Dear CAS Community, We've released a new version of CAS Server, 3.4.3.1, that includes an updated Spring Security dependency. Spring Security discovered a vulnerability in its code and released a security release.
Details of the Spring Security vulnerability are here: http://www.springsource.com/security/cve-2010-3700 My understanding is that deployers who typically use Tomcat are unaffected by the issue. Users of older CAS versions that leverage Spring Security 2 or 3 are encouraged to upgrade their dependency to the latest Spring Security for their release. You may manually do this without upgrading to the latest CAS release. The release should hit the Maven repositories in a little while. The ZIP and TAR GZ files are here: http://downloads.jasig.org/cas/ Note, we also upgraded to Spring 3.0.5 to keep the code on the latest Spring releases. Cheers, Scott -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
