Apache Shiro version 1.0.0-incubating suffers from an information disclosure vulnerability. Shiro's path-based filter chain mechanism did not normalize request paths before performing path-matching logic. The result is that Shiro filter chain matching logic was susceptible to potential path traversal attacks.
edbfc654a617fb75fdde37febf48f3584026969f760f1650e56dd5ba41ffad08