2014 March - Board report for Apache Shiro

Apache Shiro is a powerful and flexible open-source application security
framework that cleanly handles authentication, authorization, enterprise
session management and cryptography.

We have no issues that require Board assistance at this time.

Releases:

- We published a 1.2.3 bugfix release on 25 February 2014, 7 days ago.  A 1.3
  release is still on the horizon as an interim before 2.0.

Community & Project:

- Brian Demers graciously fixed the user-reported CVE-2014-0074 and pushed out
  the 1.2.3 hotfix.

- A new Shiro plugin for Apache ActiveMQ has been contributed to (and accepted
  by) the Apache ActiveMQ team.  This allows all aspects of ActiveMQ to be
  secured by Shiro - a nice addition! The plugin is scheduled to be available
  in the upcoming ActiveMQ 5.10 release.

- Efforts towards a 2.0 distribution have picked up on a new dev branch.  We
  will still likely need a 1.3 interim release, but that has been slow-going
  as of late.  Hopefully we can release 1.3 next month.

- User mailing list continues to be quite active.

Last PMC Member voted in: Brian Demers on 20 May 2013
Last committer voted in: Jared Bunting on 29 Jul 2012