You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

• 7141f41 [maven-release-plugin] prepare release shiro-root-1.10.0
• 28e10e0 Allow for direct configuration of ShiroFilter through WebEnvironment
• 43240d9 [SHIRO-890] Avoid another proxy creator when @​EnableAspectJAutoProxy enabled
• bfc75e1 Merge pull request #473 from apache/revert-info-report
• 41133ec Revert: Bump maven-project-info-reports-plugin from 3.1.2 to 3.4.1
• 6bf5695 Merge pull request #471 from apache/update-guava-1-10-x
• 7bbb0e0 Add optional flag to skip dependency check for integration tets
• 7ac3480 Update guava to 31.1
• b1bd9ba Merge pull request #458 from apache/dependabot/maven/1.10.x/org.codehaus.mojo...
• 5fc85af Merge pull request #456 from apache/dependabot/maven/1.10.x/org.apache.maven....
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

Sourced from jetty-server's releases.

10.0.10

Special Thanks to the following Eclipse Jetty community members

• @​jianglai (Lai Jiang)
• @​markslater (markslater)
• @​prenagha (Padraic Renaghan)

Changelog

• #8136 - Cherry-pick of Improvements to PathSpec for Jetty 10.0.x
• #8134 - Improve cleanup of deflater/inflater pools for PerMessageDeflateExtension
• #8088 - Add option to configure exitVm on ShutdownMonitor from System properties
• #8067 - Wall time usage in DoSFilter RateTracker results in false positive alert
• #8057 - Support Http Response 103 (Early Hints)
• #8014 - Review HttpRequest URI construction
• #8008 - Add compliance mode for LEGACY multipart parser in Jetty 10+
• #7994 - Ability to construct a detached client Request
• #7981 - Add TRANSFER_ENCODING violation for MultiPart RFC7578 parser. (#7976)
• #7977 - UpgradeHttpServletRequest.setAttribute & UpgradeHttpServletRequest.removeAttribute can throw NullPointerException
• #7975 - ForwardedRequestCustomizer setters do not clear existing handlers
• #7953 - Fix StatisticsHandler in the case a Handler throws exception.
• #7935 - Review HTTP/2 error handling
• #7929 - Correct requestlog formatString commented default (@​prenagha)
• #7924 - Fix a typo in Javadoc (@​jianglai)
• #7918 - PathMappings.asPathSpec does not allow root ServletPathSpec
• #7891 - Better Servlet PathMappings for Regex
• #7880 - DefaultServlet should not overwrite programmatically configured precompressed formats with defaults (@​markslater)
• #7863 - Default servlet drops first accept-encoding header if there is more than one. (@​markslater)
• #7858 - GZipHandler does not play nice with other handlers in HandlerCollection
• #7818 - Modifying of HTTP headers in HttpChannel.Listener#onResponseBegin is no longer possible with Jetty 10
• #7808 - Jetty 10.0.x 7801 duplicate set session cookie
• #7802 - HTTP/3 QPACK - do not expect section ack for zero required insert count
• #7754 - jetty.sh ignores JAVA_OPTIONS environment variable
• #7748 - Allow overriding of url-pattern mapping in ServletContextHandler to allow for regex or uri-template matching
• #7635 - QPACK decoder should fail connection if the encoder blocks more than SETTINGS_QPACK_BLOCKED_STREAMS
• #4414 - GZipHandler not excluding inflation for specified paths
• #1771 - Add module for SecuredRedirect support

Dependencies

• #8083 - Bump asciidoctorj to 2.5.4
• #8077 - Bump asciidoctorj-diagram to 2.2.3
• #7839 - Bump asm.version to 9.3
• #8142 - Bump biz.aQute.bndlib to 6.3.1
• #8075 - Bump checkstyle to 10.3
• #8056 - Bump error_prone_annotations to 2.14.0
• #8109 - Bump google-cloud-datastore to 2.7.0
• #8100 - Bump grpc-core to 1.47.0
• #7987 - Bump hawtio-default to 2.15.0

... (truncated)

• de73e94 Updating to version 10.0.10
• 1b4f941 RegexPathSpec documentation and MatchedPath improvements (#8163)
• 1f902f6 Disable H3 tests by default with a system property to explicitly enable them ...
• 7cc461b Fixing javadoc build errors (#8173)
• d63569d Migrate code from jetty-util Logger to slf4j Logger (#8162)
• 66de7ba Improve ssl buffers handling (#8165)
• 0699bc5 Use static exceptions for closing websocket flushers and in ContentProducer (...
• b1c19c0 Merge pull request #8134 from eclipse/jetty-10.0.x-websocketPermessageDeflate...
• 23948f1 no more profile IT tests runs per default (#8138)
• 0d13cbe change-dependabot-interval-to-monthly (#8140)
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

Sourced from shiro-core's changelog.

Licensed to the Apache Software Foundation (ASF) under one

or more contributor license agreements. See the NOTICE file

distributed with this work for additional information

regarding copyright ownership. The ASF licenses this file

to you under the Apache License, Version 2.0 (the

"License"); you may not use this file except in compliance

with the License. You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing,

software distributed under the License is distributed on an

"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY

KIND, either express or implied. See the License for the

specific language governing permissions and limitations

under the License.

This is not an official release notes document. It exists for Shiro developers to jot down their notes while working in the source code. These notes will be combined with Jira’s auto-generated release notes during a release for the total set.

###########################################################

2.0.0

###########################################################

Improvement

[SHIRO-290] Implement bcrypt and argon2 KDF algorithms

Backwards Incompatible Changes

• Changed default DefaultPasswordService.java algorithm to "Argon2id".
• PasswordService.encryptPassword(Object plaintext) will now throw a NullPointerException on null parameter. It was never specified how this method would behave.
• Made salt non-nullable.
• Removed methods in PasswordMatcher.

###########################################################

• 2b53211 [maven-release-plugin] prepare release shiro-root-1.9.1
• 6bcb92e Add support for case-insensitive matching to RegExPatternMatcher
• 422166d Merge pull request #364 from apache/shiro-871-19x
• 0db440a Apply principalSuffix only when username does NOT already contain the suffix
• a259d26 fix SHIRO-881
• 62a663b Merge pull request #357 from apache/1-9-parent
• 9a4f1bf [SHIRO-882] Upgrade to apache pom parent 26
• b3e98b0 Merge pull request #363 from apache/shiro-19-bump-deps
• 2e88dcf Update Spring, jetty, slf4j, and hazelcast dependencies
• f52c3a1 Merge pull request #361 from apache/another-ci-test
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

• See full diff in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

Sourced from shiro-web's changelog.

1.7.1

###########################################################

Bug

[SHIRO-797] - Shiro 1.7.0 is lower than using springboot version 2.0.7 dependency error

###########################################################

1.7.0

###########################################################

Bug

[SHIRO-767] - org.apache.shiro.util.ClassUtil cannot load the array of Primitive DataType when use undertow as web container
[SHIRO-792] - ShiroWebFilterConfiguration seems to conflict with other FilterRegistrationBean

New Feature

[SHIRO-789] - Also add cookie SameSite option to Spring

Improvement

[SHIRO-740] - SslFilter with HTTP Strict Transport Security (HSTS)
[SHIRO-794] - Add system property to enable backslash path normalization
[SHIRO-795] - Disable session path rewriting by default

Task

[SHIRO-793] - deleteMe cookie should use the defined "sameSite"

###########################################################

• 40bac06 [maven-release-plugin] prepare release shiro-root-1.7.1
• ab1ea4a Improving tests for path matching logic
• e35a669 Merge pull request #267 from bmarwell/envloader_it
• 41436c8 (test) convert EnvironmentLoaderServiceTest partly to integration test.
• 72f6076 Add missing license headers to new tests
• c539537 Add basic tests to assert no whitespace in spring.factories fiels
• 5f367c3 hotfix springboot spring.factories
• 3bd10d3 [maven-release-plugin] prepare for next development iteration
• be1144d [maven-release-plugin] prepare release shiro-root-1.7.0
• 42f303f Test cases with EasyMock
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

• See full diff in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

Sourced from shiro-core's changelog.

Licensed to the Apache Software Foundation (ASF) under one

or more contributor license agreements. See the NOTICE file

distributed with this work for additional information

regarding copyright ownership. The ASF licenses this file

to you under the Apache License, Version 2.0 (the

"License"); you may not use this file except in compliance

with the License. You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing,

software distributed under the License is distributed on an

"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY

KIND, either express or implied. See the License for the

specific language governing permissions and limitations

under the License.

This is not an official release notes document. It exists for Shiro developers to jot down their notes while working in the source code. These notes will be combined with Jira’s auto-generated release notes during a release for the total set.

###########################################################

2.0.0

###########################################################

Improvement

[SHIRO-290] Implement bcrypt and argon2 KDF algorithms

Backwards Incompatible Changes

• Changed default DefaultPasswordService.java algorithm to "Argon2id".
• PasswordService.encryptPassword(Object plaintext) will now throw a NullPointerException on null parameter. It was never specified how this method would behave.
• Made salt non-nullable.
• Removed methods in PasswordMatcher.

###########################################################

1.7.1

###########################################################

Bug

[SHIRO-797] - Shiro 1.7.0 is lower than using springboot version 2.0.7 dependency error

###########################################################

... (truncated)

• a86c51a [maven-release-plugin] prepare release shiro-root-1.8.0
• e1b7802 Add @​Documented to Shiro annotations
• b298f71 [SHIRO-678] only query parameters for sessionID if found
• 4ed0c80 Merge pull request #310 from apache/backport-SHIRO-825-18
• 4a20bf0 Backport SHIRO-825
• 1447e43 Merge pull request #296 from apache/single-spring-1-8
• 9f8e5c6 Configure japicmp to work with new single spring boot starter
• ce743aa Combine Spring Boot starters (web and non-web) into single module
• 358397b Merge pull request #299 from apache/jenkins-matrix-1.8
• a9f646d Reverted Java 16 build back to 14
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

• See full diff in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

Sourced from bcprov-jdk15on's changelog.

2.1.1 Version Release: 1.70 Date:      TBD

2.2.1 Version Release: 1.69 Date:      2021, June 7th.

... (truncated)

• See full diff in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.