Apache Shiro vulnerability for versions < 1.10.0

Hi SonaType Team

Our vuln scanner caught the recent finding for Shiro

Specifically, the following jars

When can we expect a build to resolve the finding?

From what I understand next release should be soon and it contains the upgrade to this dependency.

1 Like

3.43.0 is now released which contains this fix.

1 Like