Apache Shiro security framework releases 3.0.0
https://shiro.apache.org/blog/2026/06/apache-shiro-300-released.html
lprimak · 2 days ago
5 comments
https://shiro.apache.org/blog/2026/06/apache-shiro-300-released.html
lprimak · 2 days ago
5 comments
iririririr · 6 hours ago
Java the language is so good. too bad the entire ecosystem is worse than brain dead. overload controlled by xmls scattered all over the filesystem, most read at run time. the mvn-gradle-mvn-gradle-mvn-... frustration and migration (literal) circle. the O.G. supply chain attacker build systems (which doesn't even help actually getting dependencies). everything is so bad. but at least com.java.naming.reverse.the.resolved.they now!
khurs · 5 hours ago
Your comment isn't relevant to the discussion, as the article is not about the merits of the language, but merely a Java Security Framework.
vips7L · 1 hours ago
Their comment is also wildly wrong and outdated by two decades.
throw1234567891 · 4 hours ago
Because the mountain of toml and yaml files is sooo much better.
moondowner · 1 hours ago
> xmls scattered all over the filesystem
is this comment from 2015?
With e.g. Spring Boot and Gradle you can have large projects with zero xml files needed. That has been the case for years.
kitd · 1 hours ago
With Polyglot Maven, you don't even need it in Maven either!
Twirrim · 15 minutes ago
Agreed. In my current job, across several large java code bases that have been developed over the last 12 years, the only place I've seen xml come into play is for maven. We've hundreds or more similar scale code bases and I don't think I've ever seen it in use beyond that, though I only occasionally look at those code bases.
No one is ever reaching for xml or even thinking about it.
Frieren · 3 hours ago
I think that many people on startups miss this part of development, robust stable products that do what is expected from them.
Most companies software should not move fast and break things but it should be stable, provide the functionality that their users require and stability is a great asset.
Apache software is reliable in a way that many modern things are not(looking at you platforms like Android, Facebook, etc.).
forkerenok · 3 hours ago
In my junior-to-mid days (ca. 2010) Apache Shiro seemed like a breath of fresh air compared to Spring Security in terms of ease of integration.
Good to see it's still around.
aweiland · 9 minutes ago
Yes it was. Also Apache Camel in lieu of Spring Integration as well.
zipy124 · 1 hours ago
For those like me who hadn't heard of this here is Apache's own product description for context:
Apache Shiro™ is a powerful and easy-to-use Java security framework that performs authentication, authorization, cryptography, and session management. With Shiro’s easy-to-understand API, you can quickly and easily secure any application – from the smallest mobile applications to the largest web and enterprise applications.
mistic92 · 1 hours ago
I have not heard this name for a long time