shiro-vulnerability-reports" name="apache-shiro-vulnerability-reports">Apache
Shiro Vulnerability Reports</a></h2>
+<h3><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1957">CVE-2020-1957</a></h3>
+<p>Apache Shiro before 1.5.2, when using Apache Shiro with Spring dynamic controllers,
a specially crafted request may cause an authentication bypass.</p>
 <h3><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12422">CVE-2019-12422</a></h3>
 <p>Apache Shiro before 1.4.2, when using the default &ldquo;remember me&rdquo;
configuration, cookies could be susceptible to a padding attack.</p>
 <h3><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6802">CVE-2016-6802</a></h3>



Mime
View raw message