apache/shiro (org.apache.shiro:shiro-web)
### [`v1.5.0`](https://redirect.github.com/apache/shiro/blob/HEAD/RELEASE-NOTES#150)
\###########################################################
Notes: this release require a JRE 8 minimum.
Bug
[SHIRO-458] - Possible leaked timing information from DefaultPasswordService
[SHIRO-469] - Wrong description of JdbcRealm#setPermissionsQuery
[SHIRO-552] - JdbcRealm in SaltStyle.COLUMN assumes that password column is Base64 but salt column is utf8 bytes
[SHIRO-661] - Add check for the principal of subject whether is null
[SHIRO-682] - fix the potential threat when use "uri = uri + '/' " to bypassed shiro protect
[SHIRO-684] - INI parser keeps escape characters in keys and values
[SHIRO-685] - Potential NullPointerException if PermissionResolver return null/empty string
[SHIRO-687] - Additional Servlet Filters are not available to ShiroFilterFactorBean (unless using XML based beans)
New Feature
[SHIRO-694] - Adds BearerToken support
[SHIRO-722] - Add SameSite option to cookies
Improvement
[SHIRO-668] - Catch unexpected errors which can lead to oom
[SHIRO-669] - Included a boolean flag in FirstSuccessfulStrategy to break after first successful authentication
[SHIRO-670] - ByteSource Serializable
[SHIRO-681] - Upgrade to compiler Java 8
[SHIRO-693] - Update plugins
[SHIRO-700] - Minor spring updates
[SHIRO-706] - Switch to Guice4 by default in the build
[SHIRO-709] - Fix Shiro Spring feature
[SHIRO-710] - Update Commons Lang3 + remove older Commons Lang
[SHIRO-711] - Deprecate JavaEnvironment
[SHIRO-712] - Add BasicIniEnvironment
[SHIRO-715] - Remove old JSTL jars
[SHIRO-720] - Update Commons BeanUtils
[SHIRO-724] - Update Jetty, Spring, Spring Boot, Htmlunit dependencies
[SHIRO-726] - Add dynamic import package
[SHIRO-728] - Update Spring Boot to 2.1.10
[SHIRO-729] - Update Quartz
[SHIRO-730] - Updates the default Cipher mode to GCM in AesCipherService
[SHIRO-731] - Use OWasp Java Encoder to escape user supplied content to the logs
Test
[SHIRO-697] - Reduce shiro test logging level to INFO
Task
[SHIRO-690] - Validate JDK11 compatibility
[SHIRO-692] - Upgrade and enforce min build maven version to 3.5.0
[SHIRO-698] - Improve build with maven profile
[SHIRO-734] - Remove Spring-client sample
[SHIRO-735] - Shiro does not support servlet-3.1 void method(@Suspended AsyncResponse)
Dependency upgrade
[SHIRO-688] - Upgrade to commons-cli 1.4
[SHIRO-689] - Upgrade to commons-codec 1.12
[SHIRO-691] - Upgrade to maven-jar-plugin 3.1.1
[SHIRO-695] - Update Hazelcast
[SHIRO-696] - Update Jetty
[SHIRO-699] - Fix maven warning for exec-maven-plugin and upgrade to 1.6.0
[SHIRO-701] - Update logback
[SHIRO-702] - Upgrade to jacoco-maven-plugin 0.8.4
[SHIRO-703] - Update HSQL
[SHIRO-704] - Update Spring, Spring Boot, Hibernate
[SHIRO-705] - Update Easymock + Powermock
[SHIRO-707] - Misc dependency updates
[SHIRO-716] - Upgrade to commons-codec 1.13
[SHIRO-717] - Upgrade to maven-pmd-plugin 3.12.0
[SHIRO-718] - Upgrade to xmlsec 2.1.4
[SHIRO-719] - Upgrade to Karaf 4.2.6
Request
[SHIRO-723] - Provide Minor Shiro Release that includes CVE-2019-10086 Fix
\###########################################################
### [`v1.4.2`](https://redirect.github.com/apache/shiro/blob/HEAD/RELEASE-NOTES#142)
\###########################################################
Bug
[SHIRO-721] - RememberMe Padding Oracle Vulnerability
Improvement
[SHIRO-730] - Updates the default Cipher mode to GCM in AesCipherService
\###########################################################
### [`v1.4.1`](https://redirect.github.com/apache/shiro/blob/HEAD/RELEASE-NOTES#141)
\###########################################################
Bug
[SHIRO-457] - Login without static VM security manager cause exception in debug
[SHIRO-563] - shiro-aspectj karaf feature can't be installed
[SHIRO-624] - OSGI: commons configuration import should be optional
[SHIRO-626] - Bundle symbolic name conflict
[SHIRO-637] - Refresh cached session in HTTP request after user logs out
[SHIRO-650] - Shiro JAX-RS is not an OSGi bundle
[SHIRO-653] - Spring-boot registers shiro filter only on REQUEST dispatcher
[SHIRO-655] - shiro-core has an undesirable runtime OSGi dependency to spring-beans
[SHIRO-658] - Problems building shiro on openjdk-8 on current debian stable (9.6 "stretch")
[SHIRO-660] - Bug in FirstSuccessfulStrategy
[SHIRO-680] - Duplicate Bundle-SymbolicName for Different Shiro Modules
New Feature
[SHIRO-638] - Update osgi bundle manifest to support Spring 4.x
Improvement
[SHIRO-560] - Shiro-web feature can't be installed in karaf 4.0.4
[SHIRO-652] - Upgrade Shiro Feature to Karaf 4.x
[SHIRO-664] - Upgrade to Apache pom parent 21
[SHIRO-665] - Upgrade to maven-bundle-plugin 4.1.0
[SHIRO-667] - Upgrade to Spring 4.3.22-RELEASE
[SHIRO-672] - Upgrade to jacoco-maven-plugin 0.8.3
[SHIRO-673] - Upgrade to maven-compiler-plugin 3.8.0
[SHIRO-674] - Upgrade to maven-dependency-plugin to 3.1.1
[SHIRO-675] - Upgrade to maven-surefire-plugins 3.0.0-M3
[SHIRO-676] - Upgrade to maven-jar-plugin 3.1.0
[SHIRO-677] - Upgrade to versions-maven-plugin 2.7
[SHIRO-683] - Upgrade to spring-boot 1.5.19.RELEASE
Task
[SHIRO-662] - Constant Name Change in AuthenticationRealm
[SHIRO-663] - Clean up pom parent relative path
Dependency upgrade
[SHIRO-659] - Upgrade to OWASP dependency-check-maven plugin 4.0.0
\###########################################################
### [`v1.4.0`](https://redirect.github.com/apache/shiro/blob/HEAD/RELEASE-NOTES#140)
\###########################################################
Bug
[SHIRO-559] - shiro-guice violates the JEE specification
[SHIRO-579] - Permission filter is validating last matched path
[SHIRO-603] - Endless recursion in ShiroSecurityContext.getUserPrincipal()
[SHIRO-605] - ShiroWebModule creates out of order filter chain.
[SHIRO-607] - AuthorizationAttributeSourceAdvisor ignores type-annotations
[SHIRO-608] - Use a ServiceLoader to discover WebEnvironments
[SHIRO-611] - Spring web module does not load correct SessionStorageEvaluator
Improvement
[SHIRO-596] - shiro-tools-hasher needs private salt option
[SHIRO-618] - Spring Boot Web Starter- Autoconfiguration for Realm and ShiroFilterChainDefinition
\###########################################################
### [`v1.3.2`](https://redirect.github.com/apache/shiro/blob/HEAD/RELEASE-NOTES#132)
\###########################################################
Bug
[SHIRO-584] - URL Path matching issue with WebUtils.getPathWithinApplication
\###########################################################
### [`v1.3.1`](https://redirect.github.com/apache/shiro/blob/HEAD/RELEASE-NOTES#131)
\###########################################################
Bug
[SHIRO-577] - Regression - Unable to set custom SessionValidationScheduler
[SHIRO-581] - Improve log message when remember me cipher has changed
\###########################################################
### [`v1.3.0`](https://redirect.github.com/apache/shiro/blob/HEAD/RELEASE-NOTES#130)
\###########################################################
Bug
[SHIRO-373] - Complete CAS remember-me support
[SHIRO-397] - SingleArgumentMethodEventListenerTest fails
[SHIRO-421] - Unable to set long timeouts on HttpServletSession
[SHIRO-435] - SecurityManager is not a singleton in ShiroWebModule
[SHIRO-473] - DefaultAnnotationResolver.getAnnotation throws NullPointerException
[SHIRO-480] - setTarget method in DomainPermission does not set targets
[SHIRO-483] - passwordsMatch() returns false with right plain password-encrypted password in JVM with default locale tr_TR
[SHIRO-502] - OSGi import of com.google.inject in shiro-guice has incorrect version range
[SHIRO-513] - Misleading error message when using custom WebEnvironment
[SHIRO-515] - ExecutorServiceSessionValidationScheduler leaks resources due to improper synchronization
[SHIRO-547] - Use MessageDigest#isEqual() instead of Arrays#equals() for comparing digests
[SHIRO-568] - hash iterations is calculated wrongly in SimpleHash
[SHIRO-570] - SimpleCookie should check the path of the cookie
New Feature
[SHIRO-200] - Add ability to configure basic authentication for specific HTTP methods
[SHIRO-395] - Add an Event Bus for event publishing and low-coupling for custom components/plugins.
[SHIRO-412] - Hazelcast-based caching and session clustering
[SHIRO-436] - Add EnvironmentLoader finalizeEnvironment method
Improvement
[SHIRO-278] - Rename JndiLdapRealm to DefaultLdapRealm
[SHIRO-300] - WildcardPermission: change visibility of field 'parts' to protected
[SHIRO-361] - HttpServletResponse.encodeURL: only append JSESSIONID when necessary
[SHIRO-428] - AuthorizingRealm "no cache" logging should be at DEBUG level, not INFO, OR is should log only once
[SHIRO-437] - WildcardPermission: conformed toString
[SHIRO-514] - ExecutorServiceSessionValidationScheduler should create threads with a configurable name
[SHIRO-564] - WildcardPermission case-insensitive makes parts collections twice
[SHIRO-566] - CollectionUtils should use Collections wrappers of arrays if possible
Task
[SHIRO-208] - Correct JDK 1.5 / 1.6 incompatibilities
[SHIRO-320] - Add an example for using Guice integration.
[SHIRO-571] - Mark shiro-cas deprecated (replaced with buji-pac4j)
\###########################################################
### [`v1.2.6`](https://redirect.github.com/apache/shiro/blob/HEAD/RELEASE-NOTES#126)
\###########################################################
Bug
[SHIRO-545] - JavaEnvironment version getter
[SHIRO-567] - shiro-root-1.2.5.pom uses invalid encoding, fails to parse with Gradle 2.14
\###########################################################
### [`v1.2.5`](https://redirect.github.com/apache/shiro/blob/HEAD/RELEASE-NOTES#125)
\###########################################################
Bug
[SHIRO-443] - SessionValidationScheduler created multiple times, enabling it is not thread safe
[SHIRO-462] - Authentication exceptions are swallowed
[SHIRO-467] - Authentication exception gets swallowed
[SHIRO-550] - Randomize default remember me cipher
Improvement
[SHIRO-504] - Java 8 support
[SHIRO-516] - Explicitly specify the version of aspectjtools to avoid build warning
[SHIRO-562] - WildcardPermission calls String.trim() twice in setParts()
\###########################################################
### [`v1.2.4`](https://redirect.github.com/apache/shiro/blob/HEAD/RELEASE-NOTES#124)
\###########################################################
Bug
[SHIRO-517] - Caused by: java.lang.NoClassDefFoundError: Lcom/google/inject/internal/util/$ImmutableList;
[SHIRO-518] - Shiro-CAS: Security Problem in cas-client-core versions older than 3.3.2
[SHIRO-556] - https://shiro.apache.org/realm.html appears to link to the javadoc under static/current/apidocs not static/latest
Improvement
[SHIRO-332] - Change access level of method 'isPermitted' in org.apache.shiro.realm.AuthorizingRealm (line 461) from private to protected
[SHIRO-496] - Update shiro.guice dependency
[SHIRO-498] - ThreadLocal should not be created when not necessary
\###########################################################
### [`v1.2.2`](https://redirect.github.com/apache/shiro/blob/HEAD/RELEASE-NOTES#122)
\###########################################################
Bug:
[SHIRO-316] - Annotations in samples-aspectj Project Does not Work
[SHIRO-351] - Shiro Native Session implementation cannot extract JSESSIONID From URL if JSESSIONID is URL parameter (not HTTP parameter)
[SHIRO-379] - SimpleAccountRealm concurrency access to roles and users
[SHIRO-380] - runAs feature (still) doesn't work
[SHIRO-387] - EnvironmentLoader destroys wrong environment
[SHIRO-388] - Stackoverflow org.apache.shiro.session.SessionListener.onStop()
[SHIRO-389] - Fix OSGI Exports for shiro-ehcache
[SHIRO-390] - OSGi Import for JSP (javax.servlet.jsp) should be declared optional
[SHIRO-394] - PropertiesRealm reloading not working when loading from file
[SHIRO-399] - Memory leak for invalid sessions
[SHIRO-403] - Trunk will not build under JDK 1.7 due to webstart plugin
[SHIRO-413] - init() method is not called on class that implements org.apache.shiro.util.Initializable
[SHIRO-415] - isLoginAttempt method in BasicHttpAuthenticationFilter class fails if used in any locale other than English
[SHIRO-418] - Javadoc typo in JdbcRealm.SaltStyle
[SHIRO-423] - INI ReflectionBuilder should not wrap reference values
[SHIRO-429] - perms filter parsing is too sensitive to a trailing space
[SHIRO-431] - please use git ignore
[SHIRO-447] - Broken Javadoc links
\###########################################################
### [`v1.2.1`](https://redirect.github.com/apache/shiro/blob/HEAD/RELEASE-NOTES#121)
\###########################################################
Bug:
[SHIRO-341] - ReflectionBuilder has invalid log message format
[SHIRO-342] - Running the example as described at http://shiro.apache.org/10-minute-tutorial.html fails
[SHIRO-344] - runAs feature doesn't work
[SHIRO-350] - Creating a subject should not create a session
[SHIRO-353] - DefaultSecurityManager has invalid SLF4J log instruction
[SHIRO-354] - Authentication cache
[SHIRO-358] - Source Tarball doesn't Build
[SHIRO-363] - PasswordMatcher should support character arrays
[SHIRO-368] - DomainPermission(string, string) constructor sets targets to the same value as actions
[SHIRO-375] - Basic authentication issue when using COLON character
[SHIRO-376] - shiro-cas feature should not depend on shiro-cas
[SHIRO-377] - PropertiesRealm unable to reload Properties
\###########################################################
[ ] If you want to rebase/retry this PR, check this box
This PR contains the following updates:
1.2.0->1.5.0By merging this PR, the issue #10 will be automatically resolved and closed:
By merging this PR, the issue #10 will be automatically resolved and closed:
Release Notes
apache/shiro (org.apache.shiro:shiro-web)
### [`v1.5.0`](https://redirect.github.com/apache/shiro/blob/HEAD/RELEASE-NOTES#150) \########################################################### Notes: this release require a JRE 8 minimum. Bug [SHIRO-458] - Possible leaked timing information from DefaultPasswordService [SHIRO-469] - Wrong description of JdbcRealm#setPermissionsQuery [SHIRO-552] - JdbcRealm in SaltStyle.COLUMN assumes that password column is Base64 but salt column is utf8 bytes [SHIRO-661] - Add check for the principal of subject whether is null [SHIRO-682] - fix the potential threat when use "uri = uri + '/' " to bypassed shiro protect [SHIRO-684] - INI parser keeps escape characters in keys and values [SHIRO-685] - Potential NullPointerException if PermissionResolver return null/empty string [SHIRO-687] - Additional Servlet Filters are not available to ShiroFilterFactorBean (unless using XML based beans) New Feature [SHIRO-694] - Adds BearerToken support [SHIRO-722] - Add SameSite option to cookies Improvement [SHIRO-668] - Catch unexpected errors which can lead to oom [SHIRO-669] - Included a boolean flag in FirstSuccessfulStrategy to break after first successful authentication [SHIRO-670] - ByteSource Serializable [SHIRO-681] - Upgrade to compiler Java 8 [SHIRO-693] - Update plugins [SHIRO-700] - Minor spring updates [SHIRO-706] - Switch to Guice4 by default in the build [SHIRO-709] - Fix Shiro Spring feature [SHIRO-710] - Update Commons Lang3 + remove older Commons Lang [SHIRO-711] - Deprecate JavaEnvironment [SHIRO-712] - Add BasicIniEnvironment [SHIRO-715] - Remove old JSTL jars [SHIRO-720] - Update Commons BeanUtils [SHIRO-724] - Update Jetty, Spring, Spring Boot, Htmlunit dependencies [SHIRO-726] - Add dynamic import package [SHIRO-728] - Update Spring Boot to 2.1.10 [SHIRO-729] - Update Quartz [SHIRO-730] - Updates the default Cipher mode to GCM in AesCipherService [SHIRO-731] - Use OWasp Java Encoder to escape user supplied content to the logs Test [SHIRO-697] - Reduce shiro test logging level to INFO Task [SHIRO-690] - Validate JDK11 compatibility [SHIRO-692] - Upgrade and enforce min build maven version to 3.5.0 [SHIRO-698] - Improve build with maven profile [SHIRO-734] - Remove Spring-client sample [SHIRO-735] - Shiro does not support servlet-3.1 void method(@Suspended AsyncResponse) Dependency upgrade [SHIRO-688] - Upgrade to commons-cli 1.4 [SHIRO-689] - Upgrade to commons-codec 1.12 [SHIRO-691] - Upgrade to maven-jar-plugin 3.1.1 [SHIRO-695] - Update Hazelcast [SHIRO-696] - Update Jetty [SHIRO-699] - Fix maven warning for exec-maven-plugin and upgrade to 1.6.0 [SHIRO-701] - Update logback [SHIRO-702] - Upgrade to jacoco-maven-plugin 0.8.4 [SHIRO-703] - Update HSQL [SHIRO-704] - Update Spring, Spring Boot, Hibernate [SHIRO-705] - Update Easymock + Powermock [SHIRO-707] - Misc dependency updates [SHIRO-716] - Upgrade to commons-codec 1.13 [SHIRO-717] - Upgrade to maven-pmd-plugin 3.12.0 [SHIRO-718] - Upgrade to xmlsec 2.1.4 [SHIRO-719] - Upgrade to Karaf 4.2.6 Request [SHIRO-723] - Provide Minor Shiro Release that includes CVE-2019-10086 Fix \########################################################### ### [`v1.4.2`](https://redirect.github.com/apache/shiro/blob/HEAD/RELEASE-NOTES#142) \########################################################### Bug [SHIRO-721] - RememberMe Padding Oracle Vulnerability Improvement [SHIRO-730] - Updates the default Cipher mode to GCM in AesCipherService \########################################################### ### [`v1.4.1`](https://redirect.github.com/apache/shiro/blob/HEAD/RELEASE-NOTES#141) \########################################################### Bug [SHIRO-457] - Login without static VM security manager cause exception in debug [SHIRO-563] - shiro-aspectj karaf feature can't be installed [SHIRO-624] - OSGI: commons configuration import should be optional [SHIRO-626] - Bundle symbolic name conflict [SHIRO-637] - Refresh cached session in HTTP request after user logs out [SHIRO-650] - Shiro JAX-RS is not an OSGi bundle [SHIRO-653] - Spring-boot registers shiro filter only on REQUEST dispatcher [SHIRO-655] - shiro-core has an undesirable runtime OSGi dependency to spring-beans [SHIRO-658] - Problems building shiro on openjdk-8 on current debian stable (9.6 "stretch") [SHIRO-660] - Bug in FirstSuccessfulStrategy [SHIRO-680] - Duplicate Bundle-SymbolicName for Different Shiro Modules New Feature [SHIRO-638] - Update osgi bundle manifest to support Spring 4.x Improvement [SHIRO-560] - Shiro-web feature can't be installed in karaf 4.0.4 [SHIRO-652] - Upgrade Shiro Feature to Karaf 4.x [SHIRO-664] - Upgrade to Apache pom parent 21 [SHIRO-665] - Upgrade to maven-bundle-plugin 4.1.0 [SHIRO-667] - Upgrade to Spring 4.3.22-RELEASE [SHIRO-672] - Upgrade to jacoco-maven-plugin 0.8.3 [SHIRO-673] - Upgrade to maven-compiler-plugin 3.8.0 [SHIRO-674] - Upgrade to maven-dependency-plugin to 3.1.1 [SHIRO-675] - Upgrade to maven-surefire-plugins 3.0.0-M3 [SHIRO-676] - Upgrade to maven-jar-plugin 3.1.0 [SHIRO-677] - Upgrade to versions-maven-plugin 2.7 [SHIRO-683] - Upgrade to spring-boot 1.5.19.RELEASE Task [SHIRO-662] - Constant Name Change in AuthenticationRealm [SHIRO-663] - Clean up pom parent relative path Dependency upgrade [SHIRO-659] - Upgrade to OWASP dependency-check-maven plugin 4.0.0 \########################################################### ### [`v1.4.0`](https://redirect.github.com/apache/shiro/blob/HEAD/RELEASE-NOTES#140) \########################################################### Bug [SHIRO-559] - shiro-guice violates the JEE specification [SHIRO-579] - Permission filter is validating last matched path [SHIRO-603] - Endless recursion in ShiroSecurityContext.getUserPrincipal() [SHIRO-605] - ShiroWebModule creates out of order filter chain. [SHIRO-607] - AuthorizationAttributeSourceAdvisor ignores type-annotations [SHIRO-608] - Use a ServiceLoader to discover WebEnvironments [SHIRO-611] - Spring web module does not load correct SessionStorageEvaluator Improvement [SHIRO-596] - shiro-tools-hasher needs private salt option [SHIRO-618] - Spring Boot Web Starter- Autoconfiguration for Realm and ShiroFilterChainDefinition \########################################################### ### [`v1.3.2`](https://redirect.github.com/apache/shiro/blob/HEAD/RELEASE-NOTES#132) \########################################################### Bug [SHIRO-584] - URL Path matching issue with WebUtils.getPathWithinApplication \########################################################### ### [`v1.3.1`](https://redirect.github.com/apache/shiro/blob/HEAD/RELEASE-NOTES#131) \########################################################### Bug [SHIRO-577] - Regression - Unable to set custom SessionValidationScheduler [SHIRO-581] - Improve log message when remember me cipher has changed \########################################################### ### [`v1.3.0`](https://redirect.github.com/apache/shiro/blob/HEAD/RELEASE-NOTES#130) \########################################################### Bug [SHIRO-373] - Complete CAS remember-me support [SHIRO-397] - SingleArgumentMethodEventListenerTest fails [SHIRO-421] - Unable to set long timeouts on HttpServletSession [SHIRO-435] - SecurityManager is not a singleton in ShiroWebModule [SHIRO-473] - DefaultAnnotationResolver.getAnnotation throws NullPointerException [SHIRO-480] - setTarget method in DomainPermission does not set targets [SHIRO-483] - passwordsMatch() returns false with right plain password-encrypted password in JVM with default locale tr_TR [SHIRO-502] - OSGi import of com.google.inject in shiro-guice has incorrect version range [SHIRO-513] - Misleading error message when using custom WebEnvironment [SHIRO-515] - ExecutorServiceSessionValidationScheduler leaks resources due to improper synchronization [SHIRO-547] - Use MessageDigest#isEqual() instead of Arrays#equals() for comparing digests [SHIRO-568] - hash iterations is calculated wrongly in SimpleHash [SHIRO-570] - SimpleCookie should check the path of the cookie New Feature [SHIRO-200] - Add ability to configure basic authentication for specific HTTP methods [SHIRO-395] - Add an Event Bus for event publishing and low-coupling for custom components/plugins. [SHIRO-412] - Hazelcast-based caching and session clustering [SHIRO-436] - Add EnvironmentLoader finalizeEnvironment method Improvement [SHIRO-278] - Rename JndiLdapRealm to DefaultLdapRealm [SHIRO-300] - WildcardPermission: change visibility of field 'parts' to protected [SHIRO-361] - HttpServletResponse.encodeURL: only append JSESSIONID when necessary [SHIRO-428] - AuthorizingRealm "no cache" logging should be at DEBUG level, not INFO, OR is should log only once [SHIRO-437] - WildcardPermission: conformed toString [SHIRO-514] - ExecutorServiceSessionValidationScheduler should create threads with a configurable name [SHIRO-564] - WildcardPermission case-insensitive makes parts collections twice [SHIRO-566] - CollectionUtils should use Collections wrappers of arrays if possible Task [SHIRO-208] - Correct JDK 1.5 / 1.6 incompatibilities [SHIRO-320] - Add an example for using Guice integration. [SHIRO-571] - Mark shiro-cas deprecated (replaced with buji-pac4j) \########################################################### ### [`v1.2.6`](https://redirect.github.com/apache/shiro/blob/HEAD/RELEASE-NOTES#126) \########################################################### Bug [SHIRO-545] - JavaEnvironment version getter [SHIRO-567] - shiro-root-1.2.5.pom uses invalid encoding, fails to parse with Gradle 2.14 \########################################################### ### [`v1.2.5`](https://redirect.github.com/apache/shiro/blob/HEAD/RELEASE-NOTES#125) \########################################################### Bug [SHIRO-443] - SessionValidationScheduler created multiple times, enabling it is not thread safe [SHIRO-462] - Authentication exceptions are swallowed [SHIRO-467] - Authentication exception gets swallowed [SHIRO-550] - Randomize default remember me cipher Improvement [SHIRO-504] - Java 8 support [SHIRO-516] - Explicitly specify the version of aspectjtools to avoid build warning [SHIRO-562] - WildcardPermission calls String.trim() twice in setParts() \########################################################### ### [`v1.2.4`](https://redirect.github.com/apache/shiro/blob/HEAD/RELEASE-NOTES#124) \########################################################### Bug [SHIRO-517] - Caused by: java.lang.NoClassDefFoundError: Lcom/google/inject/internal/util/$ImmutableList; [SHIRO-518] - Shiro-CAS: Security Problem in cas-client-core versions older than 3.3.2 [SHIRO-556] - https://shiro.apache.org/realm.html appears to link to the javadoc under static/current/apidocs not static/latest Improvement [SHIRO-332] - Change access level of method 'isPermitted' in org.apache.shiro.realm.AuthorizingRealm (line 461) from private to protected [SHIRO-496] - Update shiro.guice dependency [SHIRO-498] - ThreadLocal should not be created when not necessary \########################################################### ### [`v1.2.2`](https://redirect.github.com/apache/shiro/blob/HEAD/RELEASE-NOTES#122) \########################################################### Bug: [SHIRO-316] - Annotations in samples-aspectj Project Does not Work [SHIRO-351] - Shiro Native Session implementation cannot extract JSESSIONID From URL if JSESSIONID is URL parameter (not HTTP parameter) [SHIRO-379] - SimpleAccountRealm concurrency access to roles and users [SHIRO-380] - runAs feature (still) doesn't work [SHIRO-387] - EnvironmentLoader destroys wrong environment [SHIRO-388] - Stackoverflow org.apache.shiro.session.SessionListener.onStop() [SHIRO-389] - Fix OSGI Exports for shiro-ehcache [SHIRO-390] - OSGi Import for JSP (javax.servlet.jsp) should be declared optional [SHIRO-394] - PropertiesRealm reloading not working when loading from file [SHIRO-399] - Memory leak for invalid sessions [SHIRO-403] - Trunk will not build under JDK 1.7 due to webstart plugin [SHIRO-413] - init() method is not called on class that implements org.apache.shiro.util.Initializable [SHIRO-415] - isLoginAttempt method in BasicHttpAuthenticationFilter class fails if used in any locale other than English [SHIRO-418] - Javadoc typo in JdbcRealm.SaltStyle [SHIRO-423] - INI ReflectionBuilder should not wrap reference values [SHIRO-429] - perms filter parsing is too sensitive to a trailing space [SHIRO-431] - please use git ignore [SHIRO-447] - Broken Javadoc links \########################################################### ### [`v1.2.1`](https://redirect.github.com/apache/shiro/blob/HEAD/RELEASE-NOTES#121) \########################################################### Bug: [SHIRO-341] - ReflectionBuilder has invalid log message format [SHIRO-342] - Running the example as described at http://shiro.apache.org/10-minute-tutorial.html fails [SHIRO-344] - runAs feature doesn't work [SHIRO-350] - Creating a subject should not create a session [SHIRO-353] - DefaultSecurityManager has invalid SLF4J log instruction [SHIRO-354] - Authentication cache [SHIRO-358] - Source Tarball doesn't Build [SHIRO-363] - PasswordMatcher should support character arrays [SHIRO-368] - DomainPermission(string, string) constructor sets targets to the same value as actions [SHIRO-375] - Basic authentication issue when using COLON character [SHIRO-376] - shiro-cas feature should not depend on shiro-cas [SHIRO-377] - PropertiesRealm unable to reload Properties \###########################################################