shiro (1.3.2-3~18.04.1) bionic-security; urgency=medium

  * SECURITY UPDATE: Improper Authentication
    - debian/patches/CVE-2020-1957_11989.patch: Fix a path-traversal issue
      where a specially-crafted request could cause an authentication bypass.
    - CVE-2020-1957
    - CVE-2020-11989

 -- Paulo Flabiano Smorigo <pfsmorigo@canonical.com>  Thu, 11 Feb 2021 12:59:56 +0000

shiro (1.3.2-3~18.04) bionic; urgency=medium

  * Backport for OpenJDK 11. LP: #1814133.

 -- Matthias Klose <doko@ubuntu.com>  Tue, 26 Feb 2019 16:36:35 +0100

shiro (1.3.2-3) unstable; urgency=medium

  * Fixed the build failure with Java 11 (Closes: #912390)
  * Standards-Version updated to 4.2.1
  * Switch to debhelper level 11
  * Use salsa.debian.org Vcs-* URLs

 -- Emmanuel Bourg <ebourg@apache.org>  Thu, 29 Nov 2018 14:37:03 +0100

shiro (1.3.2-2) unstable; urgency=medium

  * Team upload.
  * Add missing build-dep on junit4 (Closes: #871325)

 -- tony mancill <tmancill@debian.org>  Thu, 17 Aug 2017 21:57:24 -0700

shiro (1.3.2-1) unstable; urgency=medium

  * Team upload.
  * New upstream release
    - New build dependency on libpowermock-java
    - Ignore the new hazelcast module
  * Depend on libtaglibs-standard-spec-java instead of libjstl1.1-java
  * debian/watch: Track the release tags on GitHub
  * Switch to debhelper level 10

 -- Emmanuel Bourg <ebourg@apache.org>  Wed, 16 Nov 2016 15:30:28 +0100

shiro (1.2.5-2) unstable; urgency=medium

  * Team upload.
  * Fixed the build failure with Spring Framework 4.3.x (Closes: #834471)
  * Build with the DH sequencer instead of CDBS
  * Use secure Vcs-* URLs

 -- Emmanuel Bourg <ebourg@apache.org>  Fri, 19 Aug 2016 19:57:14 +0200

shiro (1.2.5-1) unstable; urgency=high

  * Team upload.
  * New upstream release.
    Fixes CVE-2016-4437 (Closes: #826653)
  * Bump Standards-Version to 3.9.8 (no changes).
  * Include reproducible build patch.
    Thank you to Chris Lamb. (Closes: #797296)

 -- tony mancill <tmancill@debian.org>  Sun, 12 Jun 2016 11:57:59 -0700

shiro (1.2.4-1) unstable; urgency=medium

  * New upstream release
    - Removed the dependency on libguava-java
    - Refreshed the patch
    - Ignore the maven-toolchains-plugin
  * Set the source encoding to UTF-8

 -- Emmanuel Bourg <ebourg@apache.org>  Tue, 21 Jul 2015 14:52:02 +0200

shiro (1.2.3-1) unstable; urgency=low

  * Initial release (Closes: #726534)

 -- Emmanuel Bourg <ebourg@apache.org>  Fri, 10 Oct 2014 00:51:44 +0200