Security issue: upgrade to pac4j v1.9.4

[leleuj]

Unfortunately, we have a critical security issue in pac4j v1.9.2 and v1.9.3, if you use DbAuthenticator or MongoAuthenticator and the default password encoder NopPasswordEncoder.

You MUST upgrade to pac4j v1.9.4.

Hopefully, you haven't released any final version (only 1.0.0.CR8 is affected).

[leleuj]

@jknack : the trivial PR to fix the issue: #517

[jknack]

@leleuj Thank you.

[leleuj]

Thanks for your swiftness.