This thread doesn't appear to relate to the current vulnerability. A CVE does exist at https://www.cvedetails.com/cve/CVE-2019-10754/ which might help answer some questions. Seems like the path forward for 5.2.x deployments is to upgrade to 5.3.12.1 or a newer version.
On Tuesday, October 1, 2019 at 8:49:37 AM UTC-5, Jim Mulvey wrote: > > Hi David, based on this thread: > https://groups.google.com/a/apereo.org/forum/#!topic/cas-appsec-public/zXqxDN9rB8A > I believe the solution for those on the 5.2 branch is to upgrade to 5.2.7 > Also, that thread suggests that if you're using an alternative MFA > solution (we're using Duo) then we're unaffected. > > I'm not the authority on this, but that's what I'm piecing together. > - Jim > > On Tuesday, October 1, 2019 at 9:24:11 AM UTC-4, David Curry wrote: >> >> Bump. We have the same questions that Jim asked... >> >> -- >> >> DAVID A. CURRY, CISSP >> *DIRECTOR • INFORMATION SECURITY & PRIVACY* >> THE NEW SCHOOL • INFORMATION TECHNOLOGY >> >> 71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003 >> +1 646 909-4728 • [email protected] >> >> >> On Mon, Sep 30, 2019 at 11:16 AM Jim Mulvey <[email protected]> wrote: >> >>> Hello, I see that CAS 5.2.x was removed from the Maintenace Policy (and >>> thus considered EOL) 5 days ago, although it was previously set to go EOL >>> on November 27th, 2019. >>> What does this vulnerability mean to those of us running 5.2.x ? Are we >>> advised to upgrade to 5.3.x immediately? Why did support for 5.2.x end so >>> abruptly? >>> >>> On Monday, September 30, 2019 at 5:29:43 AM UTC-4, Misagh Moayyed wrote: >>>> >>>> Please see https://apereo.github.io/2019/09/27/numvulndisc/ >>>> -- >>>> *- Misagh* >>>> >>> -- >>> You received this message because you are subscribed to the Google >>> Groups "CAS Developer" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to [email protected]. >>> To view this discussion on the web visit >>> https://groups.google.com/a/apereo.org/d/msgid/cas-dev/132ff915-c774-4eb6-a04c-a0cc1767b72d%40apereo.org >>> >>> <https://groups.google.com/a/apereo.org/d/msgid/cas-dev/132ff915-c774-4eb6-a04c-a0cc1767b72d%40apereo.org?utm_medium=email&utm_source=footer> >>> . >>> >> -- You received this message because you are subscribed to the Google Groups "CAS Developer" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-dev/6709ae84-6460-476d-8085-18f4f7306097%40apereo.org.
