I see your point now. You would expect a patch to 5.2.x to address this vulnerability if this version has not reached its EOL.
On Tuesday, October 1, 2019 at 9:02:15 AM UTC-5, David Curry wrote: > > But Jim's original question remains: why was 5.2.x suddenly removed from > the support list 6 days ago when it was originally not scheduled to hit EOL > until November 27th? > > If there's no way to fix it and an upgrade is required, then say that. But > just removing it from the list of supported releases 60 days before its > support is scheduled to end, with no notice and no explanation, is not > helpful. > > > -- > > DAVID A. CURRY, CISSP > *DIRECTOR • INFORMATION SECURITY & PRIVACY* > THE NEW SCHOOL • INFORMATION TECHNOLOGY > > 71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003 > +1 646 909-4728 • [email protected] <javascript:> > > > On Tue, Oct 1, 2019 at 9:55 AM Riley Wills <[email protected] <javascript:>> > wrote: > >> This thread doesn't appear to relate to the current vulnerability. A CVE >> does exist at https://www.cvedetails.com/cve/CVE-2019-10754/ which might >> help answer some questions. Seems like the path forward for 5.2.x >> deployments is to upgrade to 5.3.12.1 or a newer version. >> >> On Tuesday, October 1, 2019 at 8:49:37 AM UTC-5, Jim Mulvey wrote: >>> >>> Hi David, based on this thread: >>> https://groups.google.com/a/apereo.org/forum/#!topic/cas-appsec-public/zXqxDN9rB8A >>> I believe the solution for those on the 5.2 branch is to upgrade to 5.2.7 >>> Also, that thread suggests that if you're using an alternative MFA >>> solution (we're using Duo) then we're unaffected. >>> >>> I'm not the authority on this, but that's what I'm piecing together. >>> - Jim >>> >>> On Tuesday, October 1, 2019 at 9:24:11 AM UTC-4, David Curry wrote: >>>> >>>> Bump. We have the same questions that Jim asked... >>>> >>>> -- >>>> >>>> DAVID A. CURRY, CISSP >>>> *DIRECTOR • INFORMATION SECURITY & PRIVACY* >>>> THE NEW SCHOOL • INFORMATION TECHNOLOGY >>>> >>>> 71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003 >>>> +1 646 909-4728 • [email protected] >>>> >>>> >>>> On Mon, Sep 30, 2019 at 11:16 AM Jim Mulvey <[email protected]> wrote: >>>> >>>>> Hello, I see that CAS 5.2.x was removed from the Maintenace Policy >>>>> (and thus considered EOL) 5 days ago, although it was previously set to >>>>> go >>>>> EOL on November 27th, 2019. >>>>> What does this vulnerability mean to those of us running 5.2.x ? Are >>>>> we advised to upgrade to 5.3.x immediately? Why did support for 5.2.x end >>>>> so abruptly? >>>>> >>>>> On Monday, September 30, 2019 at 5:29:43 AM UTC-4, Misagh Moayyed >>>>> wrote: >>>>>> >>>>>> Please see https://apereo.github.io/2019/09/27/numvulndisc/ >>>>>> -- >>>>>> *- Misagh* >>>>>> >>>>> -- >>>>> You received this message because you are subscribed to the Google >>>>> Groups "CAS Developer" group. >>>>> To unsubscribe from this group and stop receiving emails from it, send >>>>> an email to [email protected]. >>>>> To view this discussion on the web visit >>>>> https://groups.google.com/a/apereo.org/d/msgid/cas-dev/132ff915-c774-4eb6-a04c-a0cc1767b72d%40apereo.org >>>>> >>>>> <https://groups.google.com/a/apereo.org/d/msgid/cas-dev/132ff915-c774-4eb6-a04c-a0cc1767b72d%40apereo.org?utm_medium=email&utm_source=footer> >>>>> . >>>>> >>>> -- >> You received this message because you are subscribed to the Google Groups >> "CAS Developer" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected] <javascript:>. >> To view this discussion on the web visit >> https://groups.google.com/a/apereo.org/d/msgid/cas-dev/6709ae84-6460-476d-8085-18f4f7306097%40apereo.org >> >> <https://groups.google.com/a/apereo.org/d/msgid/cas-dev/6709ae84-6460-476d-8085-18f4f7306097%40apereo.org?utm_medium=email&utm_source=footer> >> . >> > -- You received this message because you are subscribed to the Google Groups "CAS Developer" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-dev/7607f81f-bcf3-4564-83d5-9db932142f68%40apereo.org.
