All Versions
Latest Version
Avg Release Cycle
79 days
Latest Release

Changelog History
Page 1

  • v1.5.3

    April 26, 2020

    ๐Ÿ› Bug

    [SHIRO-530] - INI parser does not properly handled backslashes at end of values
    [SHIRO-751] - SimplePrincipalMap and SimplePrincipalCollection throw different exceptions for the same problem
    [SHIRO-753] - Regression in URI parsing in Shiro 1.5.2

    โฌ†๏ธ Dependency upgrade

    [SHIRO-754] - Upgrade to Apache Commons Codec 1.14
    [SHIRO-755] - Upgrade to Hazelcast 3.12.6
    [SHIRO-756] - Upgrade to Spring 5.2.5.RELEASE and Spring boot 2.2.6.RELEASE
    [SHIRO-757] - Upgrade to Htmlunit 2.39.0
    [SHIRO-758] - Upgrade to Jetty 9.4.27.v20200227
    [SHIRO-759] - Upgrade to Karaf 4.2.8
  • v1.5.3-release

    April 26, 2020
  • v1.5.2

    March 23, 2020

    ๐Ÿ› Bug

    [SHIRO-747] - FirstSuccessfulStrategy doesn't properly short circuit
    [SHIRO-749] - shiro-all jar is missing cache package

    ๐Ÿ‘Œ Improvement

    [SHIRO-748] - Update Commons Configuration to 2.7
  • v1.5.2-release

    March 18, 2020
  • v1.5.1

    February 17, 2020

    ๐Ÿ› Bug

    [SHIRO-736] - DefaultCipherInstance is an alias which is not available in every JVM or JCA Provider
    [SHIRO-739] - Bean reflection property failed with Enum values
    [SHIRO-741] - Matching of / (root) is broken
    [SHIRO-742] - fix throw exception when request uri is /

    โฌ†๏ธ Dependency upgrade

    [SHIRO-738] - Upgrade to Spring 5.2.3.RELEASE and Spring boot 2.2.4.RELEASE
  • v1.5.1-release

    February 17, 2020


  • v1.5.0

    January 21, 2020

    ๐Ÿš€ Notes: this release require a JRE 8 minimum.

    ๐Ÿ› Bug

    [SHIRO-458] - Possible leaked timing information from DefaultPasswordService
    [SHIRO-469] - Wrong description of JdbcRealm#setPermissionsQuery
    [SHIRO-552] - JdbcRealm in SaltStyle.COLUMN assumes that password column is Base64 but salt column is utf8 bytes
    [SHIRO-661] - Add check for the principal of subject whether is null
    [SHIRO-682] - fix the potential threat when use "uri = uri + '/' " to bypassed shiro protect
    [SHIRO-684] - INI parser keeps escape characters in keys and values
    [SHIRO-685] - Potential NullPointerException if PermissionResolver return null/empty string
    [SHIRO-687] - Additional Servlet Filters are not available to ShiroFilterFactorBean (unless using XML based beans)

    ๐Ÿ†• New Feature

    [SHIRO-694] - Adds BearerToken support
    [SHIRO-722] - Add SameSite option to cookies

    ๐Ÿ‘Œ Improvement

    [SHIRO-668] - Catch unexpected errors which can lead to oom
    [SHIRO-669] - Included a boolean flag in FirstSuccessfulStrategy to break after first successful authentication
    [SHIRO-670] - ByteSource Serializable
    [SHIRO-681] - Upgrade to compiler Java 8
    [SHIRO-693] - Update plugins
    [SHIRO-700] - Minor spring updates
    [SHIRO-706] - Switch to Guice4 by default in the build
    [SHIRO-709] - Fix Shiro Spring feature
    [SHIRO-710] - Update Commons Lang3 + remove older Commons Lang
    [SHIRO-711] - Deprecate JavaEnvironment
    [SHIRO-712] - Add BasicIniEnvironment
    [SHIRO-715] - Remove old JSTL jars
    [SHIRO-720] - Update Commons BeanUtils
    [SHIRO-724] - Update Jetty, Spring, Spring Boot, Htmlunit dependencies
    [SHIRO-726] - Add dynamic import package
    [SHIRO-728] - Update Spring Boot to 2.1.10
    [SHIRO-729] - Update Quartz
    [SHIRO-730] - Updates the default Cipher mode to GCM in AesCipherService
    [SHIRO-731] - Use OWasp Java Encoder to escape user supplied content to the logs

    โœ… Test

    [SHIRO-697] - Reduce shiro test logging level to INFO


    [SHIRO-690] - Validate JDK11 compatibility
    [SHIRO-692] - Upgrade and enforce min buid maven version to 3.5.0
    [SHIRO-698] - Improve build with maven profile
    [SHIRO-734] - Remove Spring-client sample
    [SHIRO-735] - Shiro does not support servlet-3.1 void method(@Suspended AsyncResponse)

    โฌ†๏ธ Dependency upgrade

    [SHIRO-688] - Upgrade to commons-cli 1.4
    [SHIRO-689] - Upgrade to commons-codec 1.12
    [SHIRO-691] - Upgrade to maven-jar-plugin 3.1.1
    [SHIRO-695] - Update Hazelcast
    [SHIRO-696] - Update Jetty
    [SHIRO-699] - Fix maven warning for exec-maven-plugin and upgrade to 1.6.0
    [SHIRO-701] - Update logback
    [SHIRO-702] - Upgrade to jacoco-maven-plugin 0.8.4
    [SHIRO-703] - Update HSQL
    [SHIRO-704] - Update Spring, Spring Boot, Hibernate
    [SHIRO-705] - Update Easymock + Powermock
    [SHIRO-707] - Misc dependency updates
    [SHIRO-716] - Upgrade to commons-codec 1.13
    [SHIRO-717] - Upgrade to maven-pmd-plugin 3.12.0
    [SHIRO-718] - Upgrade to xmlsec 2.1.4
    [SHIRO-719] - Upgrade to Karaf 4.2.6


    [SHIRO-723] - Provide Minor Shiro Release that includes CVE-2019-10086 Fix
  • v1.5.0-release

    January 21, 2020
  • v1.4.2

    November 08, 2019

    ๐Ÿ› Bug

    [SHIRO-721] - RememberMe Padding Oracle Vulnerability

    ๐Ÿ‘Œ Improvement

    [SHIRO-730] - Updates the default Cipher mode to GCM in AesCipherService