Return-Path: <dev-return-7139-archive-asf-public=cust-asf.ponee.io@shiro.apache.org>
X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io
Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io
Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183])
	by cust-asf2.ponee.io (Postfix) with ESMTP id D3CE8200B81
	for <archive-asf-public-internal@cust-asf2.ponee.io>; Tue, 13 Sep 2016 16:37:36 +0200 (CEST)
Received: by cust-asf.ponee.io (Postfix)
	id D295A160AAA; Tue, 13 Sep 2016 14:37:36 +0000 (UTC)
Delivered-To: archive-asf-public@cust-asf.ponee.io
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by cust-asf.ponee.io (Postfix) with SMTP id 4ED98160AD8
	for <archive-asf-public@cust-asf.ponee.io>; Tue, 13 Sep 2016 16:37:36 +0200 (CEST)
Received: (qmail 74730 invoked by uid 500); 13 Sep 2016 14:37:35 -0000
Mailing-List: contact dev-help@shiro.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:dev-help@shiro.apache.org>
List-Unsubscribe: <mailto:dev-unsubscribe@shiro.apache.org>
List-Post: <mailto:dev@shiro.apache.org>
List-Id: <dev.shiro.apache.org>
Reply-To: dev@shiro.apache.org
Delivered-To: mailing list dev@shiro.apache.org
Received: (qmail 74702 invoked by uid 99); 13 Sep 2016 14:37:35 -0000
Received: from mail-relay.apache.org (HELO mail-relay.apache.org) (140.211.11.15)
    by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 13 Sep 2016 14:37:35 +0000
Received: from mail-vk0-f51.google.com (mail-vk0-f51.google.com [209.85.213.51])
	by mail-relay.apache.org (ASF Mail Server at mail-relay.apache.org) with ESMTPSA id 206911A031B;
	Tue, 13 Sep 2016 14:37:35 +0000 (UTC)
Received: by mail-vk0-f51.google.com with SMTP id m62so126899769vkd.3;
        Tue, 13 Sep 2016 07:37:35 -0700 (PDT)
X-Gm-Message-State: AE9vXwMqV9h/mYO+ZqTCK402eaKRpn/l+5ELreUKuxPtis3KbGK5hU+kectJ2OsG+mWsD3/uQlAPXNg0bQrU8Q==
X-Received: by 10.31.61.1 with SMTP id k1mr1038929vka.149.1473777453976; Tue,
 13 Sep 2016 07:37:33 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.176.0.174 with HTTP; Tue, 13 Sep 2016 07:37:33 -0700 (PDT)
From: Brian Demers <bdemers@apache.org>
Date: Tue, 13 Sep 2016 10:37:33 -0400
X-Gmail-Original-Message-ID: <CAH9eYVrC4Jj+NpEF_nM0J-+2zN21e_SS_9-Yq0TQsdnfwFZcyQ@mail.gmail.com>
Message-ID: <CAH9eYVrC4Jj+NpEF_nM0J-+2zN21e_SS_9-Yq0TQsdnfwFZcyQ@mail.gmail.com>
Subject: [ANNOUNCE][CVE-2016-6802] Apache Shiro 1.3.2 released
To: announce@shiro.apache.org, "user@shiro.apache.org" <user@shiro.apache.org>, dev@shiro.apache.org,
	"security@apache.org" <security@apache.org>, oss-security@lists.openwall.com,
	bugtraq@securityfocus.com
Content-Type: text/plain; charset=UTF-8
archived-at: Tue, 13 Sep 2016 14:37:36 -0000

The Shiro team is pleased to announce the release of Apache Shiro version 1.3.2.

This security release contains 1 fix since the 1.3.1 release and is
available for Download now [1].

    CVE-2016-6802:
    Apache Shiro before 1.3.2,  when using a non-root servlet context path,
    specifically crafted requests can be used to by pass some security servlet
    filters, resulting in unauthorized access.

Release binaries (.jars) are also available through Maven Central and
source bundles through Apache distribution mirrors.

For more information on Shiro, please read the documentation[2].

-The Apache Shiro Team

[1] http://shiro.apache.org/download.html
[2] http://shiro.apache.org/documentation.html