Reason:
On October 12, 2022, Apache officially disclosed the CVE-2022-40664 Apache Shiro permission bypass vulnerability. Before Shiro 1.10.0, there may be an authentication bypass vulnerability when using RequestDispatcher in the code for forwarding.
oss-security - CVE-2022-40664: Apache Shiro: Authentication Bypass Vulnerability in Shiro when forwarding or including via RequestDispatcher
oss-security - Re: CVE-2022-40664: Apache Shiro: Authentication Bypass Vulnerability in Shiro when forwarding or including via RequestDispatcher
oss-security - Re: CVE-2022-40664: Apache Shiro: Authentication Bypass Vulnerability in Shiro when forwarding or including via RequestDispatcher
https://lists.apache.org/thread/loc2ktxng32xpy7lfwxto13k4lvnhjwg
https://lists.apache.org/thread/ynx4mx9phc61ctr80lbwp1rsg2lmn6k4
CVE-2022-40664 Apache Shiro Vulnerability in NetApp Products | NetApp Product Security