struts-examples icon indicating copy to clipboard operation
struts-examples copied to clipboard

Published 20 hours ago verified publisher icon apache

Bump shiro.version from 1.13.0 to 2.0.0

Open dependabot[bot] opened this issue 1 year ago • 0 comments

Bumps shiro.version from 1.13.0 to 2.0.0. Updates org.apache.shiro:shiro-core from 1.13.0 to 2.0.0

Release notes

Sourced from org.apache.shiro:shiro-core's releases.

Apache Shiro 2.0.0

What's new Highlights

  • Java 11 is the minimum supported JVM version
  • Stronger default password hashing algorithms (Argon2 and BCrypt)
  • Jakarta EE 10 support (Java/Jakarta EE 8 is also supported)
  • New Jakarta EE integration module (see Jakarta EE Integration for more information)
  • SpringBoot 3.x support (SpringBoot 2.x is also supported)
  • Automatic form resubmission when session expired (Jakarta EE only)

What's Changed

... (truncated)

Changelog

Sourced from org.apache.shiro:shiro-core's changelog.

2.0.0

###########################################################

Improvement

[SHIRO-290] Implement bcrypt and argon2 KDF algorithms

Backwards Incompatible Changes

  • Changed default DefaultPasswordService.java algorithm to "Argon2id".
  • PasswordService.encryptPassword(Object plaintext) will now throw a NullPointerException on null parameter. It was never specified how this method would behave.
  • Made salt non-nullable.
  • Removed methods in PasswordMatcher.

###########################################################

1.7.1

###########################################################

Bug

[SHIRO-797] - Shiro 1.7.0 is lower than using springboot version 2.0.7 dependency error

###########################################################

1.7.0

###########################################################

Bug

[SHIRO-767] - org.apache.shiro.util.ClassUtil cannot load the array of Primitive DataType when use undertow as web container
[SHIRO-792] - ShiroWebFilterConfiguration seems to conflict with other FilterRegistrationBean

New Feature

[SHIRO-789] - Also add cookie SameSite option to Spring

Improvement

[SHIRO-740] - SslFilter with HTTP Strict Transport Security (HSTS)
[SHIRO-794] - Add system property to enable backslash path normalization
[SHIRO-795] - Disable session path rewriting by default

Task

[SHIRO-793] - deleteMe cookie should use the defined "sameSite"

... (truncated)

Commits
  • ef7117b [maven-release-plugin] prepare release shiro-root-2.0.0
  • d2afa85 Merge pull request #1320 from apache/dependabot/maven/com.github.siom79.japic...
  • 879c6a7 Merge pull request #1319 from apache/dependabot/maven/tomcat.version-10.1.19
  • e8fd2a9 Merge pull request #1318 from apache/dependabot/maven/com.flowlogix-flowlogix...
  • bcbb087 build(deps): bump com.github.siom79.japicmp:japicmp-maven-plugin
  • 02ca3fb build(deps-dev): bump tomcat.version from 10.1.18 to 10.1.19
  • a385227 build(deps): bump com.flowlogix:flowlogix-jee from 5.5.2 to 5.5.3
  • 8ecf148 Merge pull request #1314 from apache/dependabot/maven/com.github.siom79.japic...
  • 6d99d22 Merge pull request #1313 from apache/dependabot/maven/bytebuddy.version-1.14.12
  • acec94d build(deps): bump com.github.siom79.japicmp:japicmp-maven-plugin
  • Additional commits viewable in compare view

Updates org.apache.shiro:shiro-web from 1.13.0 to 2.0.0

Release notes

Sourced from org.apache.shiro:shiro-web's releases.

Apache Shiro 2.0.0

What's new Highlights

  • Java 11 is the minimum supported JVM version
  • Stronger default password hashing algorithms (Argon2 and BCrypt)
  • Jakarta EE 10 support (Java/Jakarta EE 8 is also supported)
  • New Jakarta EE integration module (see Jakarta EE Integration for more information)
  • SpringBoot 3.x support (SpringBoot 2.x is also supported)
  • Automatic form resubmission when session expired (Jakarta EE only)

What's Changed

... (truncated)

Changelog

Sourced from org.apache.shiro:shiro-web's changelog.

2.0.0

###########################################################

Improvement

[SHIRO-290] Implement bcrypt and argon2 KDF algorithms

Backwards Incompatible Changes

  • Changed default DefaultPasswordService.java algorithm to "Argon2id".
  • PasswordService.encryptPassword(Object plaintext) will now throw a NullPointerException on null parameter. It was never specified how this method would behave.
  • Made salt non-nullable.
  • Removed methods in PasswordMatcher.

###########################################################

1.7.1

###########################################################

Bug

[SHIRO-797] - Shiro 1.7.0 is lower than using springboot version 2.0.7 dependency error

###########################################################

1.7.0

###########################################################

Bug

[SHIRO-767] - org.apache.shiro.util.ClassUtil cannot load the array of Primitive DataType when use undertow as web container
[SHIRO-792] - ShiroWebFilterConfiguration seems to conflict with other FilterRegistrationBean

New Feature

[SHIRO-789] - Also add cookie SameSite option to Spring

Improvement

[SHIRO-740] - SslFilter with HTTP Strict Transport Security (HSTS)
[SHIRO-794] - Add system property to enable backslash path normalization
[SHIRO-795] - Disable session path rewriting by default

Task

[SHIRO-793] - deleteMe cookie should use the defined "sameSite"

... (truncated)

Commits
  • ef7117b [maven-release-plugin] prepare release shiro-root-2.0.0
  • d2afa85 Merge pull request #1320 from apache/dependabot/maven/com.github.siom79.japic...
  • 879c6a7 Merge pull request #1319 from apache/dependabot/maven/tomcat.version-10.1.19
  • e8fd2a9 Merge pull request #1318 from apache/dependabot/maven/com.flowlogix-flowlogix...
  • bcbb087 build(deps): bump com.github.siom79.japicmp:japicmp-maven-plugin
  • 02ca3fb build(deps-dev): bump tomcat.version from 10.1.18 to 10.1.19
  • a385227 build(deps): bump com.flowlogix:flowlogix-jee from 5.5.2 to 5.5.3
  • 8ecf148 Merge pull request #1314 from apache/dependabot/maven/com.github.siom79.japic...
  • 6d99d22 Merge pull request #1313 from apache/dependabot/maven/bytebuddy.version-1.14.12
  • acec94d build(deps): bump com.github.siom79.japicmp:japicmp-maven-plugin
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

dependabot[bot] avatar Mar 04 '24 00:03 dependabot[bot]