Title: Bump org.apache.shiro:shiro-core from 1.2.4 to 2.1.0 by dependabot[bot] · Pull Request #8 · vulnerable-code/java-sec-code · GitHub
Open Graph Title: Bump org.apache.shiro:shiro-core from 1.2.4 to 2.1.0 by dependabot[bot] · Pull Request #8 · vulnerable-code/java-sec-code
X Title: Bump org.apache.shiro:shiro-core from 1.2.4 to 2.1.0 by dependabot[bot] · Pull Request #8 · vulnerable-code/java-sec-code
Description: Bumps org.apache.shiro:shiro-core from 1.2.4 to 2.1.0.
Release notes
Sourced from org.apache.shiro:shiro-core's releases.
Apache Shiro 2.1.0
What's Changed
chore(deps): bump org.htmlunit:htmlunit from 4.17.0 to 4.18.0 by @dependabot[bot] in apache/shiro#2355
chore: hide deprecation warning in AD test by @lprimak in apache/shiro#2352
chore(deps): bump github/codeql-action from 4.31.0 to 4.31.2 in the github-dependencies group by @dependabot[bot] in apache/shiro#2353
chore(deps): bump bytebuddy.version from 1.17.8 to 1.18.1 by @dependabot[bot] in apache/shiro#2369
chore(deps): bump org.owasp:dependency-check-maven from 12.1.8 to 12.1.9 by @dependabot[bot] in apache/shiro#2367
chore(deps): bump org.omnifaces:omnifaces from 3.14.11 to 3.14.12 by @dependabot[bot] in apache/shiro#2364
#953 - Allow CORS preflight requests to bypass authentication by @celikfatih in apache/shiro#2372
chore: put back changes that were overwritten by maven release plugin by @lprimak in apache/shiro#2375
chore(deps): bump bytebuddy.version from 1.18.1 to 1.18.2 by @dependabot[bot] in apache/shiro#2389
chore(deps): bump org.quartz-scheduler:quartz from 2.5.1 to 2.5.2 by @dependabot[bot] in apache/shiro#2387
chore(deps): bump org.codehaus.mojo:taglist-maven-plugin from 3.2.1 to 3.2.2 by @dependabot[bot] in apache/shiro#2380
chore(deps): bump org.codehaus.mojo:versions-maven-plugin from 2.19.1 to 2.20.1 by @dependabot[bot] in apache/shiro#2379
chore(deps): bump org.htmlunit:htmlunit from 4.18.0 to 4.19.0 by @dependabot[bot] in apache/shiro#2377
chore(deps): bump org.owasp.encoder:encoder from 1.3.1 to 1.4.0 by @dependabot[bot] in apache/shiro#2374
chore(deps): bump the github-dependencies group with 2 updates by @dependabot[bot] in apache/shiro#2373
Configure EditorConfig for .rdf by @jbampton in apache/shiro#2386
Remove type attributes from HTML script tags by @jbampton in apache/shiro#2382
pre-commit: add 3 more hooks; fix end of files by @jbampton in apache/shiro#2360
Pin all actions workflows by @jbampton in apache/shiro#2385
Add pre-commit hook to trim trailing whitespace by @jbampton in apache/shiro#2406
gha: use pre-commit run --color=always by @jbampton in apache/shiro#2407
chore: pin python and it's depenendencies for pre-commit check on GitHub by @lprimak in apache/shiro#2408
chore: pin python pre-commit workflow dependency with hash by @lprimak in apache/shiro#2410
Add descriptions to all pre-commit hooks by @jbampton in apache/shiro#2409
chore: fix vulnerabilities in tests reported by OpenSSF tool by @lprimak in apache/shiro#2411
chore(deps): bump org.htmlunit:htmlunit from 4.19.0 to 4.20.0 by @dependabot[bot] in apache/shiro#2415
chore(deps): bump the github-dependencies group with 5 updates by @dependabot[bot] in apache/shiro#2414
chore(deps): bump mockito.version from 5.20.0 to 5.21.0 by @dependabot[bot] in apache/shiro#2420
chore(deps): bump ch.qos.logback:logback-core from 1.5.21 to 1.5.22 by @dependabot[bot] in apache/shiro#2419
chore(deps): bump ch.qos.logback:logback-classic from 1.5.21 to 1.5.22 by @dependabot[bot] in apache/shiro#2417
chore(deps): bump the github-dependencies group with 3 updates by @dependabot[bot] in apache/shiro#2418
chore(security): update log4-core by @lprimak in apache/shiro#2430
chore(deps): bump org.codehaus.mojo:exec-maven-plugin from 3.6.2 to 3.6.3 by @dependabot[bot] in apache/shiro#2429
chore(deps): bump ch.qos.logback:logback-core from 1.5.22 to 1.5.23 by @dependabot[bot] in apache/shiro#2427
chore(deps): bump com.github.siom79.japicmp:japicmp-maven-plugin from 0.24.2 to 0.25.1 by @dependabot[bot] in apache/shiro#2428
chore(deps): bump github/codeql-action from 4.31.8 to 4.31.9 in the github-dependencies group by @dependabot[bot] in apache/shiro#2424
chore(deps): bump ch.qos.logback:logback-classic from 1.5.22 to 1.5.23 by @dependabot[bot] in apache/shiro#2426
chore(deps): bump bytebuddy.version from 1.18.2 to 1.18.3 by @dependabot[bot] in apache/shiro#2425
chore(deps): bump org.htmlunit:htmlunit from 4.20.0 to 4.21.0 by @dependabot[bot] in apache/shiro#2431
chore(deps): bump ch.qos.logback:logback-classic from 1.5.23 to 1.5.24 by @dependabot[bot] in apache/shiro#2455
chore(deps): bump org.owasp:dependency-check-maven from 12.1.9 to 12.2.0 by @dependabot[bot] in apache/shiro#2454
chore(deps): bump com.github.siom79.japicmp:japicmp-maven-plugin from 0.25.1 to 0.25.4 by @dependabot[bot] in apache/shiro#2453
chore(deps): bump ch.qos.logback:logback-core from 1.5.23 to 1.5.24 by @dependabot[bot] in apache/shiro#2452
chore(deps): bump javax.enterprise:cdi-api from 2.0 to 2.0.SP1 by @dependabot[bot] in apache/shiro#2451
chore(deps): bump org.jsoup:jsoup from 1.21.2 to 1.22.1 by @dependabot[bot] in apache/shiro#2442
chore(deps): bump github/codeql-action from 4.31.9 to 4.31.10 in the github-dependencies group by @dependabot[bot] in apache/shiro#2449
#2460 bugfix: avoid duplicate proxying of StoppingAwareProxiedSession by @lprimak in apache/shiro#2459
#2458 Deploy next snapshot version as computed dynamically from latest release by @lprimak in apache/shiro#2456
... (truncated)
Changelog
Sourced from org.apache.shiro:shiro-core's changelog.
Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
distributed with this work for additional information
regarding copyright ownership. The ASF licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
This is not an official release notes document. It exists for Shiro developers
to jot down their notes while working in the source code. These notes will be
combined with Jira’s auto-generated release notes during a release for the
total set.
###########################################################
2.0.0
###########################################################
Improvement
[SHIRO-290] Implement bcrypt and argon2 KDF algorithms
Backwards Incompatible Changes
Changed default DefaultPasswordService.java algorithm to "Argon2id".
PasswordService.encryptPassword(Object plaintext) will now throw a NullPointerException on null parameter.
It was never specified how this method would behave.
Made salt non-nullable.
Removed methods in PasswordMatcher.
###########################################################
1.7.1
###########################################################
Bug
[SHIRO-797] - Shiro 1.7.0 is lower than using springboot version 2.0.7 dependency error
###########################################################
... (truncated)
Commits
2b873bc [maven-release-plugin] prepare release shiro-root-2.1.0
8dc0d81 [dependency] Upgrade to Apache POM 37
3b9638b enh: added case-insensitive path filtering
f27f46e Update pre-commit workflow set --show-diff-on-failure (#2487)
87d29df chore: Eclipse IDE ignores for license checks (#2484)
2dfa579 Run pre-commit autoupdate to update the hooks (#2486)
9266bfa Merge pull request #2475 from lprimak/fix-private-salt-compat
e9e5e3f Merge pull request #1026 from haster/change-pathtraversal-blockmode
4bf410c enh: added test for secret salt with Shiro1 compatibility
84b2fdb Merge branch 'main' into fix-private-salt-compat
Additional commits viewable in compare view
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot show
Open Graph Description: Bumps org.apache.shiro:shiro-core from 1.2.4 to 2.1.0. Release notes Sourced from org.apache.shiro:shiro-core's releases. Apache Shiro 2.1.0 What's Changed chore(deps): bump org.htmlunit...
X Description: Bumps org.apache.shiro:shiro-core from 1.2.4 to 2.1.0. Release notes Sourced from org.apache.shiro:shiro-core's releases. Apache Shiro 2.1.0 What's Changed chore(deps): bump org....
Opengraph URL: https://github.com/vulnerable-code/java-sec-code/pull/8
X: @github
Domain: github.com
| route-pattern | /:user_id/:repository/pull/:id/files(.:format) |
| route-controller | pull_requests |
| route-action | files |
| fetch-nonce | v2:9bc6a611-3a84-028a-4bf6-2300fa6581ef |
| current-catalog-service-hash | ae870bc5e265a340912cde392f23dad3671a0a881730ffdadd82f2f57d81641b |
| request-id | EBBC:22AA41:1446C43:1D92C97:6A54C8E1 |
| html-safe-nonce | 8d5849732bc8547f67d77146f6f2a8d27d42768dc6b7a405ff64628d21fd48a8 |
| visitor-payload | eyJyZWZlcnJlciI6IiIsInJlcXVlc3RfaWQiOiJFQkJDOjIyQUE0MToxNDQ2QzQzOjFEOTJDOTc6NkE1NEM4RTEiLCJ2aXNpdG9yX2lkIjoiMzI1NDg1ODM3NDgzNjQzOTI2NSIsInJlZ2lvbl9lZGdlIjoiaWFkIiwicmVnaW9uX3JlbmRlciI6ImlhZCJ9 |
| visitor-hmac | 225c14c367d2bdcd61b875b2e26196a35f95158f8e29f1165bb46abd8338a055 |
| hovercard-subject-tag | pull_request:3267546854 |
| github-keyboard-shortcuts | repository,pull-request-list,pull-request-conversation,pull-request-files-changed,copilot |
| google-site-verification | Apib7-x98H0j5cPqHWwSMm6dNU4GmODRoqxLiDzdx9I |
| octolytics-url | https://collector.github.com/github/collect |
| analytics-location | / |
| fb:app_id | 1401488693436528 |
| apple-itunes-app | app-id=1477376905, app-argument=https://github.com/vulnerable-code/java-sec-code/pull/8/files |
| twitter:image | https://avatars.githubusercontent.com/in/29110?s=400&v=4 |
| twitter:card | summary_large_image |
| og:image | https://avatars.githubusercontent.com/in/29110?s=400&v=4 |
| og:image:alt | Bumps org.apache.shiro:shiro-core from 1.2.4 to 2.1.0. Release notes Sourced from org.apache.shiro:shiro-core's releases. Apache Shiro 2.1.0 What's Changed chore(deps): bump org.htmlunit... |
| og:site_name | GitHub |
| og:type | object |
| hostname | github.com |
| expected-hostname | github.com |
| None | 6e5f2e6ff3f430aa60a674066f957bca9f2106017e1b68126417422b58ce6e1e |
| turbo-cache-control | no-preview |
| diff-view | unified |
| go-import | github.com/vulnerable-code/java-sec-code git https://github.com/vulnerable-code/java-sec-code.git |
| octolytics-dimension-user_id | 150022265 |
| octolytics-dimension-user_login | vulnerable-code |
| octolytics-dimension-repository_id | 715047833 |
| octolytics-dimension-repository_nwo | vulnerable-code/java-sec-code |
| octolytics-dimension-repository_public | true |
| octolytics-dimension-repository_is_fork | true |
| octolytics-dimension-repository_parent_id | 115394871 |
| octolytics-dimension-repository_parent_nwo | JoyChou93/java-sec-code |
| octolytics-dimension-repository_network_root_id | 115394871 |
| octolytics-dimension-repository_network_root_nwo | JoyChou93/java-sec-code |
| turbo-body-classes | logged-out env-production page-responsive |
| disable-turbo | true |
| browser-stats-url | https://api.github.com/_private/browser/stats |
| browser-errors-url | https://api.github.com/_private/browser/errors |
| release | be4d48619391052c9d312c7b587bb2ac38a97f57 |
| ui-target | full |
| theme-color | #1e2327 |
| color-scheme | light dark |
Links:
Viewport: width=device-width