I don't know whether CAS 5 is vulnerable to this or not, and the authors do not indicate which products they tested, only the ones they found vulnerable. I'm not even sure how to test it.
But, in the interests of at least making the folks who might know how to test it and fix it if it needs fixing aware... https://duo.com/blog/duo-finds-saml-vulnerabilities-affecting-multiple-implementations --Dave -- You received this message because you are subscribed to the Google Groups "CAS Developer" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-dev+unsubscr...@apereo.org. Visit this group at https://groups.google.com/a/apereo.org/group/cas-dev/.