Spintboot Shiro 1.12.0 happens Shiro RememberMe Deserialization Vulnerability (CVE-2016-4437)

Question

Company firewall system prompts Shiro RememberMe Deserialization Vulnerability (CVE-2016-4437)

I have upgraded shiro to 1.12.0, using random keys, and close the rememberMe function but errors still occur;

Shiro configuration information：

shiro:
    domain: 
    # 设置cookie的有效访问路径
    path: /
    # 设置HttpOnly属性
    httpOnly: true
    # 设置Cookie的过期时间，天为单位
    maxAge: 30
    cipherKey: 
  rememberMe:
    # 是否开启记住我
    enabled: false

ShiroConfig code:

 /**
     * 记住我
     */
    public CookieRememberMeManager rememberMeManager()
    {
        CookieRememberMeManager cookieRememberMeManager = new CookieRememberMeManager();
        cookieRememberMeManager.setCookie(rememberMeCookie());
        if (StringUtils.isNotEmpty(cipherKey))
        {
            cookieRememberMeManager.setCipherKey(Base64.decode(cipherKey));
        }
        else
        {
            cookieRememberMeManager.setCipherKey(CipherUtils.generateNewKey(128, "AES").getEncoded());
        }
        return cookieRememberMeManager;
    }