I came across this announcement on an RSS feed: https://apereo.github.io/2020/07/24/credvuln/
I searched for it on the public security list ( https://groups.google.com/a/apereo.org/forum/#!forum/cas-appsec-public) listed here: https://apereo.github.io/cas/Mailing-Lists.html And I didn’t see any discussion of this vulnerability here. Where are we supposed to be getting this information apart from the blog? On a side note, I note that 5.3.x is not listed, but wanted to double-check that it is not affected. As I understand it, 5.3.x is in security-patch mode through October 29, 2020: https://apereo.github.io/cas/developer/Maintenance-Policy.html -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAEdMQHWX8d4y1XGsUEO5YCa7G5BcU70-ZqWyWB%2BBfdJbcim-Zg%40mail.gmail.com.
