From f21444f97bc29e83db5a86b52d09a4157e343dbd Mon Sep 17 00:00:00 2001
From: Rene Pfeuffer <rene.pfeuffer@cloudogu.com>
Date: Fri, 30 Jan 2026 13:05:45 +0000
Subject: [PATCH] Bump shiro version

---
 gradle/dependencies.gradle                                      | 2 +-
 .../java/sonia/scm/lifecycle/modules/ScmSecurityModule.java     | 1 +
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/gradle/dependencies.gradle b/gradle/dependencies.gradle
index 6ebad99be5..0f622f1106 100644
--- a/gradle/dependencies.gradle
+++ b/gradle/dependencies.gradle
@@ -11,7 +11,7 @@ ext {
   mapstructVersion = '1.6.3'
   jaxbBindApiVersion = '4.0.4'
   jaxbRuntimeVersion = '4.0.6'
-  shiroVersion = '1.12.0'
+  shiroVersion = '1.13.0'
   sspVersion = '1.3.0'
   jjwtVersion = '0.11.5'
   bouncycastleVersion = '2.73.10'
diff --git a/scm-webapp/src/main/java/sonia/scm/lifecycle/modules/ScmSecurityModule.java b/scm-webapp/src/main/java/sonia/scm/lifecycle/modules/ScmSecurityModule.java
index 3dac1fe749..a0543080bb 100644
--- a/scm-webapp/src/main/java/sonia/scm/lifecycle/modules/ScmSecurityModule.java
+++ b/scm-webapp/src/main/java/sonia/scm/lifecycle/modules/ScmSecurityModule.java
@@ -90,6 +90,7 @@ public class ScmSecurityModule extends ShiroWebModule
     bindConstant().annotatedWith(Names.named("shiro.blockNonAscii")).to(false);
     bindConstant().annotatedWith(Names.named("shiro.blockTraversal")).to(false);
     bindConstant().annotatedWith(Names.named("shiro.blockSemicolon")).to(false);
+    bindConstant().annotatedWith(Names.named("shiro.blockEncodedForwardSlash")).to(false);
 
     // disable access to mustache resources
     addFilterChain("/**.mustache", filterConfig(ROLES, "nobody"));