Please contact the security group: https://wiki.jasig.org/display/JSG/Security+Contact+Group
if you feel you may have found a vulnerability, providing as many details as possible. Thanks! Scott On Mon, May 5, 2014 at 9:50 AM, Malarvizhi Perumalraja < [email protected]> wrote: > Hi, > > We recently upgraded to CAS 3.5.2 version. Today our security software > detected a cross-site scripting Critical vulnerabilities on our CAS > website. > > Does anyone else have the same issue. Please advise what actions needs to > be taken. Is there any security patch? > > > > Thanks > > Malar > > > > > > This email is intended for the designated recipient only, and may be > confidential, non-public, proprietary, protected by the attorney/client or > other privilege. Unauthorized reading, distribution, copying or other use > of this communication is prohibited and may be unlawful. Receipt by anyone > other than the intended recipients should not be deemed a waiver of any > privilege or protection. If you are not the intended recipient or if you > believe that you have received this email in error, please notify the > sender immediately and delete all copies from your computer system without > reading, saving, or using it in any manner. Although it has been checked > for viruses and other malicious software, malware, we do not warrant, > represent or guarantee in any way that this communication is free of > malware or potentially damaging defects. All liability for any actual or > alleged loss, damage, or injury arising out of or resulting in any way from > the receipt, opening or use of this email is expressly disclaimed. > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
