Debian Patches

Status for shiro/1.3.2-5

Patch Description Author Forwarded Bugs Origin Last update
01-bundles-to-jars.patch Changes the packaging from bundle to jar to fix build issues. Feel free to disable this patch if you figure how to build proper OSGi modules. Emmanuel Bourg <ebourg@apache.org> not-needed
02-reproducible-build.patch Replace ${user.name} with "debian" in the buildNumber. This is to make the Debian builds reproducible. Chris Lamb <lamby@debian.org> not-needed debian
03-spring-compatibility.patch [PATCH] SHIRO-590 - Added Spring Boot starters and programatic Spring support. Brian Demers <bdemers@apache.org> no 2016-09-23
04-java11-compatibility.patch Fixes the compatibility with Java 11 Emmanuel Bourg <ebourg@apache.org> no
05-guice-improvements.patch commit f2dfa7ff39c9870e7b9856ceca8690c5398080fa

SHIRO-493 - Adding new methods and deprecating old to ShiroWebModule to support Guice 4
Brian Demers <bdemers@apache.org> no 2016-07-14
CVE-2020-1957.patch no
CVE-2020-13933.patch [PATCH] Add a feature to allow for global filters
Adds new filter to block invalid requests
Brian Demers <bdemers@apache.org> no 2020-07-07
CVE-2020-17510_1_of_2.patch [PATCH] Adds configuration to toggle the normalization of backslashes
This is normally handled by the container
Update the InvalidRequestFilter to use WebUtils.ALLOW_BACKSLASH
(new system property: org.apache.shiro.web.ALLOW_BACKSLASH)
Brian Demers <bdemers@apache.org> no 2020-09-03
CVE-2020-17510_2_of_2.patch [PATCH] Disable jsessionid URL rewriting by default
This matches the default of the InvalidRequestFilter
Brian Demers <bdemers@apache.org> no 2020-09-29

All known versions for source package 'shiro'

Links