= 1.7.0 available with fix CVE-2020-17510 François Papon :jbake-date: 2020-10-29 00:00:00 :jbake-type: post :jbake-status: published :jbake-tags: blog, asciidoc :idprefix: The Shiro team is pleased to announce the release of Apache Shiro version 1.7.0. This is a feature release for 1.x. This release includes 7 issues resolved since the 1.6.0 release and is available for Download now. Of Note: * Disable session path rewriting by default. * Add system property to enable backslash path normalization. * DeleteMe cookie should use the defined "sameSite". * Also add cookie SameSite option to Spring. * SslFilter with HTTP Strict Transport Security (HSTS). You can learn more on https://issues.apache.org/jira/issues/?jql=project%20%3D%20SHIRO%20AND%20fixVersion%20%3D%201.7.0[Jira]. Release binaries (``.jar``s) are also available through Maven Central and source bundles through Apache distribution mirrors. For more information on link:/documentation.html[Shiro, please read the documentation]. Enjoy! The Apache Shiro Team