All, First, the most important, we've released a minor point release of version 3.2.1.1 which addresses an opportunity to inject HTML into the logout page via the url parameter. You can't hijack CAS sessions or anything with but you can create some really funky HTML pages which could trick your users if they're not paying attention. If you've based your logout page at your local institution off of the "example default" pages then you should update your logout page (just to be safe we also updated the "confirm view" also. Thanks to Romain Bourgue for identifying this. There are no other changes in the 3.2.1.1 release.
We've also released CAS 3.3-RC2. If you've been keeping track we last left off at 3.2.2-RC1. We've made some exciting additions such as Terracotta support, Memcache Support, updated RESTful support, and a lot of minor bug fixes. Because of a change to an internal property on the tickets (changing from Atomic Boolean to boolean) and its affect on the JPATicketRegistry we bumped up the version to 3.3. You can download both releases from http://www.ja-sig.org/products/cas/downloads/ Thanks! -Scott -Scott Battaglia PGP Public Key Id: 0x383733AA LinkedIn: http://www.linkedin.com/in/scottbattaglia
_______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
