https://bugzilla.redhat.com/show_bug.cgi?id=1869860
--- Doc Text *updated* by Eric Christensen sparks@redhat.com --- A flaw was found in Apache Shiro in versions prior to 1.6.0. A specially crafted HTTP request may cause an authentication bypass. The highest threat from this vulnerability is to data confidentiality.