UbuntuUpdates.org

Package "libshiro-java"

Name: libshiro-java

Description:

Apache Shiro - Java Security Framework

Latest version: 1.3.2-3~18.04.1
Release: bionic (18.04)
Level: security
Repository: universe
Head package: shiro
Homepage: http://shiro.apache.org

Links


Download "libshiro-java"


Other versions of "libshiro-java" in Bionic

Repository Area Version
base universe 1.3.2-2
updates universe 1.3.2-3~18.04.1

Changelog

Version: 1.3.2-3~18.04.1 2021-02-18 21:06:17 UTC

  shiro (1.3.2-3~18.04.1) bionic-security; urgency=medium

  * SECURITY UPDATE: Improper Authentication
    - debian/patches/CVE-2020-1957_11989.patch: Fix a path-traversal issue
      where a specially-crafted request could cause an authentication bypass.
    - CVE-2020-1957
    - CVE-2020-11989

 -- Paulo Flabiano Smorigo <email address hidden> Thu, 11 Feb 2021 12:59:56 +0000

Source diff to previous version
CVE-2020-1957 Apache Shiro before 1.5.2, when using Apache Shiro with Spring dynamic controllers, a specially crafted request may cause an authentication bypass.
CVE-2020-11989 Apache Shiro before 1.5.3, when using Apache Shiro with Spring dynamic controllers, a specially crafted request may cause an authentication bypass.

Version: 1.3.2-3~18.04 2019-04-16 18:07:13 UTC

  shiro (1.3.2-3~18.04) bionic; urgency=medium

  * Backport for OpenJDK 11. LP: #1814133.




About   -   Send Feedback to @ubuntu_updates