This makes sense to me, Andrew. Anybody on 3.2.x should be able to upgrade with a drop-in Jar and if we can manage that with a 3.2.1.1 release that all the better.
From: Andrew Petro [mailto:[email protected]] Sent: Tuesday, August 12, 2014 8:33 AM To: [email protected] Subject: Re: [cas-user] CAS Client Security Vulnerability CVE-2014-4172 Okay. So, a cas-client-core-3.2.1.1 that 1) Fixes cas-client-core , and 2) drops whatever integration modules cannot be built ? And then many folks can bop to 3.2.1.1, ignore the missing integration modules they aren't using anyway, and be happy. And folks who are using those modules can monkey patch only their cas-client-core .jar and be somewhat happy. ? Andrew On Tue, Aug 12, 2014 at 8:02 AM, Marvin Addison <[email protected] <mailto:[email protected]> > wrote: > Yes, it would ease patching. I'm finding getting a uPortal 4.0 release > squared away jumping from a Java CAS Client 3.2 version to 3.3.2 to be > substantially unpleasant. Ok. Here's the catch. Some of the integration modules, cas-client-integration-atlassian comes to mind, have dependencies in third-party repositories that are defunct. That makes a complete project build sufficiently difficult if not impossible that the return on investment is not justifiable. I would imagine that most folks need cas-client-core exclusively, and I would recommend we focus our efforts on patches for that module alone. Additionally, that's the only module affected by patching. M -- You are currently subscribed to [email protected] <mailto:[email protected]> as: [email protected] <mailto:[email protected]> To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] <mailto:[email protected]> as: [email protected] <mailto:[email protected]> To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
