Meteor_Kai

**Name of the Vulnerable Software and Affected Versions** Apache Shiro versions 1.0 through 2.1.0 Apache Shiro version 3.0.0-alpha-1 **Description** Default configurations cause the Shiro-native session manager and the Remember-Me manager to send `JSESSIONID` and `rememberMe` cookies without the 'Secure' attribute during HTTPS sessions. The 'Secure' attribute is a flag that ensures cookies are only transmitted over encrypted connections, preventing them from being sent in cleartext. **Recommendations** For versions 1.0 through 2.1.0, upgrade to version 2.1.1 or later. For version 3.0.0-alpha-1, upgrade to version 3.0.0-alpha-2 or later.