Dear CAS Community,
we are pleased to announce the new 1.3.0 release [1] for phpCAS. This
release is a continuation of the 1.2.x tree.
Since we were forced to do some changes that touched the external user
api, package layout, licensing (now Apache License) and the behavior we
have opted to bump the version number to make this clear to the users.
For most users the release should be a drop-in replacement but
especially people using the proxy features of phpCAS should have a
closer look at the Changelog [2] and the Upgrading docs [3]
The current release also fixes 2 security problems. (CVE-2012-1104,
CVE-2012-1105): phpCAS did not validate proxy tickets and their chain
properly. Any authorized proxy with a valid user PT could proxy any
other service for the user.
The other issue was the missing protection of the debug log or locally
stored session files on proxy mode. This especially relevant in shared
server environments. For details please refer to the Changelog[2] and
the issues on github/jira [5].
Thanks to everyone who contributed and made this release possible. This
release contains a lot of new features [2] and also a lot more and
better documentation. [4]
Cheers,
Joachim
[1] http://downloads.jasig.org/cas-clients/php/1.3.0/
[2] https://github.com/Jasig/phpCAS/blob/master/docs/ChangeLog
[3] https://github.com/Jasig/phpCAS/blob/master/docs/Upgrading
[4] https://wiki.jasig.org/display/CASC/phpCAS
[5] https://github.com/Jasig/phpCAS
--
You are currently subscribed to cas-dev@lists.jasig.org as:
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-dev
