> I think that having one of a security product's dependency as > unsupported is a pretty big deal and shouldn't be marginalized.
While you're right in theory, in practice it's hardly as dire as marginalization. The lines of communication between the Shib and CAS projects are open and working. (FWIW, Chad was formerly the technical lead in our group at Tech.) If there is a reported issue, and in particular a security-related issue, in the SAML libraries, we will get word and act accordingly. In any case it would be wise to investigate migrating to opensaml 2.x in CAS 3.4.x. I've created https://issues.jasig.org/browse/CAS-951 to track a resolution. M -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
