Deactivate shiro's blockTraversal filter

Because it breaks our branch encodings

Committed-by: Florian Scholdei <florian.scholdei@cloudogu.com>

gradle/changelog/shiro_traversal_filter.yaml

@@ -0,0 +1,2 @@
+- type: fixed
+  description: Deactivate Shiro's new `blockTraversal` check in their `InvalidRequestFilter`

scm-webapp/src/main/java/sonia/scm/lifecycle/modules/ScmSecurityModule.java

@@ -121,6 +121,7 @@ public class ScmSecurityModule extends ShiroWebModule
     // do not block non ascii character,
     // because this would exclude languages which are non ascii based
     bindConstant().annotatedWith(Names.named("shiro.blockNonAscii")).to(false);
+    bindConstant().annotatedWith(Names.named("shiro.blockTraversal")).to(false);
 
     // disable access to mustache resources
     addFilterChain("/**.mustache", filterConfig(ROLES, "nobody"));