Bug fixes

• chore(jacoco): added exclusion for weld client proxy by @lprimak in #2769

Security Improvements

• [#2704] [#2710] Fixed Session fixation-related regressions by @lprimak in #2711
• [#2758] Deprecate RandomSessionIdGenerator due to insufficient entropy by @lprimak in #2770
• enh(jakarta-ee): strip out the host part of the referer header
• Using Rdn.escapeValues()

Improvements

• Switch pre-commit to ASF approved prek-action by @jbampton in #2705
• Add AGENTS.md + SECURITY.md linking the project's security model by @potiuk in #2702
• [CI] Add pre-commit hook to validate the CITATION file; Add missing required field message by @jbampton in #2717
• [CI] Add hook to validate dependabot.yml with pre-commit by @jbampton in #2716
• chore: add branch protection rules by @lprimak in #2701
• chore: removed branch protection from main, update github ruleset to include additional branches
• [CI] Pin to sha all pre-commit hooks and clean up by @jbampton in #2730
• Configure EditorConfig for more file types by @jbampton in #2747
• Update and expand the CITATION file by @jbampton in #2766
• [#2760] chore: update shiro.doap file with more recent versions and maintainers by @lprimak in #2768

New Contributors

• @potiuk made their first contribution in #2702

Dependency Updates

• chore(deps): bump https://github.com/zizmorcore/zizmor-pre-commit from v1.24.1 to 1.25.2 in the pre-commit-hooks group by @dependabot[bot] in #2709
• chore(deps): bump org.apache:apache from 37 to 38 by @dependabot[bot] in #2700
• chore(deps): bump com.github.siom79.japicmp:japicmp-maven-plugin from 0.25.6 to 0.25.7 by @dependabot[bot] in #2699
• chore(deps): bump slf4j.version from 2.0.17 to 2.0.18 by @dependabot[bot] in #2694
• chore(deps): bump log4j.version from 2.25.4 to 2.26.0 by @dependabot[bot] in #2697
• chore(deps): bump org.apache.johnzon:johnzon-jsonb from 1.2.22 to 1.3.0 by @dependabot[bot] in #2698
• chore(deps): bump org.apache.cxf:cxf-rt-rs-client from 3.6.10 to 3.6.11 by @dependabot[bot] in #2729
• chore(deps): bump org.apache.cxf:cxf-bom from 3.6.10 to 3.6.11 by @dependabot[bot] in #2728
• chore(deps): bump com.github.siom79.japicmp:japicmp-maven-plugin from 0.25.7 to 0.26.0 by @dependabot[bot] in #2727
• chore(deps): bump org.omnifaces:omnifaces from 3.14.20 to 3.14.21 by @dependabot[bot] in #2725
• chore(deps): bump org.apache.commons:commons-configuration2 from 2.15.0 to 2.15.1 by @dependabot[bot] in #2724
• chore(deps): bump the github-actions-dependencies group with 3 updates by @dependabot[bot] in #2723
• chore(deps-dev): bump arquillian.core.version from 1.10.1.Final to 1.10.2.Final by @dependabot[bot] in #2722
• chore(deps-dev): bump org.apache.cxf:cxf-rt-frontend-jaxrs from 3.6.10 to 3.6.11 by @dependabot[bot] in #2721
• chore(deps): bump ch.qos.logback:logback-classic from 1.5.32 to 1.5.34 by @dependabot[bot] in #2748
• chore(deps): bump ch.qos.logback:logback-core from 1.5.32 to 1.5.34 by @dependabot[bot] in #2749
• chore(deps): bump org.jacoco:jacoco-maven-plugin from 0.8.14 to 0.8.15 by @dependabot[bot] in #2765
• chore(deps): bump the github-actions-dependencies group across 1 directory with 2 updates by @dependabot[bot] in #2756
• chore(deps): bump org.codehaus.gmavenplus:gmavenplus-plugin from 4.3.1 to 5.0.0 by @dependabot[bot] in #2753
• chore(deps): bump org.jboss.shrinkwrap.resolver:shrinkwrap-resolver-bom from 3.3.6 to 3.3.7 by @dependabot[bot] in #2750
• chore(deps): bump com.github.siom79.japicmp:japicmp-maven-plugin from 0.26.0 to 0.26.1 by @dependabot[bot] in #2751
• chore(deps): bump bytebuddy.version from 1.18.8 to 1.18.10 by @dependabot[bot] in #2752

Full Changelog: shiro-root-2.2.0...shiro-root-2.2.1

New Contributors

• @iampratap7997-dot made their first contribution in #2518

Bug Fixes

• [#2578] Filter extra cookies on resubmit by @lprimak in #2588
• [#2633] bugfix(jakarta-ee): form resubmit: login submit response processing f… by @lprimak in #2632
• bugfix: logout is not blocked if it's remembered request even if resubmitted

Security Enhancements

• enh: rememberMe cookie options
• enh: destroy existing session upon login
• enh(jakarta-ee): added secure configuration for session cookies automatically
• enh: reverted secureInDevMode addition and added native session manag…
• enh(jakarta-ee): encrypt SAVED_REQUEST_KEY cookie
• improvement: implemented session key rotation via changeSessionId() in Web-Container mode only

Improvements

• Enable markdownlint rule MD040 by @jbampton in #2507
• CONTRIBUTING: whitespace cleanup for codeblocks by @jbampton in #2506
• Actions labeler: add label for groovy files by @jbampton in #2491
• Add 3 more pre-commit hooks by @jbampton in #2490
• pre-commit: add markdown-link-check by @jbampton in #2519
• Fix typos in java integration-tests for jakarta-ee by @jbampton in #2520
• chore: regenerate ignored words list codespell.txt by @jbampton in #2521
• Enable markdown-lint rule MD034 by @jbampton in #2522
• markdown-lint: set line length to 180 by @jbampton in #2523
• chore: fix typos in Java tests by @jbampton in #2524
• chore: standardize markdown heading underlines by @jbampton in #2525
• chore: fix spelling / word casing in java docs by @jbampton in #2526
• yamllint enable rule checking for comments by @jbampton in #2527
• [#2489] Add CITATION.cff for Apache Shiro by @iampratap7997-dot in #2518
• gha: actions/checkout set persist-credentials: false by @jbampton in #2532
• chore: remove unneeded duplicate words in java docs by @jbampton in #2531
• gha: pr labeler label more file types by @jbampton in #2530
• Add official pre-commit hook pretty-format-json by @jbampton in #2529
• yamllint add rule checking for braces and brackets by @jbampton in #2528
• chore: standardize XML declarations by @jbampton in #2558
• misc(java): remove unneeded duplicate words by @jbampton in #2556
• yamllint enable rule checking for line length by @jbampton in #2557
• Add EditorConfig checker with pre-commit by @jbampton in #2559
• [#2488] chore: add .gitattributes file for line ending normalization and file… by @lprimak in #2574
• Configure EditorConfig for groovy,cff,yaml,yml by @jbampton in #2576
• Add pre-commit hook to stop zip files being committed by @jbampton in #2580
• Decouple codespell from pre-commit config with rc file by @jbampton in #2581
• docs(java): fix typo by @jbampton in #2582
• security: pre-commit add zizmor static analysis for actions by @jbampton in #2583
• gha(labeler): indent YAML with 2 spaces by @jbampton in #2584
• Add manual stage pre-commit hook chmod for markdown permissions by @jbampton in #2586
• yamllint enable document-start rule checking by @jbampton in #2585
• Add descriptive labels to dependabot groups by @jbampton in #2626
• [#2630] enh: update description is GitHub by @lprimak in #2634
• Add pre-commit ecosystem to Dependabot; fix markdown-link-check by @jbampton in #2620
• [CI] Add ASF Allowlist Check workflow by @jbampton in #2687
• [CI] Create reusable pre-commit workflows by @jbampton in #2635
• chore(build): removed disabling of snapshot repositories because Apache parent has it's bug fixed
• chore(build): using latest Windows build and workarounds for apache/maven-surefire#3176
• Fixing mailing lists link for doap
• fix(jenkins): update version retrieval to exclude alpha, beta, and RC versions
• chore(readme): filter out alpha release from the latest maven central version badge
• chore: moved manual tomcat version to variable
• chore: moved tomcat 10 version into a variable
• chore: fixed deprecated methods in Hasher
• chore: remove extra newline

Dependency Updates

• chore(deps): bump ch.qos.logback:logback-core from 1.5.26 to 1.5.27 by @dependabot[bot] in #2515
• chore(deps-dev): bump io.openliberty.tools:liberty-maven-plugin from 3.11.5 to 3.12.0 by @dependabot[bot] in #2513
• chore(deps-dev): bump org.jboss.arquillian.graphene:graphene-webdriver from 3.0.0-alpha.4 to 3.0.0.Final by @dependabot[bot] in #2512
• chore(deps): bump ch.qos.logback:logback-classic from 1.5.26 to 1.5.27 by @dependabot[bot] in #2511
• chore(deps): bump the github-dependencies group with 2 updates by @dependabot[bot] in #2510
• chore(deps-dev): bump org.apache.maven.plugins:maven-pmd-plugin from 3.26.0 to 3.28.0 by @dependabot[bot] in #2555
• chore(deps): bump org.apache.maven.plugins:maven-war-plugin from 3.4.0 to 3.5.1 by @dependabot[bot] in #2553
• chore(deps): bump org.apache.johnzon:johnzon-jsonb from 1.2.21 to 1.2.22 by @dependabot[bot] in #2552
• chore(deps): bump github/codeql-action from 4.32.1 to 4.32.2 in the github-dependencies group by @dependabot[bot] in #2536
• chore(deps): bump org.apache.commons:commons-configuration2 from 2.12.0 to 2.13.0 by @dependabot[bot] in #2551
• chore(deps): bump org.apache.cxf:cxf-bom from 3.6.7 to 3.6.9 by @dependabot[bot] in #2550
• chore(deps): bump ch.qos.logback:logback-classic from 1.5.27 to 1.5.28 by @dependabot[bot] in #2548
• chore(deps): bump org.apache.rat:apache-rat-plugin from 0.16.1 to 0.17 by @dependabot[bot] in #2545
• chore(deps-dev): bump org.apache.maven.plugins:maven-resources-plugin from 3.3.1 to 3.4.0 by @dependabot[bot] in #2533
• chore(deps): bump org.apache.cxf:cxf-rt-rs-client from 3.6.7 to 3.6.9 by @dependabot[bot] in #2542
• chore(deps): bump ch.qos.logback:logback-core from 1.5.27 to 1.5.28 by @dependabot[bot] in #2541
• chore(deps): bump commons-cli:commons-cli from 1.9.0 to 1.11.0 by @dependabot[bot] in #2537
• chore(deps): bump org.apache.karaf.features:framework from 4.4.7 to 4.4.9 by @dependabot[bot] in #2540
• chore(deps-dev): bump org.apache.cxf:cxf-rt-frontend-jaxrs from 3.6.7 to 3.6.9 by @dependabot[bot] in #2543
• chore(deps): bump ch.qos.logback:logback-core from 1.5.28 to 1.5.32 by @dependabot[bot] in #2573
• chore(deps): bump ch.qos.logback:logback-classic from 1.5.28 to 1.5.32 by @dependabot[bot] in #2572
• chore(deps): bump github/codeql-action from 4.32.2 to 4.32.3 in the github-dependencies group by @dependabot[bot] in #2564
• chore(deps): bump or...

Major Changes

• Java 17 is the minimum requirement
• Jakarta EE 11, Spring 7 and SpringBoot 4 without classifiers, dropped support for Jakarta EE 8 and SpringBoot 2
• Removed many deprecations
• Refactored code to use Java 17+ features
• Using Scoped values instead of ThreadLocals on JDK 25+

What's Changed

• [#1548] - redefines PrincipalCollection interface to be intended as immutable by @janitza-mage in #1582
• Fix deprecation warnings by @lprimak in #1630
• Refactor: AssertJ best practices by @timtebeek by @lprimak in #1454
• chore(3.x): Migrate to jakarta EE 10 using OpenRewrite by @rgcv in #2224
• [#1585] Migrate to Jakarta EE 10 (3.x) by @rgcv in #2018
• enh[3.x]: Adds default NoAccess configuration to the default filter chain by @lprimak in #2461
• [#1585] Jakarta namespace and java 17 for 3x by @nsoft in #2017
• [3.x] Karaf needs update by @fpapon in #2517
• [#1862] [3.0] Support for JDK 25 scoped values by @lprimak in #2485

New Contributors

• @janitza-mage made their first contribution in #1582
• @Himakar made their first contribution in #1581
• @rgcv made their first contribution in #2224
• @nsoft made their first contribution in #2017
• @iampratap7997-dot made their first contribution in #2518

Full Changelog: shiro-root-2.1.0...shiro-root-3.0.0-alpha-1

What's Changed

• chore(deps): bump org.htmlunit:htmlunit from 4.17.0 to 4.18.0 by @dependabot[bot] in #2355
• chore: hide deprecation warning in AD test by @lprimak in #2352
• chore(deps): bump github/codeql-action from 4.31.0 to 4.31.2 in the github-dependencies group by @dependabot[bot] in #2353
• chore(deps): bump bytebuddy.version from 1.17.8 to 1.18.1 by @dependabot[bot] in #2369
• chore(deps): bump org.owasp:dependency-check-maven from 12.1.8 to 12.1.9 by @dependabot[bot] in #2367
• chore(deps): bump org.omnifaces:omnifaces from 3.14.11 to 3.14.12 by @dependabot[bot] in #2364
• [#953] - Allow CORS preflight requests to bypass authentication by @celikfatih in #2372
• chore: put back changes that were overwritten by maven release plugin by @lprimak in #2375
• chore(deps): bump bytebuddy.version from 1.18.1 to 1.18.2 by @dependabot[bot] in #2389
• chore(deps): bump org.quartz-scheduler:quartz from 2.5.1 to 2.5.2 by @dependabot[bot] in #2387
• chore(deps): bump org.codehaus.mojo:taglist-maven-plugin from 3.2.1 to 3.2.2 by @dependabot[bot] in #2380
• chore(deps): bump org.codehaus.mojo:versions-maven-plugin from 2.19.1 to 2.20.1 by @dependabot[bot] in #2379
• chore(deps): bump org.htmlunit:htmlunit from 4.18.0 to 4.19.0 by @dependabot[bot] in #2377
• chore(deps): bump org.owasp.encoder:encoder from 1.3.1 to 1.4.0 by @dependabot[bot] in #2374
• chore(deps): bump the github-dependencies group with 2 updates by @dependabot[bot] in #2373
• Configure EditorConfig for .rdf by @jbampton in #2386
• Remove type attributes from HTML script tags by @jbampton in #2382
• pre-commit: add 3 more hooks; fix end of files by @jbampton in #2360
• Pin all actions workflows by @jbampton in #2385
• Add pre-commit hook to trim trailing whitespace by @jbampton in #2406
• gha: use pre-commit run --color=always by @jbampton in #2407
• chore: pin python and it's depenendencies for pre-commit check on GitHub by @lprimak in #2408
• chore: pin python pre-commit workflow dependency with hash by @lprimak in #2410
• Add descriptions to all pre-commit hooks by @jbampton in #2409
• chore: fix vulnerabilities in tests reported by OpenSSF tool by @lprimak in #2411
• chore(deps): bump org.htmlunit:htmlunit from 4.19.0 to 4.20.0 by @dependabot[bot] in #2415
• chore(deps): bump the github-dependencies group with 5 updates by @dependabot[bot] in #2414
• chore(deps): bump mockito.version from 5.20.0 to 5.21.0 by @dependabot[bot] in #2420
• chore(deps): bump ch.qos.logback:logback-core from 1.5.21 to 1.5.22 by @dependabot[bot] in #2419
• chore(deps): bump ch.qos.logback:logback-classic from 1.5.21 to 1.5.22 by @dependabot[bot] in #2417
• chore(deps): bump the github-dependencies group with 3 updates by @dependabot[bot] in #2418
• chore(security): update log4-core by @lprimak in #2430
• chore(deps): bump org.codehaus.mojo:exec-maven-plugin from 3.6.2 to 3.6.3 by @dependabot[bot] in #2429
• chore(deps): bump ch.qos.logback:logback-core from 1.5.22 to 1.5.23 by @dependabot[bot] in #2427
• chore(deps): bump com.github.siom79.japicmp:japicmp-maven-plugin from 0.24.2 to 0.25.1 by @dependabot[bot] in #2428
• chore(deps): bump github/codeql-action from 4.31.8 to 4.31.9 in the github-dependencies group by @dependabot[bot] in #2424
• chore(deps): bump ch.qos.logback:logback-classic from 1.5.22 to 1.5.23 by @dependabot[bot] in #2426
• chore(deps): bump bytebuddy.version from 1.18.2 to 1.18.3 by @dependabot[bot] in #2425
• chore(deps): bump org.htmlunit:htmlunit from 4.20.0 to 4.21.0 by @dependabot[bot] in #2431
• chore(deps): bump ch.qos.logback:logback-classic from 1.5.23 to 1.5.24 by @dependabot[bot] in #2455
• chore(deps): bump org.owasp:dependency-check-maven from 12.1.9 to 12.2.0 by @dependabot[bot] in #2454
• chore(deps): bump com.github.siom79.japicmp:japicmp-maven-plugin from 0.25.1 to 0.25.4 by @dependabot[bot] in #2453
• chore(deps): bump ch.qos.logback:logback-core from 1.5.23 to 1.5.24 by @dependabot[bot] in #2452
• chore(deps): bump javax.enterprise:cdi-api from 2.0 to 2.0.SP1 by @dependabot[bot] in #2451
• chore(deps): bump org.jsoup:jsoup from 1.21.2 to 1.22.1 by @dependabot[bot] in #2442
• chore(deps): bump github/codeql-action from 4.31.9 to 4.31.10 in the github-dependencies group by @dependabot[bot] in #2449
• [#2460] bugfix: avoid duplicate proxying of StoppingAwareProxiedSession by @lprimak in #2459
• [#2458] Deploy next snapshot version as computed dynamically from latest release by @lprimak in #2456
• [#2460] test for recursively wrapped sessions by @bmarwell in #2470
• [#2471] remove experimental, unused class SimplePrincipalMap by @bmarwell in #2472
• Jakarta ee update by @lprimak in #2474
• chore(deps): bump ch.qos.logback:logback-core from 1.5.24 to 1.5.26 by @dependabot[bot] in #2480
• chore(deps): bump ch.qos.logback:logback-classic from 1.5.24 to 1.5.26 by @dependabot[bot] in #2479
• chore(deps-dev): bump org.assertj:assertj-core from 3.27.6 to 3.27.7 by @dependabot[bot] in #2478
• chore(deps): bump org.codehaus.gmavenplus:gmavenplus-plugin from 4.2.1 to 4.3.0 by @dependabot[bot] in #2476
• chore(deps): bump the github-dependencies group across 1 directory with 5 updates by @dependabot[bot] in #2477
• chore(deps-dev): bump org.codehaus.mojo:buildnumber-maven-plugin from 3.2.1 to 3.3.0 by @dependabot[bot] in #2467
• chore(deps-dev): bump org.codehaus.mojo:xml-maven-plugin from 1.2.0 to 1.2.1 by @dependabot[bot] in #2466
• chore(deps-dev): bump org.codehaus.mojo:versions-maven-plugin from 2.20.1 to 2.21.0 by @dependabot[bot] in #2465
• chore(deps-dev): bump org.codehaus.mojo:jdepend-maven-plugin from 2.1 to 2.2.0 by @dependabot[bot] in #2464
• chore(deps): bump bytebuddy.version from 1.18.3 to 1.18.4 by @dependabot[bot] in #2468
• [#1025] - Shiro's InvalidRequestFilter blocks valid paths with encoded slashes by @haster in #1026
• [#2421] bugfix: restored ability to match passwords from Shiro 1.x that have … by @lprimak in #2475
• Run pre-commit autoupdate to update the hooks by @jbampton in #2486
• chore: Eclipse IDE ignores for license checks by @lprimak in #2484
• Update pre-commit workflow set --show-diff-on-failure by @jbampton in #2487

New Contributors

• @celikfatih made their first contribution in #2372
• @haster made their first contribution in #1026

Full Changelog: shiro-root-2.0.6...shiro-root-2.1.0

Bug Fixes

• [#2186] change authorized user to return 403 by @OyvindLGjesdal in #2187
• [#2299] bugfix(jakarta-ee): don't set character encoding to UTF-8 if it's alr… by @lprimak in #2298
• bugfix: logic for iteration parameter in the hasher by @lprimak in #2326
• [#2328] bugfix: renamed bcrypt algo name so it's usable, refactored algo name… by @lprimak in #2327

Improvements

• enh: update issue templates by @lprimak in #2217
• [#2274] enh(jakarta-ee): add optional URL session tracking configuration para… by @lprimak in #2277
• Fix typos in Java code comments by @jbampton in #2312
• Fix grammar/typo in CONTRIBUTING.md by @jbampton in #2315
• Use https on links by @jbampton in #2314
• Added support for iterations parameter by @ntolppi in #2324
• Adds setPrincipalSuffix() to AbstractLdapRealm & updates ActiveDirectoryRealm by @tbrugz in #2310
• Add basic pull request labeler workflow by @jbampton in #2322
• Add codespell with pre-commit and fix typos by @jbampton in #2313
• [#2308] Active Directory: added Initialization test by @tbrugz in #2329
• Optimize Dependabot by using groups for github-actions ecosystem by @jbampton in #2340
• pre-commit: add gitleaks to check for secrets by @jbampton in #2336
• Fix spelling in pom.xml by @jbampton in #2331
• Add basic EditorConfig file by @jbampton in #2335
• Pull request labeler: add more labels by @jbampton in #2334
• pre-commit: add yamllint and standardize YAML files by @jbampton in #2343
• Add CodeQL for actions by @jbampton in #2333
• Add 6 official pre-commit hooks by @jbampton in #2330
• pre-commit: add oxipng for lossless PNG compression by @jbampton in #2337
• Add 5 more official pre-commit hooks by @jbampton in #2351
• pre-commit: add markdownlint and clean Markdown files by @jbampton in #2338
• pre-commit: add actionlint for GitHub Actions workflow files by @jbampton in #2342
• pre-commit: add shellcheck and clean shell files by @jbampton in #2339

New Contributors

• @OyvindLGjesdal made their first contribution in #2187
• @ntolppi made their first contribution in #2324

Dependency Updates

• chore(deps-dev): bump junit.engine.version from 1.13.2 to 1.13.3 by @dependabot[bot] in #2178
• chore(deps): bump junit.version from 5.13.2 to 5.13.3 by @dependabot[bot] in #2179
• chore(deps): bump org.codehaus.gmavenplus:gmavenplus-plugin from 4.2.0 to 4.2.1 by @dependabot[bot] in #2181
• chore(deps-dev): bump junit.engine.version from 1.13.3 to 1.13.4 by @dependabot[bot] in #2188
• chore(deps): bump junit.version from 5.13.3 to 5.13.4 by @dependabot[bot] in #2189
• chore(deps): bump github/codeql-action from 3.29.2 to 3.29.3 by @dependabot[bot] in #2190
• chore(deps): bump github/codeql-action from 3.29.3 to 3.29.4 by @dependabot[bot] in #2191
• chore(deps): bump github/codeql-action from 3.29.4 to 3.29.5 by @dependabot[bot] in #2194
• chore(deps): bump org.htmlunit:htmlunit from 4.13.0 to 4.14.0 by @dependabot[bot] in #2195
• chore(deps-dev): bump org.assertj:assertj-core from 3.27.3 to 3.27.4 by @dependabot[bot] in #2202
• chore(deps): bump github/codeql-action from 3.29.5 to 3.29.6 by @dependabot[bot] in #2200
• chore(deps): bump actions/cache from 4.2.3 to 4.2.4 by @dependabot[bot] in #2199
• chore(deps): bump github/codeql-action from 3.29.6 to 3.29.8 by @dependabot[bot] in #2204
• chore(deps): bump actions/checkout from 4.2.2 to 5.0.0 by @dependabot[bot] in #2205
• chore(deps): bump github/codeql-action from 3.29.8 to 3.29.9 by @dependabot[bot] in #2207
• chore(deps): bump jetty.version from 9.4.57.v20241219 to 9.4.58.v20250814 by @dependabot[bot] in #2208
• chore(deps): bump mockito.version from 5.18.0 to 5.19.0 by @dependabot[bot] in #2211
• chore(deps): bump org.htmlunit:htmlunit from 4.14.0 to 4.15.0 by @dependabot[bot] in #2213
• chore(deps): bump bytebuddy.version from 1.17.6 to 1.17.7 by @dependabot[bot] in #2214
• chore(deps): bump github/codeql-action from 3.29.9 to 3.29.10 by @dependabot[bot] in #2215
• chore(deps): bump github/codeql-action from 3.29.10 to 3.29.11 by @dependabot[bot] in #2219
• chore(deps): bump com.github.mjeanroy:junit-servers-jetty-9 from 3.3.1 to 3.4.0 by @dependabot[bot] in #2221
• chore(deps): bump actions/setup-java from 4.7.1 to 5.0.0 by @dependabot[bot] in #2220
• chore(deps): bump org.jsoup:jsoup from 1.21.1 to 1.21.2 by @dependabot[bot] in #2226
• chore(deps): bump io.openliberty.tools:liberty-maven-plugin from 3.11.4 to 3.11.5 by @dependabot[bot] in #2225
• chore(deps): bump org.htmlunit:htmlunit from 4.15.0 to 4.16.0 by @dependabot[bot] in #2227
• chore(deps): bump github/codeql-action from 3.29.11 to 3.30.0 by @dependabot[bot] in #2230
• chore(deps): bump org.yaml:snakeyaml from 2.4 to 2.5 by @dependabot[bot] in #2229
• chore(deps): bump org.projectlombok:lombok from 1.18.38 to 1.18.40 by @dependabot[bot] in #2238
• chore(deps): bump org.codehaus.mojo:versions-maven-plugin from 2.18.0 to 2.19.0 by @dependabot[bot] in #2235
• chore(deps): bump github/codeql-action from 3.30.0 to 3.30.1 by @dependabot[bot] in #2234
• chore(deps): bump actions/stale from 9.1.0 to 10.0.0 by @dependabot[bot] in #2233
• chore(deps): bump github/codeql-action from 3.30.1 to 3.30.2 by @dependabot[bot] in #2239
• chore(deps): bump github/codeql-action from 3.30.2 to 3.30.3 by @dependabot[bot] in #2240
• chore(deps-dev): bump org.bouncycastle:bcprov-jdk18on from 1.81 to 1.82 by @dependabot[bot] in #2245
• chore(deps): bump org.projectlombok:lombok from 1.18.40 to 1.18.42 by @dependabot[bot] in #2248
• chore(deps-dev): bump org.assertj:assertj-core from 3.27.4 to 3.27.5 by @dependabot[bot] in #2249
• chore(deps): bump org.codehaus.mojo:versions-maven-plugin from 2.19.0 to 2.19.1 by @dependabot[bot] in #2250
• chore(deps): bump org.owasp:dependency-check-maven from 12.1.3 to 12.1.5 by @dependabot[bot] in #2251
• chore(deps): bump mockito.version from 5.19.0 to 5.20.0 by @dependabot[bot] in #2257
• chore(deps-dev): bump org.assertj:assertj-core from 3.27.5 to 3.27.6 by @dependabot[bot] in #2258
• chore(deps): bump actions/cache from 4.2.4 to 4.3.0 by @dependabot[bot] in #2260
• chore(deps): bump org.owasp:dependency-check-maven from 12.1.5 to 12.1.6 by @dependabot[bot] in #2262
• chore(deps): bump github/codeql-action from 3.30.3 to 3.30.4 by @dependabot[bot] in #2264
• chore(deps): bump github/codeql-action from 3.30.4 to 3.30.5 by @dependabot[bot] in #2266
• chore(deps): bump com.github.siom79.japicmp:japicmp-maven-plugin from 0.23.1 to 0.24.0 by @dependabot[bot] in #2280
• chore(deps): bump github/codeql-action from 3.30.5 to 3.30.6 by @dependabot[bot] in #2275
• chore(deps): bump ossf/scorecard-action from 2.4.2 to 2.4.3 by @dependabot[bot] in #2272
• chore(deps): bump actions/stale from 10.0.0 to 10.1.0 by @dependabot[bot] in #2282
• chore(deps): bump org.codehaus.mojo:exec-maven-plugin from 3.5.1 to 3.6.1 by @dependabot[bot] in #2283
• chore(deps): bump org.htmlunit:htmlunit from 4.16.0 to 4.17.0 by @dependabot[bot] in #2284
• chore(deps): bump com.github.siom79.japicmp:japicmp-maven-plugin from 0....

Bug Fixes

• [#1691] added the @Qualifier annotation to the RequestMappi… by @Suvrat1629 in #2147

Improvements

• Fix redundant Optional check in DefaultHashService by @AetherRadar in #2088
• Remove illegal access permit by @lprimak in #2099
• chore: fix test warnings on jdk 24 and 25 by @lprimak in #2101
• chore(java): fix typos by @jbampton in #2163
• chore(java): fix typos by @jbampton in #2164
• chore(java): fix typos by @jbampton in #2165
• chore(java): fix spelling by @jbampton in #2170
• chore: remove unneeded trailing whitespace by @jbampton in #2171
• chore(samples): fix spelling by @jbampton in #2172
• chore(java): fix spelling by @jbampton in #2174
• chore(samples): remove tabs from pom.xml files by @jbampton in #2173
• Fix spelling in pom.xml by @jbampton in #2168

Dependency Updates

• chore(deps): bump github/codeql-action from 3.28.15 to 3.28.16 by @dependabot in #2087
• chore(deps): bump com.puppycrawl.tools:checkstyle from 10.23.0 to 10.23.1 by @dependabot in #2092
• chore(deps): bump org.omnifaces:omnifaces from 3.14.7 to 3.14.8 by @dependabot in #2091
• chore(deps): bump org.codehaus.gmavenplus:gmavenplus-plugin from 4.1.1 to 4.2.0 by @dependabot in #2093
• chore(deps): bump org.jsoup:jsoup from 1.19.1 to 1.20.1 by @dependabot in #2096
• chore(deps): bump github/codeql-action from 3.28.16 to 3.28.17 by @dependabot in #2097
• [StepSecurity] ci: Harden GitHub Actions by @step-security-bot in #2098
• chore(ci): update CI JDK 23 to 24 by @lprimak in #2100
• chore(deps): bump github/codeql-action from 3.28.17 to 3.28.18 by @dependabot in #2104
• chore(deps-dev): bump org.easymock:easymock from 5.5.0 to 5.6.0 by @dependabot in #2105
• chore(deps): bump org.htmlunit:htmlunit from 4.11.1 to 4.12.0 by @dependabot in #2106
• chore(deps): bump mockito.version from 5.17.0 to 5.18.0 by @dependabot in #2109
• chore(deps): bump com.puppycrawl.tools:checkstyle from 10.23.1 to 10.24.0 by @dependabot in #2110
• chore(deps): bump org.apache.commons:commons-configuration2 from 2.11.0 to 2.12.0 by @dependabot in #2112
• chore(deps): bump org.codehaus.mojo:exec-maven-plugin from 3.5.0 to 3.5.1 by @dependabot in #2116
• chore(deps): bump ossf/scorecard-action from 2.4.1 to 2.4.2 by @dependabot in #2120
• chore(deps-dev): bump junit.engine.version from 1.12.2 to 1.13.0 by @dependabot in #2121
• chore(deps): bump junit.version from 5.12.2 to 5.13.0 by @dependabot in #2122
• chore(deps): bump com.puppycrawl.tools:checkstyle from 10.24.0 to 10.25.0 by @dependabot in #2123
• chore(deps): bump org.omnifaces:omnifaces from 3.14.8 to 3.14.9 by @dependabot in #2124
• chore(deps): bump org.htmlunit:htmlunit from 4.12.0 to 4.13.0 by @dependabot in #2125
• chore(deps): bump github/codeql-action from 3.28.18 to 3.28.19 by @dependabot in #2126
• chore(deps-dev): bump org.bouncycastle:bcprov-jdk18on from 1.80 to 1.81 by @dependabot in #2129
• chore(deps): bump org.omnifaces:omnifaces from 3.14.9 to 3.14.10 by @dependabot in #2128
• chore(deps): bump org.codehaus.mojo:build-helper-maven-plugin from 3.6.0 to 3.6.1 by @dependabot in #2131
• chore(deps-dev): bump arquillian.core.version from 1.9.4.Final to 1.9.5.Final by @dependabot in #2130
• chore(deps): bump junit.version from 5.13.0 to 5.13.1 by @dependabot in #2135
• chore(deps-dev): bump junit.engine.version from 1.13.0 to 1.13.1 by @dependabot in #2134
• chore(deps): bump org.owasp:dependency-check-maven from 12.1.1 to 12.1.2 by @dependabot in #2137
• chore(deps): bump org.omnifaces:omnifaces from 3.14.10 to 3.14.11 by @dependabot in #2136
• chore(deps): bump org.owasp:dependency-check-maven from 12.1.2 to 12.1.3 by @dependabot in #2140
• chore(deps): bump github/codeql-action from 3.28.19 to 3.29.0 by @dependabot in #2142
• chore(deps): bump io.openliberty.tools:liberty-maven-plugin from 3.11.3 to 3.11.4 by @dependabot in #2143
• chore(deps): bump bytebuddy.version from 1.17.5 to 1.17.6 by @dependabot in #2145
• chore(deps): bump org.apache:apache from 34 to 35 by @dependabot in #2148
• chore(deps): bump log4j.version from 2.24.3 to 2.25.0 by @dependabot in #2149
• chore(deps): bump commons-beanutils:commons-beanutils from 1.10.1 to 1.11.0 by @dependabot in #2150
• chore(deps): bump groovy.version from 4.0.26 to 4.0.27 by @dependabot in #2151
• chore(deps-dev): bump org.apache.cxf:cxf-rt-frontend-jaxrs from 3.6.6 to 3.6.7 by @dependabot in #2153
• chore(deps): bump org.apache.cxf:cxf-rt-rs-client from 3.6.6 to 3.6.7 by @dependabot in #2154
• chore(deps): bump org.jsoup:jsoup from 1.20.1 to 1.21.1 by @dependabot in #2155
• chore(deps): bump com.puppycrawl.tools:checkstyle from 10.25.0 to 10.25.1 by @dependabot in #2156
• chore(deps): bump com.puppycrawl.tools:checkstyle from 10.25.1 to 10.26.0 by @dependabot in #2159
• chore(deps-dev): bump junit.engine.version from 1.13.1 to 1.13.2 by @dependabot in #2157
• chore(deps): bump junit.version from 5.13.1 to 5.13.2 by @dependabot in #2158
• chore(deps-dev): bump arquillian.core.version from 1.9.5.Final to 1.10.0.Final by @dependabot in #2161
• chore(deps): bump github/codeql-action from 3.29.0 to 3.29.1 by @dependabot in #2162
• chore(deps): bump github/codeql-action from 3.29.1 to 3.29.2 by @dependabot in #2166
• chore(deps): bump com.puppycrawl.tools:checkstyle from 10.26.0 to 10.26.1 by @dependabot in #2169
• deps: updated maven wrapper version to 3.9.10 by @lprimak in #2176

New Contributors

• @AetherRadar made their first contribution in #2088
• @jbampton made their first contribution in #2163

Full Changelog: shiro-root-2.0.4...shiro-root-2.0.5

Bug Fixes

• [#2081] bugfix: remove InheriableThreadLocal from ThreadContext as it was cau… by @lprimak in #2082
• [#2083] bugfix: added Shiro core additional ClassLoader to be used when seria… by @lprimak in #2085

Improvements

• chore: update OpenSSF Scorecard badge
• chore: removed unused test-coverage module, was causing issues for the release

Dependency Updates

• chore(deps): bump github/codeql-action from 3.28.13 to 3.28.15 by @dependabot in #2073
• chore(deps): bump org.owasp:dependency-check-maven from 12.1.0 to 12.1.1 by @dependabot in #2070
• chore(deps): bump actions/setup-java from 4.7.0 to 4.7.1 by @dependabot in #2075
• chore(deps-dev): bump junit.engine.version from 1.12.1 to 1.12.2 by @dependabot in #2079
• chore(deps): bump junit.version from 5.12.1 to 5.12.2 by @dependabot in #2080

Full Changelog: shiro-root-2.0.3...shiro-root-2.0.4

Bug Fixes

• bugfix(test): locking flaky failing Guice test by @lprimak in #1890
• [DOC] - Clean up invalid Javadoc syntax and broken references by @arthenice in #1986
• [DOC] - Fix comments and log messages in AuthenticatingRealm by @jkaving in #2023
• [#2050] bugfix: catch IllegalStateException in validate() by @lprimak in #2052

Improvements

• chore: update CI JDK 22 -> 23 by @lprimak in #1881
• chore: added maven wrapper, update 3.9.9 and have CI scripts use it by @lprimak in #1935
• deps: switch to dev.aspectj - newer maven plugin by @lprimak in #2062

Dependency Updates

• chore(deps): bump groovy.version from 4.0.23 to 4.0.24 by @dependabot in #1869
• chore(deps): bump github/codeql-action from 3.27.0 to 3.27.1 by @dependabot in #1868
• chore(deps): bump com.puppycrawl.tools:checkstyle from 10.20.0 to 10.20.1 by @dependabot in #1867
• chore(deps): bump github/codeql-action from 3.27.1 to 3.27.2 by @dependabot in #1872
• chore(deps): bump org.quartz-scheduler:quartz from 2.5.0-rc2 to 2.5.0 by @dependabot in #1875
• chore(deps): bump github/codeql-action from 3.27.2 to 3.27.3 by @dependabot in #1873
• chore(deps): bump org.codehaus.mojo:versions-maven-plugin from 2.17.1 to 2.18.0 by @dependabot in #1876
• chore(deps): bump github/codeql-action from 3.27.3 to 3.27.4 by @dependabot in #1877
• chore(deps): bump org.projectlombok:lombok from 1.18.34 to 1.18.36 by @dependabot in #1880
• chore(deps-dev): bump org.easymock:easymock from 5.4.0 to 5.5.0 by @dependabot in #1882
• chore(deps): bump github/codeql-action from 3.27.4 to 3.27.5 by @dependabot in #1884
• chore(deps): bump log4j.version from 2.24.1 to 2.24.2 by @dependabot in #1886
• chore(deps): bump org.omnifaces:omnifaces from 3.14.6 to 3.14.7 by @dependabot in #1888
• chore(deps): bump org.jsoup:jsoup from 1.18.1 to 1.18.2 by @dependabot in #1889
• chore(deps): bump github/codeql-action from 3.27.5 to 3.27.6 by @dependabot in #1896
• chore(deps): bump org.htmlunit:htmlunit from 4.6.0 to 4.7.0 by @dependabot in #1897
• chore(deps): bump com.github.mjeanroy:junit-servers-jetty-9 from 3.3.0 to 3.3.1 by @dependabot in #1899
• chore(deps): bump org.jsoup:jsoup from 1.18.2 to 1.18.3 by @dependabot in #1898
• chore(deps): bump com.puppycrawl.tools:checkstyle from 10.20.1 to 10.20.2 by @dependabot in #1900
• chore(deps): bump org.owasp:dependency-check-maven from 11.1.0 to 11.1.1 by @dependabot in #1901
• chore(deps): bump actions/cache from 4.1.2 to 4.2.0 by @dependabot in #1903
• chore(deps): bump github/codeql-action from 3.27.6 to 3.27.7 by @dependabot in #1909
• chore(deps): bump org.apache.cxf:cxf-rt-rs-client from 3.6.4 to 3.6.5 by @dependabot in #1910
• chore(deps-dev): bump org.apache.cxf:cxf-rt-frontend-jaxrs from 3.6.4 to 3.6.5 by @dependabot in #1911
• chore(deps): bump org.apache.maven.skins:maven-fluido-skin from 2.0.0 to 2.0.1 by @dependabot in #1912
• chore(deps): bump log4j.version from 2.24.2 to 2.24.3 by @dependabot in #1913
• chore(deps): bump com.puppycrawl.tools:checkstyle from 10.20.2 to 10.21.0 by @dependabot in #1915
• chore(deps): bump org.jboss.shrinkwrap.resolver:shrinkwrap-resolver-bom from 3.3.2 to 3.3.3 by @dependabot in #1914
• chore(deps): bump github/codeql-action from 3.27.7 to 3.27.9 by @dependabot in #1919
• chore(deps): bump bytebuddy.version from 1.15.10 to 1.15.11 by @dependabot in #1921
• chore(deps): bump junit.version from 5.11.3 to 5.11.4 by @dependabot in #1922
• chore(deps-dev): bump junit.engine.version from 1.11.3 to 1.11.4 by @dependabot in #1923
• chore(deps): bump actions/upload-artifact from 4.4.3 to 4.5.0 by @dependabot in #1924
• chore(deps): bump actions/setup-java from 4.5.0 to 4.6.0 by @dependabot in #1925
• chore(deps): bump io.openliberty.tools:liberty-maven-plugin from 3.11.1 to 3.11.2 by @dependabot in #1927
• chore(deps-dev): bump org.assertj:assertj-core from 3.26.3 to 3.27.0 by @dependabot in #1929
• chore(deps): bump github/codeql-action from 3.27.9 to 3.28.0 by @dependabot in #1930
• chore(deps): bump com.puppycrawl.tools:checkstyle from 10.21.0 to 10.21.1 by @dependabot in #1932
• chore(deps): bump org.codehaus.gmavenplus:gmavenplus-plugin from 4.0.1 to 4.1.0 by @dependabot in #1934
• chore(deps-dev): bump org.assertj:assertj-core from 3.27.0 to 3.27.1 by @dependabot in #1936
• chore(deps): bump org.codehaus.gmavenplus:gmavenplus-plugin from 4.1.0 to 4.1.1 by @dependabot in #1938
• chore(deps): bump mockito.version from 5.14.2 to 5.15.2 by @dependabot in #1937
• chore(deps-dev): bump org.assertj:assertj-core from 3.27.1 to 3.27.2 by @dependabot in #1943
• chore(deps-dev): bump arquillian.core.version from 1.9.1.Final to 1.9.2.Final by @dependabot in #1942
• chore(deps): bump commons-beanutils:commons-beanutils from 1.9.4 to 1.10.0 by @dependabot in #1946
• chore(deps): bump actions/upload-artifact from 4.5.0 to 4.6.0 by @dependabot in #1948
• chore(deps): bump jetty.version from 9.4.56.v20240826 to 9.4.57.v20241219 by @dependabot in #1947
• chore(deps): bump com.github.siom79.japicmp:japicmp-maven-plugin from 0.23.0 to 0.23.1 by @dependabot in #1952
• chore(deps): bump github/codeql-action from 3.28.0 to 3.28.1 by @dependabot in #1954
• chore(deps): bump org.owasp:dependency-check-maven from 11.1.1 to 12.0.0 by @dependabot in #1957
• chore(deps-dev): bump arquillian.core.version from 1.9.2.Final to 1.9.3.Final by @dependabot in #1955
• chore(deps): bump org.htmlunit:htmlunit from 4.7.0 to 4.8.0 by @dependabot in #1956
• chore(deps-dev): bump org.bouncycastle:bcprov-jdk18on from 1.79 to 1.80 by @dependabot in #1960
• chore(deps): bump org.owasp:dependency-check-maven from 12.0.0 to 12.0.1 by @dependabot in #1964
• chore(deps): bump bytebuddy.version from 1.15.11 to 1.16.1 by @dependabot in #1963
• chore(deps-dev): bump org.assertj:assertj-core from 3.27.2 to 3.27.3 by @dependabot in #1962
• chore(deps): bump github/codeql-action from 3.28.1 to 3.28.4 by @dependabot in #1969
• chore(deps): bump org.htmlunit:htmlunit from 4.8.0 to 4.9.0 by @dependabot in #1968
• chore(deps): bump github/codeql-action from 3.28.4 to 3.28.5 by @dependabot in #1972
• chore(deps): bump org.apache.karaf.features:framework from 4.4.6 to 4.4.7 by @dependabot in #1970
• chore(deps): bump com.puppycrawl.tools:checkstyle from 10.21.1 to 10.21.2 by @dependabot in #1975
• chore(deps): bump groovy.version from 4.0.24 to 4.0.25 by @dependabot in #1974
• chore(deps): bump github/codeql-action from 3.28.5 to 3.28.6 by @dependabot in #1976
• chore(deps): bump actions/setup-java from 4.6.0 to 4.7.0 by @dependabot in #1979
• chore(deps): bump github/codeql-action from 3.28.6 to 3.28.7 by @dependabot in #1978
• chore(deps): bump org.owasp:dependency-check-maven from 12.0.1 to 12.0.2 by @dependabot in #1980
• chore(deps): bump bytebuddy.version from 1.16.1 to 1.17.0 by @dependabot in #1981
• chore(deps): bump github/codeql-action from 3.28.7 to 3.28.8 by @dependabot in #1982
• chore(deps): bump github/codeql-action from 3.28.8 to 3.28.9 by @dependabot in #1985
• chore(deps-dev): bump commons-logging:commons-logging from 1.3.4 to 1.3.5 by @dependabot in #1989
• chore(deps): bump commons-beanutils:commons-beanutils from 1.10.0...

Enhancements

• [#1381] enh: Build on JDK 22 by @lprimak in #1530
• [#1762] enh: follow desired request scheme when doing redirection by @lprimak in #1727
• enh(jakarta,it-tests): no longer relying on hardcoded https port in t… by @lprimak in #1808

Bug fixes

• [SHIRO-875] Fix creating subjects from a SubjectFactory that disables session-creation by @boris-petrov in #1514
• bugfix(deps): remove junit bom from root by @lprimak in #1690

Maintenance Tasks

• chore: re-enabled API compatibility check plugin by @lprimak in #1652
• enh(checkstyle): disable method name validation for test classes by @lprimak in #1650

Dependency updates

• update quartz to 2.4.0-rc2, fix CVE-2023-39017 by @minchai23 in #1498
• chore(deps): bump org.quartz-scheduler:quartz from 2.4.0-rc2 to 2.5.0-rc1 by @dependabot in #1503
• chore(deps-dev): bump org.assertj:assertj-core from 3.25.3 to 3.26.0 by @dependabot in #1505
• chore(deps): bump org.sonatype.plugins:nexus-staging-maven-plugin from 1.6.13 to 1.6.14 by @dependabot in #1506
• chore(deps): bump com.puppycrawl.tools:checkstyle from 10.16.0 to 10.17.0 by @dependabot in #1504
• chore(deps): bump org.sonatype.plugins:nexus-staging-maven-plugin from 1.6.14 to 1.7.0 by @dependabot in #1508
• chore(deps): bump bytebuddy.version from 1.14.16 to 1.14.17 by @dependabot in #1509
• chore(deps-dev): bump org.hsqldb:hsqldb from 2.7.2 to 2.7.3 by @dependabot in #1511
• chore(deps): bump github/codeql-action from 3.25.6 to 3.25.7 by @dependabot in #1515
• chore(deps): bump com.flowlogix:flowlogix-jee from 5.5.3 to 5.5.4 by @dependabot in #1518
• chore(deps): bump org.apache.maven.plugins:maven-jxr-plugin from 3.3.2 to 3.4.0 by @dependabot in #1519
• chore(deps): bump github/codeql-action from 3.25.7 to 3.25.8 by @dependabot in #1520
• chore(deps): bump org.apache.maven.plugins:maven-help-plugin from 3.4.0 to 3.4.1 by @dependabot in #1522
• chore(deps): bump org.apache.maven.plugins:maven-checkstyle-plugin from 3.3.1 to 3.4.0 by @dependabot in #1523
• chore(deps): bump org.htmlunit:htmlunit from 4.1.0 to 4.2.0 by @dependabot in #1524
• chore(deps-dev): bump org.easymock:easymock from 5.2.0 to 5.3.0 by @dependabot in #1527
• chore(deps): bump org.apache.commons:commons-configuration2 from 2.10.1 to 2.11.0 by @dependabot in #1528
• chore(deps): bump github/codeql-action from 3.25.8 to 3.25.9 by @dependabot in #1533
• chore(deps): bump org.apache.maven.plugins:maven-pmd-plugin from 3.22.0 to 3.23.0 by @dependabot in #1534
• chore(deps): bump actions/checkout from 4.1.6 to 4.1.7 by @dependabot in #1535
• chore(deps): bump spring.version from 5.3.36 to 5.3.37 by @dependabot in #1539
• chore(deps): bump github/codeql-action from 3.25.9 to 3.25.10 by @dependabot in #1536
• deps: updated javassist to latest by @lprimak in #1545
• chore(deps-dev): bump tomcat.version from 10.1.24 to 10.1.25 by @dependabot in #1546
• chore(deps): bump org.apache.maven.plugins:maven-scm-publish-plugin from 3.2.1 to 3.3.0 by @dependabot in #1553
• chore(deps): bump junit.version from 5.10.2 to 5.10.3 by @dependabot in #1555
• chore(deps): bump org.htmlunit:htmlunit from 4.2.0 to 4.3.0 by @dependabot in #1556
• chore(deps): bump github/codeql-action from 3.25.10 to 3.25.11 by @dependabot in #1557
• chore(deps): bump org.projectlombok:lombok from 1.18.32 to 1.18.34 by @dependabot in #1558
• chore(deps): bump org.owasp:dependency-check-maven from 9.2.0 to 10.0.0 by @dependabot in #1564
• chore(deps): bump org.codehaus.mojo:versions-maven-plugin from 2.16.2 to 2.17.0 by @dependabot in #1562
• chore(deps): bump groovy.version from 4.0.21 to 4.0.22 by @dependabot in #1563
• chore(deps): bump org.owasp:dependency-check-maven from 10.0.0 to 10.0.1 by @dependabot in #1565
• chore(deps): bump jetty.version from 9.4.54.v20240208 to 9.4.55.v20240627 by @dependabot in #1567
• chore(deps): bump org.codehaus.mojo:taglist-maven-plugin from 3.0.0 to 3.1.0 by @dependabot in #1568
• chore(deps-dev): bump commons-logging:commons-logging from 1.3.2 to 1.3.3 by @dependabot in #1569
• chore(deps): bump actions/upload-artifact from 4.3.3 to 4.3.4 by @dependabot in #1573
• chore(deps): bump org.owasp:dependency-check-maven from 10.0.1 to 10.0.2 by @dependabot in #1575
• chore(deps-dev): bump org.assertj:assertj-core from 3.26.0 to 3.26.3 by @dependabot in #1580
• chore(deps): bump bytebuddy.version from 1.14.17 to 1.14.18 by @dependabot in #1579
• chore(deps): bump org.jsoup:jsoup from 1.17.2 to 1.18.1 by @dependabot in #1586
• chore(deps): bump org.apache:apache from 32 to 33 by @dependabot in #1587
• chore(deps-dev): bump org.jboss.arquillian.junit5:arquillian-junit5-container from 1.8.0.Final to 1.9.0.Final by @dependabot in #1578
• chore(deps-dev): bump tomcat.version from 10.1.25 to 10.1.26 by @dependabot in #1594
• chore(deps): bump github/codeql-action from 3.25.11 to 3.25.12 by @dependabot in #1595
• chore(deps): bump org.codehaus.mojo:versions-maven-plugin from 2.17.0 to 2.17.1 by @dependabot in #1600
• chore(deps): bump org.apache.maven.plugins:maven-pmd-plugin from 3.23.0 to 3.24.0 by @dependabot in #1601
• chore(deps): bump org.owasp:dependency-check-maven from 10.0.2 to 10.0.3 by @dependabot in #1604
• chore(deps): bump com.hazelcast:hazelcast from 5.3.7 to 5.3.8 by @dependabot in #1605
• chore(deps): bump org.apache.cxf:cxf-rt-rs-client from 3.6.3 to 3.6.4 by @dependabot in #1606
• chore(deps-dev): bump org.apache.cxf:cxf-rt-frontend-jaxrs from 3.6.3 to 3.6.4 by @dependabot in #1607
• chore(deps): bump org.apache.commons:commons-lang3 from 3.14.0 to 3.15.0 by @dependabot in #1608
• chore(deps): bump github/codeql-action from 3.25.12 to 3.25.13 by @dependabot in #1611
• chore(deps): bump com.github.siom79.japicmp:japicmp-maven-plugin from 0.21.2 to 0.22.0 by @dependabot in #1612
• chore(deps-dev): bump arquillian.core.version from 1.9.0.Final to 1.9.1.Final by @dependabot in #1615
• chore(deps): bump github/codeql-action from 3.25.13 to 3.25.14 by @dependabot in #1616
• chore(deps): bump ossf/scorecard-action from 2.3.3 to 2.4.0 by @dependabot in #1619
• chore(deps): bump github/codeql-action from 3.25.14 to 3.25.15 by @dependabot in #1618
• chore(deps): bump org.htmlunit:htmlunit from 4.3.0 to 4.4.0 by @dependabot in #1620
• chore(deps-dev): bump org.hamcrest:hamcrest-core from 2.2 to 3.0 by @dependabot in #1624
• chore(deps-dev): bump org.easymock:easymock from 5.3.0 to 5.4.0 by @dependabot in #1625
• chore(deps): bump actions/upload-artifact from 4.3.4 to 4.3.5 by @dependabot in #1626
• chore(deps): bump org.owasp.encoder:encoder from 1.2.3 to 1.3.0 by @dependabot in #1628
• chore(deps): bump actions/setup-java from 4.2.1 to 4.2.2 by @dependabot in #1632
• chore(deps-dev): bump tomcat.version from 10.1.26 to 10.1.28 by @dependabot in #1634
• chore(deps): bump github/codeql-action from 3.25.15 to 3.26.0 by @dependabot in #1636
• chore(deps): bump actions/upload-artifact from 4.3.5 to 4.3.6 by @dependabot in #1637
• chore(deps): bump org.codehaus.mojo:exec-maven-plugin from 3.3.0 to 3.4.0 by @dependabot in #1643
• chore(deps): bump slf4j.version from 2.0.13 to 2.0.14 by @dependabot in #1642
• chore(deps): bump org.apache.commons:commons-lang3 from 3.15.0 to...

What's new Highlights

• Added a supported way to decorate Shiro SecurityManager
• Better compatibility with OSGi for Jakarta EE jakarta namespace
• Fixed exception handling bugs in Jax-Rs integration module
• Fixed a bug in Jakarta Faces integration
• Better compatibility when building with Maven 4.x

Bug fixes

• [#1324] enh: added ManifestResourceTransformer to shade plugin by @lprimak in #1328
• [#1352] bugfix: made commons-configuration2 optional in shiro core by @lprimak in #1353
• [SHIRO-491] fix rendering of principal tag in panelGroup by @lprimak in #1371
• [#1383] bugfix: fix exception mapper type from registered features by @lprimak in #1384
• [SHIRO-875] Fix creating subjects with disabled session-creation by @boris-petrov in #1407
• [#1383] bugfix(jax-rs): unauthenticated vs. authorized HTTP response codes we… by @lprimak in #1487
• bugfix(tests): using JUnit's ResourceLock annotation for tests that touch… by @lprimak in #1467

Enhancements

• [SHIRO-776] refactor: JUnit5 Best Practices by @timtebeek in #1338
• deps: fix warnings found by maven 4-alpha-13 by @lprimak in #1377
• [#1424] [Enhancement] Made Jakarta EE IniEnvironment more flexible by @lprimak in #1425
• [#1424] Add generic way to decorate SecurityManager by @lprimak in #1429

Documentation enhancements

• enh: updated versions and using actual link versions for javadoc

Dependency updates

• build(deps): bump log4j.version from 2.22.1 to 2.23.0 by @dependabot in #1321
• build(deps): bump org.codehaus.mojo:exec-maven-plugin from 3.1.1 to 3.2.0 by @dependabot in #1325
• build(deps): bump io.openliberty.tools:liberty-maven-plugin from 3.10 to 3.10.1 by @dependabot in #1330
• build(deps): bump actions/setup-java from 4.0.0 to 4.1.0 by @dependabot in #1331
• build(deps): bump com.puppycrawl.tools:checkstyle from 10.13.0 to 10.14.0 by @dependabot in #1332
• build(deps): bump mockito.version from 5.10.0 to 5.11.0 by @dependabot in #1334
• build(deps): bump groovy.version from 4.0.18 to 4.0.19 by @dependabot in #1335
• build(deps): bump actions/cache from 4.0.0 to 4.0.1 by @dependabot in #1336
• build(deps): bump com.github.siom79.japicmp:japicmp-maven-plugin from 0.18.5 to 0.19.1 by @dependabot in #1341
• build(deps): bump com.github.siom79.japicmp:japicmp-maven-plugin from 0.19.1 to 0.20.0 by @dependabot in #1342
• build(deps): bump log4j.version from 2.23.0 to 2.23.1 by @dependabot in #1349
• build(deps): bump com.puppycrawl.tools:checkstyle from 10.14.0 to 10.14.1 by @dependabot in #1350
• build(deps): bump actions/checkout from 4.1.1 to 4.1.2 by @dependabot in #1354
• build(deps): bump io.openliberty.tools:liberty-maven-plugin from 3.10.1 to 3.10.2 by @dependabot in #1355
• build(deps): bump actions/setup-java from 4.1.0 to 4.2.0 by @dependabot in #1358
• build(deps-dev): bump org.apache.cxf:cxf-rt-frontend-jaxrs from 3.6.2 to 3.6.3 by @dependabot in #1361
• build(deps): bump org.apache.cxf:cxf-rt-rs-client from 3.6.2 to 3.6.3 by @dependabot in #1359
• build(deps): bump org.apache.commons:commons-configuration2 from 2.9.0 to 2.10.0 by @dependabot in #1360
• build(deps): bump spring.version from 5.3.32 to 5.3.33 by @dependabot in #1363
• build(deps): bump groovy.version from 4.0.19 to 4.0.20 by @dependabot in #1364
• build(deps): bump actions/setup-java from 4.2.0 to 4.2.1 by @dependabot in #1365
• build(deps): bump org.owasp:dependency-check-maven from 9.0.9 to 9.0.10 by @dependabot in #1368
• build(deps): bump com.puppycrawl.tools:checkstyle from 10.14.1 to 10.14.2 by @dependabot in #1370
• build(deps): bump actions/cache from 4.0.1 to 4.0.2 by @dependabot in #1372
• build(deps): bump org.projectlombok:lombok from 1.18.30 to 1.18.32 by @dependabot in #1375
• build(deps): bump org.apache.commons:commons-configuration2 from 2.10.0 to 2.10.1 by @dependabot in #1379
• build(deps-dev): bump commons-logging:commons-logging from 1.3.0 to 1.3.1 by @dependabot in #1386
• build(deps-dev): bump tomcat.version from 10.1.19 to 10.1.20 by @dependabot in #1388
• build(deps): bump bytebuddy.version from 1.14.12 to 1.14.13 by @dependabot in #1390
• build(deps): bump com.puppycrawl.tools:checkstyle from 10.14.2 to 10.15.0 by @dependabot in #1394
• build(deps): bump org.owasp:dependency-check-maven from 9.0.10 to 9.1.0 by @dependabot in #1395
• build(deps): bump org.htmlunit:htmlunit from 3.11.0 to 4.0.0 by @dependabot in #1397
• build(deps): bump org.jacoco:jacoco-maven-plugin from 0.8.11 to 0.8.12 by @dependabot in #1398
• build(deps): bump com.hazelcast:hazelcast from 5.3.6 to 5.3.7 by @dependabot in #1399
• build(deps): bump groovy.version from 4.0.20 to 4.0.21 by @dependabot in #1404
• build(deps): bump spring.version from 5.3.33 to 5.3.34 by @dependabot in #1405
• build(deps): bump org.apache.karaf.features:framework from 4.4.5 to 4.4.6 by @dependabot in #1409
• build(deps): bump slf4j.version from 2.0.12 to 2.0.13 by @dependabot in #1408
• build(deps): bump org.omnifaces:omnifaces from 3.14.4 to 3.14.5 by @dependabot in #1411
• build(deps): bump org.apache:apache from 31 to 32 by @dependabot in #1416
• build(deps): bump actions/upload-artifact from 4.3.1 to 4.3.2 by @dependabot in #1418
• build(deps): bump commons-cli:commons-cli from 1.6.0 to 1.7.0 by @dependabot in #1420
• build(deps): bump actions/checkout from 4.1.2 to 4.1.3 by @dependabot in #1427
• build(deps): bump actions/upload-artifact from 4.3.2 to 4.3.3 by @dependabot in #1430
• build(deps): bump com.github.siom79.japicmp:japicmp-maven-plugin from 0.20.0 to 0.21.0 by @dependabot in #1433
• build(deps): bump actions/checkout from 4.1.3 to 4.1.4 by @dependabot in #1434
• build(deps): bump bytebuddy.version from 1.14.13 to 1.14.14 by @dependabot in #1439
• build(deps-dev): bump tomcat.version from 10.1.20 to 10.1.23 by @dependabot in #1438
• deps: upgrade to Arquillian Graphene 3 by @lprimak in #1440
• build(deps): bump org.apache.maven.plugins:maven-pmd-plugin from 3.21.2 to 3.22.0 by @dependabot in #1441
• build(deps): bump com.github.siom79.japicmp:japicmp-maven-plugin from 0.21.0 to 0.21.1 by @dependabot in #1442
• build(deps): bump com.puppycrawl.tools:checkstyle from 10.15.0 to 10.16.0 by @dependabot in #1447
• build(deps): bump org.htmlunit:htmlunit from 4.0.0 to 4.1.0 by @dependabot in #1448
• build(deps): bump com.github.siom79.japicmp:japicmp-maven-plugin from 0.21.1 to 0.21.2 by @dependabot in #1456
• Dependencies: BouncyCastle 1.78.1 and Payara updates by @lprimak in #1459
• build(deps-dev): bump org.bouncycastle:bcprov-jdk18on from 1.77 to 1.78.1 by @dependabot in #1419
• build(deps): bump actions/checkout from 4.1.4 to 4.1.5 by @dependabot in #1461
• build(deps): bump com.mycila:license-maven-plugin from 4.3 to 4.4 by @dependabot in #1462
• build(deps): bump bytebuddy.version from 1.14.14 to 1.14.15 by @dependabot in #1464
• build(deps): bump io.openliberty.tools:liberty-maven-plugin from 3.10.2 to 3.10.3 by @dependabot in #1465
• build(deps): bump ossf/scorecard-action from 2.3.1 to 2.3.3 by @dependabot in #1466
• build(deps): bump mockito.version from 5.11.0 to 5.12.0 by @dependabot in #1468
• build(deps): bump com.mycila:license-maven-plugin from 4.4 to 4.5 by @dependabot in https://github.com/apache/shiro/pull...