Current location for CAS public security announcements?

[Mike Osterman]

I came across this announcement on an RSS feed:

https://apereo.github.io/2020/07/24/credvuln/

I searched for it on the public security list (

https://groups.google.com/a/apereo.org/forum/#!forum/cas-appsec-public) listed here:

https://apereo.github.io/cas/Mailing-Lists.html

And I didn’t see any discussion of this vulnerability here. 

Where are we supposed to be getting this information apart from the blog?

On a side note, I note that 5.3.x is not listed, but wanted to double-check that it is not affected.  As I understand it, 5.3.x is in security-patch mode through October 29, 2020: 

https://apereo.github.io/cas/developer/Maintenance-Policy.html