Re: [cas-user] Spring RCEs: Java 9+, Spring Framework

Hi everyone, I have gone through the blog post mentioned above, I see that spring version was updated from 5.3.9 to 5.3.18. However is there a need to update spring boot version as well from 2.5.4 to 2.5.12 ? Thanks, Harmeet On Thursday, March 31, 2022 at 1:24:47 PM UTC-5 mmost...@gmail.com

Re: [cas-user] Spring RCEs: Java 9+, Spring Framework

A patch just released https://apereo.github.io/2022/03/31/spring-vuln/ On Thu, Mar 31, 2022 at 12:08 PM Baron Fujimoto wrote: > I haven't seen any mention of this on the list yet, but it has been > recently disclosed that applications based on Spring and Java9+ may be > vulnerable to severe

[cas-user] Spring RCEs: Java 9+, Spring Framework

I haven't seen any mention of this on the list yet, but it has been recently disclosed that applications based on Spring and Java9+ may be vulnerable to severe RCEs. Refs: • •

Re: [cas-user] Re: Migrating services from version 5 to 6

Thank you for the response. We actually use CAS Management application, and I will follow your suggestion. We have a bunch of services  to migrate : 140+, with their own contacts, policies and release attriibute settings. I have tried the actuator end point /services from CAS Server , wich

[cas-user] Re: Trouble CAS 6.3.x autowire JPA Repository Beans

Hi, If JPA worked for you in 6.3 but not in 6.4, you may have a different problem than I had. JPA Repository does work for me in 6.4.4., this is what I did. under project's resources/META-INF/spring.components, I explicitly spelled out all Repo and Entity classes. == these are my classes

Re: [cas-user] Re: Migrating services from version 5 to 6

Ah, sorry ... service registry, not ticket registry. I keep service JSON files so I dont have to deal with table changes. I never saw the benefit of loading services in DB as I don't want others with access to fudge with the config and placing the services files in git is convenient for

Re: [cas-user] Re: Migrating services from version 5 to 6

The tables in the post are for the service registry. If you don't migrate those, you will have to reconfigure from scratch. I do not know what the plans are for the project with respect to the service registry. It's changed a bit between versions, and usually seems like a pain. We made the

[cas-user] Re: Trouble CAS 6.3.x autowire JPA Repository Beans

I'm still having trouble with this. Has anyone upgraded to 6.4.x or above with jpa repository classes? It's as if @EnableJpaRepositories is being ignored. On Tuesday, March 1, 2022 at 10:05:41 AM UTC-6 Pablo Vidaurri wrote: > Hi Yan, have you tried this with CAS 6.4.5 which uses SpringBoot

[cas-user] Re: Migrating services from version 5 to 6

There is no need to migrate the data. These tables are for various type of tickets. Worst case when you cut over to v6.4 your users will have to login again. -psv On Wednesday, March 30, 2022 at 9:43:58 AM UTC-5 fjan...@gmail.com wrote: > Hi, > > I need to migrate JPA service registry from

[cas-user] [CAS 6.2.2 ] invalid SAML 2 HTTP Redirect message

Hello, This error occurs when I want to connect to an IDP with SAML V2. It happens only with Firefox not with Chrome. Do you have an idea about this error ? Best regards. Olivier org.opensaml.messaging.decoder.MessageDecodingException: No SAMLRequest or SAMLResponse query path parameter,

[cas-user] Re: DB auth and accessStrategy with it.

Case solved. When i had aded to DB column named memberof with value: GRP1,GRP2 it was possibe to prepare pollice acces to filter by group. On Wednesday, March 30, 2022 at 11:20:50 AM UTC+2 artur mis wrote: > - I have got DB mysql handler to auth users and AD. > - DB mysql table has got