CAS Adopters,
Be advised that most CAS deployments are vulnerable to the widely
publicized not-a-defect-in-CAS-itself JVM defect CVE-2010-4476. You
should take immediate action to mitigate this vulnerability in your
production environments.
Notification posted to website:
http://www.jasig.org/cas/news/cve-2010-4476
(This is the same issue as described in the recent "Important! Critical
bug in all Java versions" thread. Posting as a new thread to draw
attention to the issue and to the Jasig CAS product response.)
Thanks are due to Robert Oschwald who raised that thread, to Marvin
Addison for testing, and to the CAS Steering Committee for coordinating
composing and posting a CAS-as-product response to this issue.
Feedback welcome on the website news entry, which doubtless can be
improved, but I hope it will help to get the word out to encourage
mitigation of this serious issue.
Best wishes,
Andrew
Andrew Petro
Jasig CAS Steering Committee
Software Developer, Unicon, Inc.
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
