Re: Proposal to bring GEODE-8315 (shiro upgrade) to support branches

30, 2020 at 9:14 AM > To: dev@geode.apache.org > Subject: RE: Proposal to bring GEODE-8315 (shiro upgrade) to support > branches > +1 > > -Original Message- > From: Ju@N > Sent: Tuesday, June 30, 2020 9:12 AM > To: dev@geode.apache.org >

Re: Proposal to bring GEODE-8315 (shiro upgrade) to support branches

Backported to support/1.13 and support/1.12 On 6/30/20, 9:37 AM, "Robert Houghton" wrote: +1 From: Dick Cavender Date: Tuesday, June 30, 2020 at 9:14 AM To: dev@geode.apache.org Subject: RE: Proposal to bring GEODE-8315 (shiro upgrade) to support branc

Re: Proposal to bring GEODE-8315 (shiro upgrade) to support branches

+1 From: Dick Cavender Date: Tuesday, June 30, 2020 at 9:14 AM To: dev@geode.apache.org Subject: RE: Proposal to bring GEODE-8315 (shiro upgrade) to support branches +1 -Original Message- From: Ju@N Sent: Tuesday, June 30, 2020 9:12 AM To: dev@geode.apache.org Subject: Re: Proposal to

RE: Proposal to bring GEODE-8315 (shiro upgrade) to support branches

+1 -Original Message- From: Ju@N Sent: Tuesday, June 30, 2020 9:12 AM To: dev@geode.apache.org Subject: Re: Proposal to bring GEODE-8315 (shiro upgrade) to support branches +1 On Tue, 30 Jun 2020 at 17:03, Owen Nichols wrote: > Recently shiro-1.5.2.jar is getting flagged

Re: Proposal to bring GEODE-8315 (shiro upgrade) to support branches

+1 On Tue, 30 Jun 2020 at 17:03, Owen Nichols wrote: > Recently shiro-1.5.2.jar is getting flagged for critical security > vulnerability CVE-2020-11989. > > Analysis shows that Geode does not use Shiro in a manner that would expose > this vulnerability. > > The risk of bringing GEODE-8315 is ver