Can I upgrade nexus-2.15.1-02/nexus/WEB-INF/lib/shiro-core-1.8.0.jar to shiro-core-1.10.0

Reason:

On October 12, 2022, Apache officially disclosed the CVE-2022-40664 Apache Shiro permission bypass vulnerability. Before Shiro 1.10.0, there may be an authentication bypass vulnerability when using RequestDispatcher in the code for forwarding.

oss-security - CVE-2022-40664: Apache Shiro: Authentication Bypass Vulnerability in Shiro when forwarding or including via RequestDispatcher
oss-security - Re: CVE-2022-40664: Apache Shiro: Authentication Bypass Vulnerability in Shiro when forwarding or including via RequestDispatcher
oss-security - Re: CVE-2022-40664: Apache Shiro: Authentication Bypass Vulnerability in Shiro when forwarding or including via RequestDispatcher
https://lists.apache.org/thread/loc2ktxng32xpy7lfwxto13k4lvnhjwg
https://lists.apache.org/thread/ynx4mx9phc61ctr80lbwp1rsg2lmn6k4
CVE-2022-40664 Apache Shiro Vulnerability in NetApp Products | NetApp Product Security