shiro 1.3.2-4ubuntu0.2 source package in Ubuntu
Changelog
shiro (1.3.2-4ubuntu0.2) focal-security; urgency=medium
* SECURITY UPDATE: improper authentication issue when receiving specially
crafted HTTP request
- debian/patches/CVE-2020-13933.patch: new global filter added to block
invalid requests.
- debian/patches/CVE-2020-17510_1_of_2.patch: enable normalization of
backslashes in invalid request filter.
- debian/patches/CVE-2020-17510_2_of_2.patch: disable session ID URL
rewriting by default.
- debian/patches/CVE-2020-1957_11989.patch: patch updated with additional
testing.
- debian/patches/05-guice-improvements.patch: support for Guice 4 added
with patch also acting as an additional commit for the above patches.
- CVE-2020-13933
- CVE-2020-17510
-- Evan Caville <email address hidden> Tue, 08 Aug 2023 12:30:46 +1000
Upload details
- Uploaded by:
- Evan Caville
- Uploaded to:
- Focal
- Original maintainer:
- Ubuntu Developers
- Architectures:
- all
- Section:
- java
- Urgency:
- Medium Urgency
See full publishing history Publishing
| Series | Published | Component | Section | |
|---|---|---|---|---|
| Focal | updates | universe | misc | |
| Focal | security | universe | misc |
Downloads
| File | Size | SHA-256 Checksum |
|---|---|---|
| shiro_1.3.2.orig.tar.xz | 467.7 KiB | ae9a3f73a64c05148de9a6c3c09852d3909add94776d47032ec8ff8befed8c5e |
| shiro_1.3.2-4ubuntu0.2.debian.tar.xz | 20.1 KiB | edc699967c756e2f36ad08b30a5bdb1e17642e69ecc014f8f96425e3189df838 |
| shiro_1.3.2-4ubuntu0.2.dsc | 2.3 KiB | 78a5d1beabc6a456eb810eb501bb2cc41ad99ec4197ef58ec5e176bf2bd1a717 |
Available diffs
Binary packages built by this source
- libshiro-java: Apache Shiro - Java Security Framework
Apache Shiro is a powerful and flexible open-source security framework
that cleanly handles authentication, authorization, enterprise session
management, single sign-on and cryptography services.
