All- A public posting just came across my radar detailing a security vulnerability in the Apache::AuthCAS client. The poster claims "... there hasn't been any reply and the guys at ja-sig.org haven't been able or willing to look into it ..."
It appears the poster has not fully validated the vulnerability (a SQL injection attack), but it may be worth investigation. It is already publicly posted, but I won't post the direct link here until given the go-ahead. HTH, -Matt -- Matt Smith [EMAIL PROTECTED] University Information Technology Services (UITS) University of Connecticut PGP Key ID: 0xE9C5244E
signature.asc
Description: This is a digitally signed message part
_______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
