Improved: Upgrade Apache Shiro from 1.13.0 to 2.0.0 (OFBIZ-12961)

At first glance there is no security vulnerability implied, just a new API. Despite still having Core in Maven: https://mvnrepository.com/artifact/org.apache.shiro in Gradle I had to change Core by Crypto to compile. https://javadoc.io/doc/org.apache.shiro/shiro-crypto-cipher/latest/org/apache/shiro/crypto/cipher/AesCipherService.html I guess something related to modules. Package is still org.apache.shiro.crypto I did not dig deeper.
apache · Mar 23, 2024 · aa459fd · aa459fd
1 parent d272bbf
commit aa459fd
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/dependencies.gradle b/dependencies.gradle
@@ -53,7 +53,7 @@ dependencies {
  implementation 'org.apache.logging.log4j:log4j-core:2.20.0' // Somehow needed by Buildbot to compile OFBizDynamicThresholdFilter.java
  implementation 'org.apache.poi:poi:4.1.2' // poi-ooxml-schemas-5.0.0.pom'. Received status code 401 from server
  implementation 'org.apache.pdfbox:pdfbox:2.0.29' // 3.0.1 does not compile
- implementation 'org.apache.shiro:shiro-core:1.13.0'
+ implementation 'org.apache.shiro:shiro-crypto:2.0.0'
  implementation 'org.apache.sshd:sshd-core:2.10.0'
  implementation 'org.apache.sshd:sshd-sftp:2.10.0'
  implementation 'org.apache.tika:tika-core:2.5.0'