Security issue: upgrade to pac4j v1.9.4

jooby-project / jooby

The modular web framework for Java and Kotlin

https://jooby.io

Apache License 2.0

1.71k stars 197 forks source link

Security issue: upgrade to pac4j v1.9.4 #516

Closed leleuj closed 8 years ago

leleuj commented 8 years ago

Unfortunately, we have a critical security issue in pac4j v1.9.2 and v1.9.3, if you use DbAuthenticator or MongoAuthenticator and the default password encoder NopPasswordEncoder.

You MUST upgrade to pac4j v1.9.4.

Hopefully, you haven't released any final version (only 1.0.0.CR8 is affected).

leleuj commented 8 years ago

@jknack : the trivial PR to fix the issue: https://github.com/jooby-project/jooby/pull/517

jknack commented 8 years ago

@leleuj Thank you.

leleuj commented 8 years ago

Thanks for your swiftness.