Spring beans vulnerability CAS Server 6.3.7.4

20 views
Skip to first unread message

Morning Star

unread,
Jul 20, 2022, 11:04:22 AMJul 20
to CAS Community
Hi all,

We are using CAS server version as 6.3.7.4.
Our team reported the presence of Spring beans 5.2.12.RELEASE.jar inside cas.war file in below location
cas.war/WEB-INF/lib/cas-server-webapp-tomcat-6.3.7.4.war/WEB-INF/lib

We can't exclude cas-server-webapp-tomcat-6.3.7.4.war as this has strong dependency. 
Do we have any way to exclude spring beans jar from cas-server-webapp-tomcat-6.3.7.4.war under /WEB-INF/lib location?
Any help or advise is highly appreciated.

Regards,
Morning Star.



Reply all
Reply to author
Forward
0 new messages