Hi David, based on this thread: https://groups.google.com/a/apereo.org/forum/#!topic/cas-appsec-public/zXqxDN9rB8A I believe the solution for those on the 5.2 branch is to upgrade to 5.2.7 Also, that thread suggests that if you're using an alternative MFA solution (we're using Duo) then we're unaffected.
I'm not the authority on this, but that's what I'm piecing together. - Jim On Tuesday, October 1, 2019 at 9:24:11 AM UTC-4, David Curry wrote: > > Bump. We have the same questions that Jim asked... > > -- > > DAVID A. CURRY, CISSP > *DIRECTOR • INFORMATION SECURITY & PRIVACY* > THE NEW SCHOOL • INFORMATION TECHNOLOGY > > 71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003 > +1 646 909-4728 • [email protected] <javascript:> > > > On Mon, Sep 30, 2019 at 11:16 AM Jim Mulvey <[email protected] > <javascript:>> wrote: > >> Hello, I see that CAS 5.2.x was removed from the Maintenace Policy (and >> thus considered EOL) 5 days ago, although it was previously set to go EOL >> on November 27th, 2019. >> What does this vulnerability mean to those of us running 5.2.x ? Are we >> advised to upgrade to 5.3.x immediately? Why did support for 5.2.x end so >> abruptly? >> >> On Monday, September 30, 2019 at 5:29:43 AM UTC-4, Misagh Moayyed wrote: >>> >>> Please see https://apereo.github.io/2019/09/27/numvulndisc/ >>> -- >>> *- Misagh* >>> >> -- >> You received this message because you are subscribed to the Google Groups >> "CAS Developer" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected] <javascript:>. >> To view this discussion on the web visit >> https://groups.google.com/a/apereo.org/d/msgid/cas-dev/132ff915-c774-4eb6-a04c-a0cc1767b72d%40apereo.org >> >> <https://groups.google.com/a/apereo.org/d/msgid/cas-dev/132ff915-c774-4eb6-a04c-a0cc1767b72d%40apereo.org?utm_medium=email&utm_source=footer> >> . >> > -- You received this message because you are subscribed to the Google Groups "CAS Developer" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-dev/be79e1f5-f18f-4b72-adfe-12c7229cdac8%40apereo.org.
