| Patch | Description | Author | Forwarded | Bugs | Origin | Last update |
|---|---|---|---|---|---|---|
| 01-bundles-to-jars.patch | Changes the packaging from bundle to jar to fix build issues. Feel free to disable this patch if you figure how to build proper OSGi modules. | Emmanuel Bourg <ebourg@apache.org> | not-needed | |||
| 02-reproducible-build.patch | Replace ${user.name} with "debian" in the buildNumber. This is to make the Debian builds reproducible. | Chris Lamb <lamby@debian.org> | not-needed | debian | ||
| 03-spring-compatibility.patch | [PATCH] SHIRO-590 - Added Spring Boot starters and programatic Spring support. | Brian Demers <bdemers@apache.org> | no | 2016-09-23 | ||
| 04-java11-compatibility.patch | Fixes the compatibility with Java 11 | Emmanuel Bourg <ebourg@apache.org> | no | |||
| 05-guice-improvements.patch | commit f2dfa7ff39c9870e7b9856ceca8690c5398080fa SHIRO-493 - Adding new methods and deprecating old to ShiroWebModule to support Guice 4 |
Brian Demers <bdemers@apache.org> | no | 2016-07-14 | ||
| CVE-2020-1957.patch | no | |||||
| CVE-2020-13933.patch | [PATCH] Add a feature to allow for global filters Adds new filter to block invalid requests |
Brian Demers <bdemers@apache.org> | no | 2020-07-07 | ||
| CVE-2020-17510_1_of_2.patch | [PATCH] Adds configuration to toggle the normalization of backslashes This is normally handled by the container Update the InvalidRequestFilter to use WebUtils.ALLOW_BACKSLASH (new system property: org.apache.shiro.web.ALLOW_BACKSLASH) |
Brian Demers <bdemers@apache.org> | no | 2020-09-03 | ||
| CVE-2020-17510_2_of_2.patch | [PATCH] Disable jsessionid URL rewriting by default This matches the default of the InvalidRequestFilter |
Brian Demers <bdemers@apache.org> | no | 2020-09-29 |