Apache Shiro security framework releases 3.0.0
2 days ago
- #Apache Shiro 3.0.0
- #Security Framework
- #Java Release
- Apache Shiro 3.0.0 released, with new features and over two years of development.
- New minimum baseline: JDK 17, Jakarta EE 9/10/11+, Spring 6/7+, SpringBoot 3/4+, and Guice 7/8+.
- Uses Java Scoped values for Subject and SecurityManager on JDK 25+, replacing ThreadLocals.
- Improved thread-safety for Shiro-native sessions and immutable PrincipalCollection by default.
- Enabled case-insensitive path matching, NoAccessFilter, and CORS preflight requests by default.
- Apache Shiro 1.x and 2.x are end-of-life; commercial support available if needed.
- Download and more details available on GitHub and Apache Shiro download page.