CAS Security Releases/Patches

47 views
Skip to first unread message

Misagh

unread,
Oct 18, 2021, 2:16:51 AM10/18/21
to CAS Community, cas-apps...@apereo.org, CAS Announcements
Please see:
https://apereo.github.io/2021/10/18/restvuln/

Misagh

unread,
Sep 15, 2023, 1:08:17 AM9/15/23
to CAS Community, cas-apps...@apereo.org, CAS Announcements, cas-...@apereo.org
Please see https://apereo.github.io/2023/09/14/oauth-vuln/

Baron Fujimoto

unread,
Sep 19, 2023, 4:15:03 PM9/19/23
to cas-...@apereo.org
The advisory directs you to, "Modify your CAS overlay to point to the version 6.6.12"

Should 6.6.12 show up on the releases page at <https://github.com/apereo/cas/releases> (or tags <https://github.com/apereo/cas/tags>?

On Thu, Sep 14, 2023 at 7:08 PM Misagh <misagh....@gmail.com> wrote:
Please see https://apereo.github.io/2023/09/14/oauth-vuln/

--
Baron Fujimoto <ba...@hawaii.edu> ::: UH Information Technology Services
minutas cantorum, minutas balorum, minutas carboratum descendus pantorum

Dmitriy Kopylenko

unread,
Sep 19, 2023, 11:51:12 PM9/19/23
to cas-...@apereo.org
Hi Baron. 

It’s the “binary only” release hidden from repo before the security “grace period” has passed.

From that post: "All source code and repository tags that contain fixes for this issue are kept privately until the grace period has passed. Note that repository tags are generally irrelevant when it comes to applying fixes described below, unless you intend to build the CAS codebase from source and a tagged commit instead of relying on a binary published release."

HTH,
D.




--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAAjLUL25Cd8edE1ox48rpcFPjaX-dTpm2tVswMS%3DzmgMqM4SBg%40mail.gmail.com.

Baron Fujimoto

unread,
Sep 20, 2023, 1:00:51 PM9/20/23
to cas-...@apereo.org
Ahh, thanks for the clarification. I'd missed the implications of the grace period stuff in the post. CAS 6.6.12 did build as expected with a version set appropriately in gradle.properties, as you get with a fresh pull from the 6.6 branch of the overlay template.

To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAMpiYKiPm8UeAPJP%2B9vRAaLK3GGBQ%2Bf0ALNcbgT_wkou0Oxv5A%40mail.gmail.com.
Reply all
Reply to author
Forward
0 new messages