Thanks Andrew. Josh H was following up with some CAS folks to see if our solution was acceptable. I'm glad you have enough of a handle on the CAS security issues to know now to navigate around them. :-)
James Wennmacher - Unicon 480.558.2420 On 09/08/2014 06:48 AM, Andrew Petro wrote: > > Gross. > > > That seems annoying enough that it's worth downgrading to Java CAS > Client 3.2.2 on master, now that 3.2.2 is available (and also blocks > CVE-2014-4172). > > > Added an issue to the Java CAS Client issue tracker to address this > serializability in Java CAS Client itself: > > > https://issues.jasig.org/browse/CASC-231 > > > so at some point uPortal might move to a Java CAS Client 3.3.4, say, > that doesn't have this serialization hangup. > > > Andrew > > > > ------------------------------------------------------------------------ > *From:* [email protected] > <[email protected]> on behalf of James > Wennmacher <[email protected]> > *Sent:* Friday, September 05, 2014 12:44 PM > *To:* [email protected] > *Subject:* [uportal-dev] https://issues.jasig.org/browse/UP-4222 on > master > FYI so it doesn't trip you up and you don't waste time on it, we found > an issue with the new CAS client that's used on master. > https://issues.jasig.org/browse/UP-4222 > -- > James Wennmacher - Unicon > 480.558.2420 > -- > > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/uportal-dev > -- > > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/uportal-dev -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/uportal-dev
