Thanks Petro for the announcement. I especially thank Marvin for his efforts !
Robert Am 17.02.2011 um 17:57 schrieb Andrew Petro: > (This is the same issue as is discussed in the recent "Important! Critical > bug in all Java versions" thread. Posting a new thread to help CAS > developers be aware of what CAS-as-product is doing on the website to > acknowledge this issue.) > > Many (most?) CAS adopters will be affected by the not-a-bug-in-CAS-itself JVM > security vulnerability CVE-2010-4476. > > Announcement on website: > > http://www.jasig.org/cas/news/cve-2010-4476 > > > Thanks are due to Robert Oschwald who raised this issue on the cas-dev list > in the recent thread, to Marvin Addison for testing, and to the CAS steering > committee for coordinating getting the response up on the CAS website. > > Feedback welcome on the announcement. Doubtless it can be improved, but I > hope this helps to get the word out and encourage all adopters to take action > to mitigate risk. > > Andrew > > > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-dev -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-dev
