(This is the same issue as is discussed in the recent "Important!
Critical bug in all Java versions" thread. Posting a new thread to help
CAS developers be aware of what CAS-as-product is doing on the website
to acknowledge this issue.)
Many (most?) CAS adopters will be affected by the
not-a-bug-in-CAS-itself JVM security vulnerability CVE-2010-4476.
Announcement on website:
http://www.jasig.org/cas/news/cve-2010-4476
Thanks are due to Robert Oschwald who raised this issue on the cas-dev
list in the recent thread, to Marvin Addison for testing, and to the CAS
steering committee for coordinating getting the response up on the CAS
website.
Feedback welcome on the announcement. Doubtless it can be improved, but
I hope this helps to get the word out and encourage all adopters to take
action to mitigate risk.
Andrew
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-dev
