Information on source package shiro

Available versions

ReleaseVersion
jessie1.2.3-1+deb8u1
stretch1.3.2-1
stretch (security)1.3.2-1+deb9u2
buster1.3.2-4+deb10u1
bullseye1.3.2-4+deb11u1
bookworm1.3.2-5
sid1.3.2-5

Open issues

BugjessiestretchbusterbullseyebookwormsidDescription
CVE-2021-41303vulnerablevulnerable (no DSA)vulnerable (no DSA)vulnerable (no DSA)vulnerablevulnerableApache Shiro before 1.8.0, when using Apache Shiro with Spring Boot, a ...
CVE-2020-17523vulnerablefixedfixedfixedfixedfixedApache Shiro before 1.7.1, when using Apache Shiro with Spring, a spec ...
CVE-2020-17510vulnerablefixedfixedfixedfixedfixedApache Shiro before 1.7.0, when using Apache Shiro with Spring, a spec ...
CVE-2020-13933vulnerablefixedfixedfixedfixedfixedApache Shiro before 1.6.0, when using Apache Shiro, a specially crafte ...
CVE-2020-11989vulnerablefixedfixedfixedfixedfixedApache Shiro before 1.5.3, when using Apache Shiro with Spring dynamic ...
CVE-2019-12422vulnerable (no DSA)vulnerable (no DSA)vulnerable (no DSA)vulnerable (no DSA)vulnerablevulnerableApache Shiro before 1.4.2, when using the default "remember me" config ...
CVE-2016-6802vulnerable (no DSA)fixedfixedfixedfixedfixedApache Shiro before 1.3.2 allows attackers to bypass intended servlet ...
CVE-2016-4437vulnerable (no DSA)fixedfixedfixedfixedfixedApache Shiro before 1.2.5, when a cipher key has not been configured f ...

Resolved issues

BugDescription
CVE-2020-1957Apache Shiro before 1.5.2, when using Apache Shiro with Spring dynamic ...
CVE-2014-0074Apache Shiro 1.x before 1.2.3, when using an LDAP server with unauthen ...
CVE-2010-3863Apache Shiro before 1.1.0, and JSecurity 0.9.x, does not canonicalize ...

Security announcements

DSA / DLADescription
DLA-2726-1shiro - security update
DLA-2273-1shiro - security update
DLA-2181-1shiro - security update

Search for package or bug name: Reporting problems